Update 08/23/12: I received a tweet this evening from Lucas that he had fixed the issues related to WordPress search leaking content from drafts and trash. I have sent him some additional information related to the issues we’ve been experiencing w/ IE recently, I’m hoping we can get that resolved as well. I’m setting up an identical sandbox environment (themes, plugins, etc.) so hopefully it will help him track down the issue. I’m really excited about these tweaks w/ the Ether Builder Plugin because it’s honestly one of my favorite plugins to come along in a long time.
https://twitter.com/weszrick/status/238382943117127680
Update 08/22/12: I received a tweet from the Ether Plugin Developer and he never received my email from the most recent set of issues I’ve had w/ the Ether Builder Plugin. I’m going to get back to him this evening w/ a list of the issues we’ve been having w/ the plugin and hopefully get everything resolved. Stay tuned…
https://twitter.com/weszrick/status/238270104238960640
Okay so I located a bug / security hole in Ether Builder this evening that I wanted to share because I feel it’s somewhat of a big deal in that w/ the Ether Builder plugin activated the standard wordpress site search will return unpublished drafts and trash as results when queried. The indicator that this issue had something to do w/ Ether Builder came from an error message that posted on top of the search results page:
Warning: preg_replace(): Unknown modifier ‘r’ in /usr/local/www/apache22/vhosts-user/username/domain.com/data/wp-content/plugins/ether-builder/modules/builder.php on line 730
The support forum located on the Ether Builder plugin doesn’t allow for me to post and the only other alternative is for me to email the developer or try to contact them on IRC so I’m pretty much going to walk away from the project at this time. I did however want to let everyone know that might have been evaluating this plugin based on one of my recent talks at wordcamp(s) that this hole existed.
If you look at line 730 in the builder.php file you will find:
I’ve submitted my findings to the email address provided for the developer, as I have in the past regarding rendering issues w/ IE, but I have yet to receive a response. I would sure like to see this project concept picked up by a group and released as a non-premium plugin somewhere like Github where we could contribute code revisions toward it. It’s an awesome idea.
Questions or Comments?