Forum Replies Created
-
AuthorPosts
-
PLAN8Customer
Looking forward to this being implemented natively!
PLAN8CustomerHi Alexander, Ahh! OK, thanks for the tip!
PLAN8CustomerAmazing! Thank you!
PLAN8CustomerAwesome – thanks!
PLAN8CustomerHi Yuri,
thanks for considering it!
PLAN8CustomerAh, I found it in the css file – can the option be added to the UI though please? Thanks!
PLAN8CustomerWell, maybe its a cache thing – I’ll do further testing
PLAN8CustomerHowever, it does appear that the puzzle in the configure application/transparent background is ignored in the wordpress app, but works in standard html
PLAN8CustomerI think I have figured it out – the original HDR had an apostrophe in the name, which the upload (using built in Verge uploader) seemed to have changed the apostrophe to a backslash – It could have been the server perhaps?)
Anyway, either way, it seems the simple way to avoid this is to have only simple characters in the title., but might be worth investigating why the filename was changed?
PLAN8CustomerSome great changes and additions there! Thanks.
Also, thank you very much for adding the ability to export the zip file free of backend design and puzzle files!
- This reply was modified 10 months, 1 week ago by PLAN8.
PLAN8CustomerHowever, as per my follow up messages after the OP, I still do think this highlights the absolutely essential requirement for V3D app manager to have the ability to locally export a “clean” set of application only required files (without any non application specific files)
We’ll definitely look at this also!
PLAN8CustomerHi,
We did some investigation and have some updates.
This looks scary on the first site, but in reality only privileged users can exploit this vulnerability (such as admins and sales staff).
I guess the guys who opened this issue just used some tool to scan the plugin code and posted the results.
Anyway, we are working to get rid of this issue altogether!
Hi Alexander, Thanks for the update. Yes, that’s actually how I interpreted the threat as well, and for me, as a sole admin, that wouldn’t really be a problem, but I guess for sites with multiple users, this could be alarming.
However, as per my follow up messages after the OP, I still do think this highlights the absolutely essential requirement for V3D app manager to have the ability to locally export a “clean” set of application only required files (without any non application specific files), so that the average user like myself can feel confident they are only uploading the required web app files and nothing else – this really is a super critical change as far as I am concerned.
Thanks for updating!
- This reply was modified 11 months, 2 weeks ago by PLAN8.
PLAN8CustomerPLAN8CustomerThanks Yuri
PLAN8CustomerMy non coder suggestion for an immediate fix to the vulnerability issue is that perhaps the wordpress app will only accept the required files for now, if the user wants to upload any extra file types, then perhaps the app could have a text entry box where the user can specify allowed file types to be uploaded above the basic required types.
Looking ahead, being able to export ONLY the HTML app files from the app manager (or to make a clear folder distinction between front end and back end files (IE the V3D app is stored in a totally separate folder from the working files)) is essential IMHO
-
AuthorPosts