Posts tagged with keywords "Security Risk"


Track these posts using the RSS Feed

Dreamed about coding last night and found (and solved) a bug!



Last night, I didn’t sleep well. The recent changeable weather has given me a rather nasty chesty cough. My eyes are sore, I’m tired and flushed the whole time. The kids and my wife are all suffering too and there is nothing besides cough syrups and rest for it (and as parents you’re never really allowed to rest).

I couldn’t get to sleep right. I kept replaying stuff from the day in my head. Nothing critical. But I woke early this morning and I was re-playing code through my head. Running through functions, testing various inputs, visualising outputs. At the same time, interjected with scenes and thoughts about worries. It wasn’t just odd but exhausting, like my head couldn’t handle it. I felt miserable and I couldn’t get out of bed when the alarm clock went. Normally, no matter what my state, I get out of bed on time. I may still be half asleep, but I get out of bed and start into the motions. This time I couldn’t. Pushed the clock away. Let everyone sleep.

What is fascinating though, is that I found a security leak in my code from that weird dream. I tested it this morning, confirmed my suspicions and I patched it in an hour or so.

Feeling better now with the sun beaming brightly. It’s still wind and cold-ish. But the dose of sunlight has really done my head well.

Security Risk in TDO Mini Forms v0.12: Upgrade to v0.12.2 ASAP!



Update #1: It’s not my day. In my rush to get v0.12.1 out, I copied in some broken code to SVN. Nothing critical, just prevents TDOMF from running. v0.12.2 fixes this.

I’ve discovered a security risk in v0.12 of TDO Mini Forms if you use Custom Fields and the “Append to Post” format option. This was introduced during the implementation of the Form Hacker. I’ve already prepared a fix (v0.12.1 v0.12.2) for this and it is now on Wordpress.org (but it may take a few minutes before you can download it).

I strongly advise anyone using v0.12 to upgrade as soon as possible. If you can’t currently upgrade, please consider downgrading to the v0.11.1 or disabling the plugin until you can upgrade to v0.12.1 v0.12.2.

I do not know if anyone has been exploited by this hole, however I would also recommend carefully checking the HTML of submissions done with v0.12 for any PHP tags that might have slipped in the post content or custom fields.

I apologise for this and hope no-one is inconvenienced by it.