Skip to:

Re: Plugin: Plugin browser for bbPress

Sam Bauers


> update: actually this is not directly your fault, though you are trying to use a bb-admin function that was meant for local file access to do remote file access?

If you check the short “to do” list at the top of the plugin you’ll see that I plan to address that issue in the future. I might just copy and paste the code from that internal function and then hack in my own curl/fopen alternative function.

> If I am not mistaken, you just found a bbpress security loophole.

Explain your concerns, how do you think this would be exploited? If it can be we should patch it up.

> ps. any concerns about eventually 2,000-20,000 bbpress users hammering the svn with so many file downloads to examine all the plugin headers?

36 downloads so far, let’s start worrying at 1,000

Skip to toolbar