This release includes a number of small tweaks and fixes to better implement WP nonce security and some dashboard changes for maintenance features.
More importantly a unused variable causing an error has been removed. This improves the rendering of stats graphs. Running maintenance tasks now triggers the confirmation notification properly now. This makes the functioning of these functions more visible.
Some older maintenance tools were removed as they’re no longer needed for the functioning of AdRotate Banner Manager. This made AdRotate Banner Manager a bit more lightweight, but also simplifies the Maintenance dashboard by quite a bit.
AdRotate Banner Manager is tested to work on WordPress 6.1 and ClassicPress 1.4+.
Why is this a pointless release?
It’s not really. But at the same time this is a sort of forced update to fix an issue created by ‘security researchers’ (as they happily call themselves). Patchstack are the latest offenders in a long line of inconsiderate d*ckheads pestering people with benign non-issues forcing their ways on the community without a care for the widespread paranoia they create.
I despise the attitude of these companies – Their flawed reasoning, inconsiderate actions for things like this, and just flawed everything really. *sigh*
Anyway, a few months ago I was approached by some random guy who, I thought, was just trying to score credits for a supposed security flaw. I had never heard of them, or him, had no idea who pacthstack are and sort of figured they’re just a bunch of nerds trying to prove themselves, whatever, right?
But, any report should taken seriously so I tested his findings discovered that while his findings were correct in this instance it posed no issues due to the nature of the functions ‘affected’ and the highly privileged nature of the trigger mechanism. There was nothing to exploir, nothing to interact with, just the risk of running a maintenance function – Which isn’t bad.
Concluding there was no security issue, no changes were required and I informed the guy and left it at that. I never heard from them again.
Then on November 11 they posted their report, which got picked up by WordFence and some other platforms which labeled this a critical security issue and suddenly I was in hot water to make changes for something that isn’t an issue. Weekend ruined because users kept emailing me about it. WordFence even going so far as to recommend uninstalling AdRotate as shown by one user… What the f*ck!?
Anyway, the highly critical fix which fixes nothing of value is included in this update. Yay! You can be ‘safe’ once more… Whoop-di-doo!
Changes in AdRotate 5.9.1
- [fix] Removed unused $archive variable from stats
- [fix] Nonce verification for certain maintenance buttons
- [fix] Status indicators for maintenance functions
- [change] Removed unused maintenance function
- [i18n] Updated translations