Removal of advertising-functionality
Quote from Asgaros on December 20, 2021, 3:32 amHi everyone,
While having a discussion with the WordPress plugin-team during a security-audit, I got the information that providing a functionality for adding advertisement-code into the forum via a form is “NO LONGER ALLOWED since if you cannot sanitize them and ensure they’re safe to insert, you should not allow users to try. Site Admins are people, and a lot of those people have no idea why you shouldn’t paste JS from random sites into their own”.
This surprised me a bit, so I had a follow-up conversation with them to confirm with them that “is not allowed in the back-end to provide a code-input-form which allows site-administrators to add a specific code/script (for example Google AdWords) which can be used to display ads between forum-topics to help site-owners monetize their website”.
The response was very clear:
It is no longer permitted, specifically because of the danger. Yes, older plugins have this, and we would love to close them all, but we cannot without harming users, so we’re trying to phase things out.
We know that script insertion plugins are amazing and powerful. They’re also incredibly dangerous and require a high level understanding of sanitization, security, and usage. And in the case of most plugins, these are entirely unnecessary. You should never be asking users to paste in arbitrary JavaScript. Instead have them paste in the values custom to their scripts, and generate the rest on your own. If you want to have an “AdWords” insertion, you don’t need to let them put in arbitrary JS, you can have them put in their user data. That also allows you to prevent abuse by only having your supported JS tools included.
PHP is even more complex. This is why WordPress itself allows you to lock people out of being able to edit theme and plugin files directly (via DEFINES that are used by many managed hosts), but also has a serious of post-processing checks that verify the site will still function after any changes.
As for CSS… well people can use the customizer.
As a result of this conversation, I have no other choice than removing the advertisement-functionality completely from the code to ensure that Asgaros Forum can stay inside of the WordPress plugin-repository. I will evaluate the possibility to provide the advertisement-functionality as a separate standalone-plugin via download here in the future. The feature will be removed with the upcoming update to version 1.15.18 which I plan to release in the coming days.
Thanks for your understanding!
Merry Christmas & Happy New Year,
Thomas
Hi everyone,
While having a discussion with the WordPress plugin-team during a security-audit, I got the information that providing a functionality for adding advertisement-code into the forum via a form is “NO LONGER ALLOWED since if you cannot sanitize them and ensure they’re safe to insert, you should not allow users to try. Site Admins are people, and a lot of those people have no idea why you shouldn’t paste JS from random sites into their own”.
This surprised me a bit, so I had a follow-up conversation with them to confirm with them that “is not allowed in the back-end to provide a code-input-form which allows site-administrators to add a specific code/script (for example Google AdWords) which can be used to display ads between forum-topics to help site-owners monetize their website”.
The response was very clear:
It is no longer permitted, specifically because of the danger. Yes, older plugins have this, and we would love to close them all, but we cannot without harming users, so we’re trying to phase things out.
We know that script insertion plugins are amazing and powerful. They’re also incredibly dangerous and require a high level understanding of sanitization, security, and usage. And in the case of most plugins, these are entirely unnecessary. You should never be asking users to paste in arbitrary JavaScript. Instead have them paste in the values custom to their scripts, and generate the rest on your own. If you want to have an “AdWords” insertion, you don’t need to let them put in arbitrary JS, you can have them put in their user data. That also allows you to prevent abuse by only having your supported JS tools included.
PHP is even more complex. This is why WordPress itself allows you to lock people out of being able to edit theme and plugin files directly (via DEFINES that are used by many managed hosts), but also has a serious of post-processing checks that verify the site will still function after any changes.
As for CSS… well people can use the customizer.
As a result of this conversation, I have no other choice than removing the advertisement-functionality completely from the code to ensure that Asgaros Forum can stay inside of the WordPress plugin-repository. I will evaluate the possibility to provide the advertisement-functionality as a separate standalone-plugin via download here in the future. The feature will be removed with the upcoming update to version 1.15.18 which I plan to release in the coming days.
Thanks for your understanding!
Merry Christmas & Happy New Year,
Thomas
Quote from Nader_Baradari on December 21, 2021, 1:29 pmHello
After Update to New version, When we click on topic or forum title appear this message “This forum does not exist.” and do not show any forums. Please Check this error.
Best regards
Hello
After Update to New version, When we click on topic or forum title appear this message “This forum does not exist.” and do not show any forums. Please Check this error.
Best regards
Quote from Asgaros on December 22, 2021, 3:26 amHello @nader_baradari
Can you provide me an example-link?
Hello @nader_baradari
Can you provide me an example-link?
Quote from Nader_Baradari on December 22, 2021, 5:38 amQuote from Asgaros on December 22, 2021, 3:26 amHello @nader_baradari
Can you provide me an example-link?
Hi
Sorry I had to downgrade to previous version because my customers had problem and could not use the forum.
Quote from Asgaros on December 22, 2021, 3:26 amHello @nader_baradari
Can you provide me an example-link?
Hi
Sorry I had to downgrade to previous version because my customers had problem and could not use the forum.
Quote from Tatiana on December 27, 2021, 8:45 amQuote from Asgaros on December 22, 2021, 3:26 amHello @nader_baradari
Can you provide me an example-link?
I cannot provide an example link but I can tell more about the issue.
It’s linked to non-latin slugs. Somehow the previous version worked pretty well with local letters, special characters, funny phone pics, etc. The new version refuses to understand any of them them and shows error 404 as if the topic doesn’t exists. Moreover, I use a plugin that changes Cyrillic letters to Latin letters, and it stopped working with the topic titles after the update.
I had to downgrade the forum.
Then I had to write a plugin that would change all bad slugs into latin slugs. About 1/5 of my topics changed urls but that’s still better than ‘topic not found’.
Then I upgraded the forum again.
Then I tried to force slugs to be latin through ‘sanitize_title’ filter but I failed to make it work for forum only and it crashed my theme.
Then I had to modife includes/forum-rewrite.php:
after line 344
$slug = sanitize_title($name);
add
if (function_exists(‘myown_sanitize_title’)) {
$slug = myown_sanitize_title($name, 0);
}—
It would be nice if you add the possibility to filter the topic title with your own Asgarosforum filter. Or maybe an option to do latin-only slugs among other options.
—
And thank you for your great plugin. It’s really great.
P.S. And I spend an hour trying to find my ads, that’s why I’m here. ))))
Quote from Asgaros on December 22, 2021, 3:26 amHello @nader_baradari
Can you provide me an example-link?
I cannot provide an example link but I can tell more about the issue.
It’s linked to non-latin slugs. Somehow the previous version worked pretty well with local letters, special characters, funny phone pics, etc. The new version refuses to understand any of them them and shows error 404 as if the topic doesn’t exists. Moreover, I use a plugin that changes Cyrillic letters to Latin letters, and it stopped working with the topic titles after the update.
I had to downgrade the forum.
Then I had to write a plugin that would change all bad slugs into latin slugs. About 1/5 of my topics changed urls but that’s still better than ‘topic not found’.
Then I upgraded the forum again.
Then I tried to force slugs to be latin through ‘sanitize_title’ filter but I failed to make it work for forum only and it crashed my theme.
Then I had to modife includes/forum-rewrite.php:
after line 344
$slug = sanitize_title($name);
add
if (function_exists(‘myown_sanitize_title’)) {
$slug = myown_sanitize_title($name, 0);
}
—
It would be nice if you add the possibility to filter the topic title with your own Asgarosforum filter. Or maybe an option to do latin-only slugs among other options.
—
And thank you for your great plugin. It’s really great.
P.S. And I spend an hour trying to find my ads, that’s why I’m here. ))))
Quote from Nader_Baradari on December 27, 2021, 11:40 amafter update to version 1.15.19 , that error is exist yet. you can check below link:
انجمن پشتیبانی – شیراز نئوویو | مرجع تخصصی آموزش نئوویو در ایران (shirazneowave.ir)
after update to version 1.15.19 , that error is exist yet. you can check below link:
انجمن پشتیبانی – شیراز نئوویو | مرجع تخصصی آموزش نئوویو در ایران (shirazneowave.ir)
Quote from Nader_Baradari on December 27, 2021, 2:18 pmI had to downgrade too. I think @tatiana said right.
I had to downgrade too. I think @tatiana said right.
Quote from Nader_Baradari on December 29, 2021, 4:36 pmHello
Problem has been solved in version 1.15.20.
Thank you so much
Hello
Problem has been solved in version 1.15.20.
Thank you so much
Quote from Asgaros on December 30, 2021, 3:28 amHi @nader_baradari @tatiana
Sorry for the troubles. This bug was a side-effect of some recent security-hardening and has been fixed in v1.15.20!
Sorry for the troubles. This bug was a side-effect of some recent security-hardening and has been fixed in v1.15.20!