Plugins version info
This is not "security" (3 posts)

  1. Franz Josef Kaiser
    Posted 1 year ago #

    Edit: The plugin keeps improving, so I raised the rating.

    Aside from the fact that the "security"-measurements that this plugin tries to implement are a joke (there have been enough cases where plugins in the official repo have been compromised), the "calculation" itself is bogus.

    From reviewing the source code (spaghetti/function code) there are issues all over:

    • Does remote requests, where the results aren't tested properly. So whatever comes from the remote source will just be used - which is a security fail at its best.
    • Doesn't use any WordPress coding practice like the list tables API, registering and enqueuing styles, etc. etc.
    • Doesn't handle errors properly. Neither with the remote response, nor with any other WP Error object...

    Summed up: Don't use it. This is the opposite of security.

    Reviewed Version: 0.71.2

  2. Renefs
    Plugin Author

    Posted 1 year ago #

    Hi Franz,

    First of all, thank you for reviewing the plugin. It's a shame you did not like it, but several point you mention were true, so I decided update the plugin with your recommendations (tables list API, no more spaghetti, best error handling, enqueuing styles...)

    I also modified the plugins name to make more clear what is its purpose, removing the security factors that may make somebody confuse.

    I hope you'll like the newer version.

  3. Franz Josef Kaiser
    Posted 1 year ago #

    Hi Renefs,

    extending the WP List Table class and the error handling made it much better. I still don't agree that this isn't spaghetti code - should be a class, don't use constants (at least not with such generic names) - but the overall approach is an improvement.

    If you can rework that class too and tell me how I can change the rating, I'll be happy to raise it.

    Best wishes,

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.