Support » Plugin: Shariff for WordPress » This plugin seems very cool but not really on multisite

  • We have 2300 blogs, 10000 users and some germans users (260 admins bloggers) =)
    But unfortunatly we can’t use this plugin for a few problems.

    1) The principle of Shariff is commendable but questionable, indeed he make requests at a frequency given by the blogger to servers Facebook, Google, Twitter…
    This generates a lot of traffic (it is still possible), but see 2) B).

    2) The configuration of the plugin gives us some problems, from the point of view of our sysadmin: A blogger can change too many parameters.
     A) You can add a url with the “Default Image Location” field, this field is vulnerable (Stored XSS), a blogger can execute anything to ALL
    readers (including us, with admins accounts).
     B): The blogger can change the TTL, it is likely that bloggers shorten that time which defaults to 60 seconds in an increased number of requests.
     C): nice gift for the end… A blogger, thanks to the “Temp Directory” field, can create Shariff files and .dat files in any folder accessible in R/W by www-data (The user of the Web server). Specifically, a blogger can create folders and files in other folders bloggers, without protection, and safeguards.

    good luck

  • The topic ‘This plugin seems very cool but not really on multisite’ is closed to new replies.