neoncs
Forum Replies Created
-
Forum: Plugins
In reply to: [LeagueManager] New Update problem@ben52 ignore me and my solution.. i realised after that my plugin had deactivated. I will relook at this tonight.
@borellidesigns This is leaving you open to a published exploit allowing someone to get your admin username and password. I would deactivate if you can until a solution is found.
Forum: Plugins
In reply to: [LeagueManager] New Update problemDoing some further investigation the only changes made to this version to previous are actually the last few lines of code in the leaguemanager.php file.
This change is to patch an SQL injection exploit. All the changes above are not required. I tested this by just changing the leaguemanager.php back to the previous version and all worked fine.
The problem here is that with the old leaguemanager.php file is a security risk.
Here is the fix from line 531: It is missing additional braces and semi colon.
Change:
if (current_user_can(‘manage_leagues’)) {
if ( isset($_POST[‘leaguemanager_export’]) )
$lmLoader->adminPanel->export((int)$_POST[‘league_id’], $_POST[‘mode’])
;
}
?>TO:
if (current_user_can(‘manage_leagues’)) {
if ( isset($_POST[‘leaguemanager_export’]) ){
$lmLoader->adminPanel->export((int)$_POST[‘league_id’], $_POST[‘mode’]);
}
;}
?>Forum: Plugins
In reply to: [LeagueManager] New Update problemMarselo89:
You change should be
return trailingslashit($_SERVER[‘ABSPATH’]) . dirname(substr($file,strlen($_SERVER[‘HTTP_HOST’])+8, strlen($file))) . ‘/thumb_’ . basename($file);
Not
trailingslashit return ($_SERVER[‘ABSPATH’]) . dirname(substr($file,strlen($_SERVER[‘HTTP_HOST’])+8, strlen($file))) . ‘/thumb_’ . basename($file);
Saying that even with the myconfig and this fix applied my site is still server 500 error.. Time to investigate
Had same Problem went into HTTPS setting and clicked Reset then saved changes. Now working.