Support » Plugin: Postcards » Typo causing problems, NO security, otherwise works well

  • There are 3 typos (or programming errors?) in the plugin.php file. One of the post options is called 'postcards_enabled', but in 3 places in that file the author entered it as 'postcards_enable' (without the “d” at the end). This causes the per-page enable/disable override feature to not work.

    The Changelog indicates version 1.2.1 was to fix this very problem, but this is obviously not the case.

    EASY FIX: Use the plugin editor feature on your WP Dashboard. If you text search through plugin.php for the string postcards_enable' (with the trailing single quote!) and add the letter “d” making it read postcards_enabled' (note the “d” at the end of the word!) it will work.

    After making that fix, it seems to WORK AS ADVERTISED. Basically, it adds some javascript/jQuery into the footer that auto-magically adds the “send as e-card” link under each image on a gallery page. The feature can be either enabled or disabled globally (site-wide) for all gallery pages, with an enable/disable option on individual pages to override the global setting.

    It has a nice look to it, and should integrate into most themes with little difficulty.

    The main drawback is that there is no CAPTCHA or other method to prevent a postcard from being accessed remotely and used for spamming, as in this example:

    This is a SERIOUS FLAW, the ramifications of which should be seriously considered before implementing this plugin on a live site!

    The author should implement the following security features to make this a nifty little plugin:

    • Add referrer check to email sending routine (not foolproof but at least a start)
    • Add a CAPTCHA to email sending routine

    As for support … The “help” page on the author’s website gives a 404 (page not found) error, and the author’s forum seems to be out of date (version 1.0.3 is listed as newest). The lack of FAQ and Screenshots entries on the plugin page on WP repository, along with the lack of responses to the two questions on the WP plugin forum, all lead me to believe that this plugin is not well-supported.

    Nevertheless, it does seem to work as advertised after a little “fixing.” And the simplicity of the internals means it should continue to work with new releases of WP — or at most require a little more manual tweaking. I’m giving it 4 stars for its elegant simplicity, in spite of the need for a manual fix by the WP admin. But I’m subtracting 2 stars due to the lack of any spam prevention. Too bad, because I really wanted to like this plugin …

Viewing 1 replies (of 1 total)
  • This is an excellent observation; I wouldn’t have thought of it, not a programmer.

    I was just so excited to have an ecard gallery to match my site! And I am still excited, but the captcha is obviously necessary.

    I hope the developer will take this excellent plugin idea to the next level and take care of the CAPTCHA, and also FIX the “enabled / disabled” option (TYPO) so that this feature works.

    But, I am cheering for this plugin, I really want it, I can really use it.


Viewing 1 replies (of 1 total)
  • The topic ‘Typo causing problems, NO security, otherwise works well’ is closed to new replies.