Typo causing problems, NO security, otherwise works well
There are 3 typos (or programming errors?) in the
plugin.php file. One of the post options is called
'postcards_enabled', but in 3 places in that file the author entered it as
'postcards_enable'(without the “d” at the end). This causes the per-page enable/disable override feature to not work.
The Changelog indicates version 1.2.1 was to fix this very problem, but this is obviously not the case.
EASY FIX: Use the plugin editor feature on your WP Dashboard. If you text search through plugin.php for the string
postcards_enable'(with the trailing single quote!) and add the letter “d” making it read
postcards_enabled'(note the “d” at the end of the word!) it will work.
It has a nice look to it, and should integrate into most themes with little difficulty.
The main drawback is that there is no
CAPTCHAor other method to prevent a postcard from being accessed remotely and used for spamming, as in this example:
This is a SERIOUS FLAW, the ramifications of which should be seriously considered before implementing this plugin on a live site!
The author should implement the following security features to make this a nifty little plugin:
- Add referrer check to email sending routine (not foolproof but at least a start)
- Add a
CAPTCHAto email sending routine
As for support … The “help” page on the author’s website gives a 404 (page not found) error, and the author’s forum seems to be out of date (version 1.0.3 is listed as newest). The lack of FAQ and Screenshots entries on the plugin page on WP repository, along with the lack of responses to the two questions on the WP plugin forum, all lead me to believe that this plugin is not well-supported.
Nevertheless, it does seem to work as advertised after a little “fixing.” And the simplicity of the internals means it should continue to work with new releases of WP — or at most require a little more manual tweaking. I’m giving it 4 stars for its elegant simplicity, in spite of the need for a manual fix by the WP admin. But I’m subtracting 2 stars due to the lack of any spam prevention. Too bad, because I really wanted to like this plugin …
- The topic ‘Typo causing problems, NO security, otherwise works well’ is closed to new replies.