Forum Replies Created
-
AuthorPosts
-
PLAN8Customer
Hi Alexander, Ahh! OK, thanks for the tip!
PLAN8CustomerAmazing! Thank you!
PLAN8CustomerAwesome – thanks!
PLAN8CustomerHi Yuri,
thanks for considering it!
PLAN8CustomerAh, I found it in the css file – can the option be added to the UI though please? Thanks!
PLAN8CustomerWell, maybe its a cache thing – I’ll do further testing
PLAN8CustomerHowever, it does appear that the puzzle in the configure application/transparent background is ignored in the wordpress app, but works in standard html
PLAN8CustomerI think I have figured it out – the original HDR had an apostrophe in the name, which the upload (using built in Verge uploader) seemed to have changed the apostrophe to a backslash – It could have been the server perhaps?)
Anyway, either way, it seems the simple way to avoid this is to have only simple characters in the title., but might be worth investigating why the filename was changed?
PLAN8CustomerSome great changes and additions there! Thanks.
Also, thank you very much for adding the ability to export the zip file free of backend design and puzzle files!
- This reply was modified 2 months, 2 weeks ago by PLAN8.
PLAN8CustomerHowever, as per my follow up messages after the OP, I still do think this highlights the absolutely essential requirement for V3D app manager to have the ability to locally export a “clean” set of application only required files (without any non application specific files)
We’ll definitely look at this also!
PLAN8CustomerHi,
We did some investigation and have some updates.
This looks scary on the first site, but in reality only privileged users can exploit this vulnerability (such as admins and sales staff).
I guess the guys who opened this issue just used some tool to scan the plugin code and posted the results.
Anyway, we are working to get rid of this issue altogether!
Hi Alexander, Thanks for the update. Yes, that’s actually how I interpreted the threat as well, and for me, as a sole admin, that wouldn’t really be a problem, but I guess for sites with multiple users, this could be alarming.
However, as per my follow up messages after the OP, I still do think this highlights the absolutely essential requirement for V3D app manager to have the ability to locally export a “clean” set of application only required files (without any non application specific files), so that the average user like myself can feel confident they are only uploading the required web app files and nothing else – this really is a super critical change as far as I am concerned.
Thanks for updating!
- This reply was modified 3 months, 2 weeks ago by PLAN8.
PLAN8CustomerPLAN8CustomerThanks Yuri
PLAN8CustomerMy non coder suggestion for an immediate fix to the vulnerability issue is that perhaps the wordpress app will only accept the required files for now, if the user wants to upload any extra file types, then perhaps the app could have a text entry box where the user can specify allowed file types to be uploaded above the basic required types.
Looking ahead, being able to export ONLY the HTML app files from the app manager (or to make a clear folder distinction between front end and back end files (IE the V3D app is stored in a totally separate folder from the working files)) is essential IMHO
PLAN8CustomerThis flags up my previous repeated requests for the V3D export locally option to ONLY export the essential required HTML app files and none of the V3D, Blender and other unused files –
As a non-coder, the export locally option is very un “Artist Friendly”, as there is no clear explanation as to which files are required for the HTML app only – it is not an easy task at all to go through the exported files and try and work out what are the actual HTML app files, and what are the puzzle files and blender files etc –
PLEASE can you make the export locally option respect the option that is made checkable in the app manager “general settings”? I really don’t understand why this hasn’t been done – it makes no sense at all, and now with this vulnerability issue, it would help resolve this if the upload app manager in WordPress was only uploading a known set of file types because the exported app locally only contains the required files for a website. If that makes sense?
Attachments:
You must be logged in to view attached files. -
AuthorPosts