This update includes an important security fix for AdRotate. Update as soon as possible. New PHP Snippet syntax. Inline adverts are now easier to set up and manage. And a ton of other fixes and tweaks.
New PHP Syntax
The PHP snippet syntax has been reworked and now scales better to new features.
Mainly the confusing
adrotate_group(1, 0, 2);
has been replaced with a more user friendly array of options.
To show a group with a fallback, you’ll now use this. Much easier to interpret and use.
echo adrotate_group('6', array('fallback' => '4'));
The old syntax is no longer supported. So check the manual and update your code as soon as possible.
The first feature to be added is inline adverts – That is, regular adverts without a wrapper.
This also works for Shortcodes.
For PHP snippets that looks like this:
echo adrotate_ad('4', array('wrapper' => 'no'));
And for Shortcodes:
Again, check the manual for more details and code examples.
Finally! You can now create top-level folders in the AdRotate Banners folder from your dashboard. This should help with managing assets a bit better. Check out the Media Manager to see the new option.
A little while ago Nguyen Anh Tien from a security firm emailed me that he had discovered a potential flaw in AdRotate. This vulnerability also extends to AdRotate Professional.
Turns out that certain URLs passing variables can be exploited in one way or another.
These urls require admin access to use. There is currently no evidence or sign that the exploit has been used.
While the risk is low/medium. No risk is better. So update as soon as possible.
Changes in AdRotate Banner Manager 5.8.4
- [CAUTION] PHP snippet syntax has changed, check manual!
- [new] License validity available in your Dashboard
- [new] Remove wrapper code from advert for inline use with PHP
- [new] Remove wrapper code from advert for inline use with Shortcode
- [new] Create folders from the Media Manager
- [change] Geo Lookup requests for may now take up to 5 seconds
- [fix] Faulty ; in the group CSS output for margins
- [fix] Plugin updates not always showing without an active license
- [fix] Check for update when activating license
- [fix] Possible SQL injection vulnerability for certain urls
- [fix] Improved MySQL 8 compatibility
- [fix] Improved error handling for AdRotate Geo
- [fix] Advertisers no longer create empty ads when adding new adverts
- [api] Updated license (de)activation routine
- [api] Smaller data size for update checks and Geotargeting (faster)
- [api] Requests may now take up to 5 seconds (up from 2 seconds)
- [api] Clearer status message for invalid and expired licenses
- [api] More accurate latency calculation