potential bugs found in code

This topic contains 6 replies, has 2 voices, and was last updated by  Stiofan O’Connor 7 years, 8 months ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • July 26, 2016 at 3:31 pm #233701

    Rainer Lang
    Expired Member
    Post count: 33

    Hello,
    we looked through your code for security reasons (mentioned in another post) and found some code pieces that could cause some bugs. We didn’t experience a bug as users, but want to admit this to you for further enhancement. See below…

    July 26, 2016 at 3:34 pm #233703

    Rainer Lang
    Expired Member
    Post count: 33
    This reply has been marked as private.
    July 26, 2016 at 4:08 pm #233710

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    Hi Rainer,

    Thanks for the feedback, i will check over all your points and get back to you.

    Thanks,

    Stiofan

    September 5, 2016 at 3:15 pm #260258

    Rainer Lang
    Expired Member
    Post count: 33

    Hi Stiofan,
    any news on this?

    September 5, 2016 at 3:55 pm #260329

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    The ini_set i would prefer to leave as is, i would rather they show the user the error than die silently and not know why, no one have ever reported a problem.

    For the 

    __(get_option('siteurl') . '?geodir_ajax=true')

    That is then passed through a sanitizing function wp_localize_script, but if you had problems with that option you would not be able to view the site in the first place…

    The last one is a spelling mistake that was carried through, it does not harm

    Stiofan

    September 6, 2016 at 9:41 am #260831

    Rainer Lang
    Expired Member
    Post count: 33

    I don’t really understand your intention to use the localize function. Why don’t use

    esc_url(get_option('siteurl')) . '?geodir_ajax=true'

    ?

    September 6, 2016 at 10:21 am #260841

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    It’s symantics, i have changed it to keep you happy but in reality the point is to escape the get_option(‘siteurl’) which if it’s compromised then you won’t even be able to view the page…

    Stiofan

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket