I just released FireStats 1.6.2, the most significant change is the patching of two potential security vulnerabilities.
I strongly advice everyone to upgrade to the latest version.
there have been two exploits:
attempting to include remote files. in order for it to be effective, your server has to be improperly configured and to allow url file inclusion via inclue(). most servers are not vulnerable, but regardless – I took it very seriously and implemented a whitelist to prevent any such attempts.
possible SQL injection.
besides those important security updates, I fixed quite a few bugs in this release. check the changelog for full detail.
“server have to be improperly” – should be has, or servers.
3omry 15 June 2009 @ 1:19 am
thanks.
4Suggestion 18 June 2009 @ 12:38 am
I am sorry for the bogus name, etc. I wanted to make a suggestion for a future version of firestats. My suggestion is to add some code that uses the IP on the statistics page under the hits table and cross references that with the comments IP addresses and inserts the name of the commenter for the IP. That way if you have people who are frequent visitors you can easily see who they are from their comment name instead of just the IP. I waste a lot of time looking at the comments page trying to figure out who the IPs belong to.
Thanks from a big fan of firestats! Keep up the great work!
I searched the F.A.Q’s for documentation and scoured some of your blog postings but I didn’t see anything reported on it so hence this request: to be able format the placement of the browser/OS icons hooked to the comment_author_link() function.
It’s not “mission critical” but sometimes being able to control the exact placement of those icons within the comments area would be desirable with some theme designs as oppose to it ALWAYS being just to the right of the author’s name as it currently displays now. I’m thinking of it as an option setting within FireStats where the WP admin chooses between a Defaultstate (as it functions already) or a Custom state where the theme designer can place a piece of pre-defined code snippet within their comments loop structure where they wish to display the icons, for example: maybe before the comment author’s name, below it’s name or even below the Gravatar.
If that’s not feasible no worries, it’s still an awesome plugin and I enjoy using it very much, thanks!
5 Responses to “FireStats 1.6.2”
1 מחשבות, מחשבים, ושאר דברי בלע » Blog Archive » חור אבטחה בפיירסטטס 1.6.1
13 June 2009 @ 2:36 pm
[...] עוד פרטים פה. [...]
2 dictionary
15 June 2009 @ 1:01 am
“server have to be improperly” – should be has, or servers.
3 omry
15 June 2009 @ 1:19 am
thanks.
4 Suggestion
18 June 2009 @ 12:38 am
I am sorry for the bogus name, etc. I wanted to make a suggestion for a future version of firestats. My suggestion is to add some code that uses the IP on the statistics page under the hits table and cross references that with the comments IP addresses and inserts the name of the commenter for the IP. That way if you have people who are frequent visitors you can easily see who they are from their comment name instead of just the IP. I waste a lot of time looking at the comments page trying to figure out who the IPs belong to.
Thanks from a big fan of firestats! Keep up the great work!
5 JJP
13 September 2009 @ 6:22 am
Thanks so much for a GREAT plugin!
I searched the F.A.Q’s for documentation and scoured some of your blog postings but I didn’t see anything reported on it so hence this request: to be able format the placement of the browser/OS icons hooked to the comment_author_link() function.
It’s not “mission critical” but sometimes being able to control the exact placement of those icons within the comments area would be desirable with some theme designs as oppose to it ALWAYS being just to the right of the author’s name as it currently displays now. I’m thinking of it as an option setting within FireStats where the WP admin chooses between a Defaultstate (as it functions already) or a Custom state where the theme designer can place a piece of pre-defined code snippet within their comments loop structure where they wish to display the icons, for example: maybe before the comment author’s name, below it’s name or even below the Gravatar.
If that’s not feasible no worries, it’s still an awesome plugin and I enjoy using it very much, thanks!
Cheers.
Leave a Reply