gdavide
Forum Replies Created
-
I got the same big problem described above: i’ve just updated to the latest plugin version and this broke the whole site.
On the site’s homepage i got the error:Fatal error: Call to undefined function is_user_logged_in() in /path-to/wp-includes/post.php on line 2160
To solve the problem i’ve deleted the plugin.
@ethicalhack3r: thank you. Please let me know if you receive a follow-up.
The problem is that these 3 bugs are only fixed in 4.5: they are not backported to versions 4.0.x throught 4.4.x as the other previous security bugs.
So, to solve the problem, you need to do a major-version upgrade: that kind of upgrade is not easy in enterprise environment.Regards
I couldn’t fine any detailed info about the security bug:
https://wpvulndb.com/vulnerabilities/8475which are the lines involved in the fix?
On the other two security bugs fixed by wp 4.5, there’s a lot of details, github ecc… but on 8475 there isn’t nothing.I would need it to evaluate the severity of the bug on my wp installations.
Regards
On new aiowps version i can’t find any error. I suppose that it’s solved
thank you
I’m the host! 🙂
BTW: that’s a production server-site, so i cannot make too much test, i think that i will leave the “file scan” function disabledNo, i’ve tryied to disable all the plugins but i still got the same erros. I’ve bypassed it by disable the “file scan” functions on aiowps
I solved it.
The problem was that the option parameter “aio_wp_security_configs” had some wrong values.
I normally set the “aio_wp_security_configs” parameter at wp installation time, with wp cli (http://wp-cli.org) :wp option update aio_wp_security_configs “…”
Apparently there was some wrong value. I solved by reset the aio_wp_security_configs value with:
wp option delete aio_wp_security_configs
and then by reconfigure aiowps via web interface.
regards
Why do you think that using a rewrite rule would be “smarter” than the actual code-solution?
Maybe could be a more lightweight , this is true, but i think that a clean and simple .htaccess will be better, remember that nginx doesn’t support mod_rewrite, so the actual solution work with other http daemons.Regards
Ok, here it’s the pull request:
https://github.com/Arsenal21/all-in-one-wordpress-security/pull/12
RegardsI think that my topic is somehow related to this issue:
This patch solved the issue:
https://wordpress.org/support/topic/allow-activating-via-wp-cli-patch?replies=2
please add this bugfix to the next plugin’s version.
regards
Forum: Plugins
In reply to: [Cartpauj PM] does not work with DB Cache Reloaded FixI add another useful detail, in the db cache reloaded fix’s faq you can find an useful answer:
———
Q: I am a plugin developer. How can I make my plugin compatible with DB Cache Reloaded?A: DB Cache Reloaded uses default WordPress mechanism to load custom version of wpdb class – it creates custom wp-content/db.php file. WordPress checks if this file exists, and loads it instead of wp-includes/wp-db.php.
When your plugin includes this class using custom code added to wp-config.php (or any other file), please use require_wp_db() to do this, or use similar code to this function body.
When you need to modify wpdb class (e.g. by adding or replacing methods), consider deriving your class from the default one (using the extends keyword). Another option is to use aggregation – save value of $wpdb variable, create object of your class and assign to $wpdb. Your class should call methods and access member variables of this saved object, in order to keeps its functionality. Your class should also implement magic methods __get, __set, __isset, __unset and __call.
———–http://wordpress.org/extend/plugins/db-cache-reloaded-fix/faq/
regards
My problem was that only admin can upload the files, other user’s can’t.
I solved the problem with the same method that “simongreenland” described: with the “User role editor” by granting the “upload_files” and “unfiltered_upload” roles.I solved the problem by reinstalling cf7.
I think that the problem was that i removed some custom fields used by cf7: form, mail,mail_2 ecc.. maybe this fields was required.I’ve the same problem with the same wp and ngg versions.
The strange thing: if i do the upload with the admin user everithing works good, if i use another user i get the “i/o” errorregards