Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   New Versions, & Updating (http://forum.bytesforall.com/forumdisplay.php?f=12)
-   -   Php 7.2 (http://forum.bytesforall.com/showthread.php?t=24056)

thetravelchronicle Apr 25, 2019 12:26 PM

Php 7.2
 
I just ran a PHP compatibility checker and got this warning in regard to Atahualpa:

"Use of deprecated PHP4 style class constructor is not supported since PHP 7."

If I've ever used a PHP4 style class constructor I didn't know about it. Since this is the only warning (re: Atahualpa), should I try updating my site's PHP version?

juggledad Apr 27, 2019 01:51 PM

I run with php7.2.6 and haven’t seen any problems

thetravelchronicle Jun 2, 2019 12:20 PM

Thanks for that. My host updated without me about two weeks later, and you eliminated any stress level.

Moving along, Sitelock tells me there is a theme vulnerability. For your information:

Atahualpa 3.7.24

Severity: Medium

Category: xss

Summary: Atahualpa Theme - Authenticated Cross-Site Scripting (XSS)

Description: Providing any of the following fields with string such as: "><script>alert(1);</script> results in the script element getting appended after the respective input element when the request returns from the server: "comment_feed_link", "home_cat_menu_bar", "email_subscribe_link", "home_single_next_prev", "email_subscribe_link_title", "feedburner_email_id", "excerpt_length", "page_menu_bar_link_color", "cat_menu_bar_background_color_parent", "cat_menu_bar_link_color", "left_col_pages_exclude", "widget_lists link-hover-color", "left_col2_cats_exclude" The solution to this issue is to encode as html all the user-provided parameters before they are returned to the browser.

juggledad Jun 3, 2019 12:53 PM

Hmmm yeah, I don't think that will ever be fixed unless someone wants to pay for the effort. Sorry.


All times are GMT -6. The time now is 12:57 PM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.