Jump to content

Archived

This topic is now archived and is closed to further replies.

klausk

VaultPress Security Alerts

Recommended Posts

klausk

Hi. I keep getting Suspicious Code alerts from Vaultpress from Pagelines files on various clients websites. Here's a typical alert:
 
> Suspicious Code
> Dangerous and threatening code often used to attack sites.
> PHP.Suspicious.Eval.1
>
> File affected:
> library.options.php
> /wp-content/themes/pagelines/includes
>
>
> 789
>         if(isset($_POST['reset_callback']))
> 790
>             call_user_func( $_POST['reset_callback'] );
> 791
>     }

And this is the response from Vaultpress

"Thanks for reaching out. It does appear to be a part of the Pagelines theme
code. However, the use of $_POST is considered poor coding practice as it makes
use of a Global Variable. You can read more about Global Variables here:

http://codex.wordpress.org/Global_Variables

I would reach out to Pagelines and confirm that this is normal to have in your
site. Otherwise, it appears safe to ignore and is more being flagged as a
precaution. "

So is this alert normal, and has anyone else had the same issues?

Thanks.

Share this post


Link to post
Share on other sites
Danny

Hi,

 

I don't see that being an issue if I am honest. However, I have reached out to one of our developers who knows more about the code in question.


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
Danny

I have spoken to our developers and this snippet of code is only available to the admin and isn't a security risk. This is what they told me:

 

If they remove that file the theme will break. Sure they can disable the function, then they wont be able to reset options/templates etc.
That function is only run in the admin area and only if the user is an administrator. So its only a threat if they have multiple administrators who they do not trust.
 
This code is only in the PageLines Framework theme, not DMS or any other PageLines product.

Please search our forums, before posting!

Share this post


Link to post
Share on other sites

  • Similar Content

    • KathleenAspenns
      By KathleenAspenns+
      I would like to upgrade my site to PHP 7, but there is an error warning in the PL Framework theme. I should think this should be fixed asap, I cannot be the only person trying to be up to date.
      1976 | ERROR | preg_replace() - /e modifier is deprecated since PHP 5.5 and removed since PHP 7.0
       
    • Dan Haddock
      By Dan Haddock
      DMS: Latest Version
      Running a Child Theme
      Wordpress: 4.8.3
      Plugins:
      Akismet Anti-Spam 
      Coming Soon Page & Maintenance Mode by SeedProd
      Contact Form 7
      Cookie Law Info
      DMS Professional Tools    
      Enhanced Media Library
      Flamingo
      Google Analytics for WordPress by MonsterInsights
      Google XML Sitemap    
      Jetpack by WordPress.com
      Legull
      Loginizer   
      MailChimp for WordPress
      PageLines Updater
      Really Simple SSL
      Schema App Structured Data
      Sucuri Security - Auditing, Malware Scanner and Hardening  
      Uber reCaptcha
      Yoast SEO
      Problem Below
      Hi Team,
      I am looking to style the Continue Reading Button with the PHP you provided in an earlier ticket here: 
       
      I put the PHP code into my site, however I do not get my Icon back, I just get back Read More >>
      I have attached a screenshot of the code in place on my site along with the output.
      Interested to know what I may be doing wrong? - I am very new to PHP so a bit apprehensive on this.
      The Images: https://drive.google.com/open?id=0B0i4JJXa2jdQN2xoakZNRUdmaU0
      Let me know if you need any more information from me.
       
    • casseysdesigns
      By casseysdesigns+
      In the past I would use nextbox for this task. However, Platform 5 does not have nextbox. I will do my best to describe what I am trying to do.
      I am creating a template for coaches, each product has its own link but they all share a common coach id. I want to set up the templates with the links for each product with a variable for the coach id so that I can change the coach id for all the links on the site by just changing the value of the variable $coachId. To do this I'll need to do something like the following...
      <a href="salesite.com/productcodes/referringRepId=<?= $coachId ?>" target="_blank">Product Purchase Link</a> Is it possible to do this with Platform 5?
    • Lisa Haran
      By Lisa Haran+
      Hi 
      I have a map here http://www.iloveoffset.com/maps/
      I want to add several pointer locations to the map, but when I do they do not appear.
      On this map there are 2 pointer locations and as you can there is only one visible.
      Earlier today I added 7 and could only see 4 so there is something odd going on.
      My theme is up to date
    • janpeeters
      By janpeeters+
      I read a lot lately about how much faster PHP 7 is than older versions. Is PL5 compatible with 7?
      Does anyone have experience with running their whole PL5 site on PHP 7? Would love to hear your experiences.
      Thanks, Jan
×