Blog Post

GD Star Rating 1.9.9

This is officially last version of the old 1.9 branch of GD Star Rating plugin. This version is improving plugin security with additional filtering of all AJAX received voting and rendering requests. GDSR 2.0 development is well under way, with public alpha expected in about 3 weeks.

Widget for rating results had minor bug with display of Bayesian ratings and that is fixed. But, major change is handling of data received through AJAX for cached rendering and voting. Last week a SQL injection exploit is reported that could return admin user name, email and hashed password. Injection was very hard to reproduce since it requires very specific conditions, and it took me a while to get it myself, but still, it had to be fixed. More info on this SQL injection is here:
http://pressecure.com/2011/06/09/gd-star-rating-sql-injection/.

To prevent further similar problems, plugin will additional check each request for SQL keywords (select, union…), it will validate each piece of received info for valid value, stripping data that can be attached to integer values, preventing anything suspicious to pass to the code that handles database queries. Also, nonce protection is now active always, setting for it will be disregarded by the plugin.

Please, update to this latest version just in case, to prevent potential problems.

Please wait...

About the author

Milan Petrovic
Milan Petrovic

CEO and Lead developer of Dev4Press Web Development company, working with WordPress since 2008, first as a freelancer, later founding own development company. Author of more than 250 plugins and more than 20 themes.

Subscribe to Dev4Press Newsletter

Get the latest announcements, release digests, promotions and exclusive discounts, and general Dev4Press-related news straight into your mailbox.


This form collects your email (optionally your name) for the purpose of sending you newsletters. Check out our Privacy Policy for more information on how we store and manage your data. We will not send you any spam. Newsletters are sent 2 to 4 times every month.

Latest From The Blog

license management

License Code Validation and Management

Dev4Press License validation system updates will soon be deployed, including license code management via the Dev4Press Account Dashboard. All updates will be deployed on April 14, 2024.
panel options

In Development: SweepPress Pro 5.0 and Lite 3.0

In about two weeks, brand new, significant updates to SweepPress Pro and Lite plugins will be released, bringing several game-changing features to WordPress cleanup and maintenance tools already included.

GD Press Tools Pro 6.3

The new major release for GD Press Tools Pro, version 6.2 is here, and it brings some major changes. First of all, the plugin has two addons less, one addon is added and one more addon has been deprecated (but still included for now).

2 thoughts on “GD Star Rating 1.9.9”

  1. Zdravo Milan,

    Will you be able to update automatically from 1.9.9 to 2.0 or do you need to reinstall the plugin and transfer the data?

    Thanks for a great plugin!

    Please wait...
    • I have announced many times before. New plugin is NOT compatible with new one in any respect. New plugin will have tool to convert old data to new format.

      Please wait...

Comments are closed.

WP Rocket - Make WordPress Load Fast in a Few Clicks
SiteGround - Managed WordPress Hosting
0
0
0
0
0
0