eg-attachments

Description

This plugin has been closed as of πŸƒ3️⃣ 7, 2024 and is not available for download. Reason: Security Issue.

Reviews

🌸4️⃣ 27, 2017 1 reply
In database query inside a plugin file is not as per the standard WordPress queries. In file β€œ\eg-attachments\inc\eg-attachments-public.inc.php” there is a function β€œrecord_click”. In this function author is using below query: $sql = $wpdb->prepare(β€˜SELECT click_id,clicks_number FROM wp_eg_attachments_clicks WHERE click_date=CURRENT_DATE() AND attach_id=%d AND post_id=%d’, $attach_id, $parent_id); Just look at the query, author is using β€œwp_eg_attachments_clicks” for a table. Here table prefix for that table is β€œwp_” which is not dynamic. Author should use something like below: $sql = $wpdb->prepare(β€˜SELECT click_id,clicks_number FROM β€˜.$wpdb->prefix.’eg_attachments_clicks WHERE click_date=CURRENT_DATE() AND attach_id=%d AND post_id=%d’, $attach_id, $parent_id); In place of β€œwp_” we should always use β€œ$wpdb->prefix” in our queries so that our query will not break even change of table prefix by the user from wp-config.php file. Request to author, please update it in your next release. Thanks, Sunil Chaudhary
Read all 8 reviews

Contributors & Developers

“EG-Attachments” is open source software. The following people have contributed to this plugin.

Contributors

Translate “EG-Attachments” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.