Unsafe PHP Speedy Suspended Wordpress Project Code

    To solve the problem of combining many CSS and JS blog files on Wordpress, I did not find anything better than an abandoned PHP Speedy project. (Web Optimizer did not want to install due to the presence of a conflicting plugin). What was my surprise when I accidentally discovered this unsafe code: p. 568 of the source code Pay attention to the line with the function that is responsible for adding the menu item “PHP Speedy” in the list of plug-ins for configuring it. The third parameter of this function indicates the user level (from 0 to 10), to which the plug-in settings will be available. And for some reason this parameter is 0, instead of 10. This means that any registered user of your blog will see this item in the menu in the console, and of course, he will be able to configure the plug-in as desired or even deactivate it.

    // action function for above hook
    function mt_add_pages() {
    add_options_page('php_speedy_wp.php', 'PHP Speedy', 0, $this->home_url, array(&$this, 'menu_system'));


    So if you are still using this plugin and you have registration open, be sure to correct this misunderstanding.

    Also popular now: