Some people, myself included, change the name of wp-content to something else as a security measure. However, the problem is that this is hardcoded in cforms.js. I can modify it directly in that file but I really don't like hacking the plugin files as there's a chance I could upgrade and forget about it and leave cforms broken.
I think you could resolve this issue by determining the plugin path in the php file (plugins_url, WP_PLUGIN_URL, etc.) and passing it in as a variable to cforms.js.
March 6, 2005
Not so easy as it sounds.
How would you pass on PHP values to JS, except by either building the JS file via PHP at run-time (not an option) or by placing that value into the DOM for the JS routine to pick it up after page load. The latter option would make your custom "wp-content" dir public to everyone, not sure if you would want that either. ;-)
That's why I said 'determining the plugin path in the php file and passing it in as a variable'.
You could output a JS snippet containing the variable from a PHP file (or alternatively your latter option of placing it into the DOM would work). I don't think it matters that the path could be discovered, the malware bots are scanning websites for wp-content directory to find vulnerable plugins so the security measure or renaming wp-content is still effective. If you don't agree with that assessment, another approach could be to provide an option to set the name of the content folder in a js file inside the cforms-custom folder. At least that way would avoid having to hack the core files.
Most Users Ever Online: 959
Currently Browsing this Page:
Guest Posters: 3744
Newest Members: juredujmovic, dreamkeeper, rajattyagi, wrokaa, lukass
Moderators: Paul (421), cnymike (8), sonika (95)
Administrators: Oliver (6400), Nicky (3)