cforms II User Forum

Registration is currently disabled.
Guest

FAQs

Login form protected by Login LockDown.


Lost password?
Advanced Search

— Forum Scope —

  

— Match —

   

— Forum Options —

    

Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
cforms.js not compatible with changes in wp-content name
September 4, 2012
1:17 am
Aidan Curran
Guest

Hi Oliver,

Some people, myself included, change the name of wp-content to something else as a security measure. However, the problem is that this is hardcoded in cforms.js. I can modify it directly in that file but I really don't like hacking the plugin files as there's a chance I could upgrade and forget about it and leave cforms broken.

I think you could resolve this issue by determining the plugin path in the php file (plugins_url, WP_PLUGIN_URL, etc.) and passing it in as a variable to cforms.js.

Cheers,

Aidan

October 12, 2012
3:12 pm
Oliver
Munich, Germany
Admin
Forum Posts: 6400
Member Since:
March 6, 2005
Offline

Not so easy as it sounds.

How would you pass on PHP values to JS, except by either building the JS file via PHP at run-time (not an option) or by placing that value into the DOM for the JS routine to pick it up after page load. The latter option would make your custom "wp-content" dir public to everyone, not sure if you would want that either. ;-)

October 30, 2012
8:36 am
Aidan Curran
Guest

Hi Oliver,

That's why I said 'determining the plugin path in the php file and passing it in as a variable'.

You could output a JS snippet containing the variable from a PHP file (or alternatively your latter option of placing it into the DOM would work). I don't think it matters that the path could be discovered, the malware bots are scanning websites for wp-content directory to find vulnerable plugins so the security measure or renaming wp-content is still effective. If you don't agree with that assessment, another approach could be to provide an option to set the name of the content folder in a js file inside the cforms-custom folder. At least that way would avoid having to hack the core files.

Cheers,

Aidan

Forum Timezone: Europe/Berlin

Most Users Ever Online: 959

Currently Online:
18 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

tracedef: 43

mores: 21

Gyrus: 20

frozenwaste: 18

asuffredini: 15

photoworks: 14

Member Stats:

Guest Posters: 3744

Members: 1463

Moderators: 3

Admins: 2

Forum Stats:

Groups: 1

Forums: 4

Topics: 5345

Posts: 18714

Newest Members: juredujmovic, dreamkeeper, rajattyagi, wrokaa, lukass

Moderators: Paul (421), cnymike (8), sonika (95)

Administrators: Oliver (6400), Nicky (3)