WordPress.org

Forums

Plugins version info
This is not "security" (3 posts)

  1. Franz Josef Kaiser
    Member
    Posted 2 years ago #

    Edit: The plugin keeps improving, so I raised the rating.

    Aside from the fact that the "security"-measurements that this plugin tries to implement are a joke (there have been enough cases where plugins in the official repo have been compromised), the "calculation" itself is bogus.

    From reviewing the source code (spaghetti/function code) there are issues all over:

    • Does remote requests, where the results aren't tested properly. So whatever comes from the remote source will just be used - which is a security fail at its best.
    • Doesn't use any WordPress coding practice like the list tables API, registering and enqueuing styles, etc. etc.
    • Doesn't handle errors properly. Neither with the remote response, nor with any other WP Error object...

    Summed up: Don't use it. This is the opposite of security.

    Reviewed Version: 0.71.2

  2. Renefs
    Member
    Plugin Author

    Posted 2 years ago #

    Hi Franz,

    First of all, thank you for reviewing the plugin. It's a shame you did not like it, but several point you mention were true, so I decided update the plugin with your recommendations (tables list API, no more spaghetti, best error handling, enqueuing styles...)

    I also modified the plugins name to make more clear what is its purpose, removing the security factors that may make somebody confuse.

    I hope you'll like the newer version.

  3. Franz Josef Kaiser
    Member
    Posted 2 years ago #

    Hi Renefs,

    extending the WP List Table class and the error handling made it much better. I still don't agree that this isn't spaghetti code - should be a class, don't use constants (at least not with such generic names) - but the overall approach is an improvement.

    If you can rework that class too and tell me how I can change the rating, I'll be happy to raise it.

    Best wishes,
    K.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Plugins version info
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.