New minor revision, the latest GD bbPress Toolbox Pro 3.8.3 brings many new fixes and updates for bugs reported in the past few days, mostly related to JavaScript code and features that use it: BBCodes, Signature editor and Quotes.
Many of the included third party jQuery libraries are updated in this version. Issues with the JavaScript code related to missing semicolon are also fixed. Problems with embedded code for Quote in TinyMCE when cursor get’s stuck inside HTML quote is also fixed, just like the issue with some BBCode toolbar buttons. Problem with the signature editing using BBCode toolbar is also fixed.
False malware detection
All my plugins JavaScript files are minified using standard minification process with Dean Edwards algorithm used in almost all every minification tools available. It saves more than 60% on each JavaScript file size. This includes GD bbPress Toolbox Pro, and it is done since the very first version of the plugin to deliver small JavaScript files.
Few days ago one of the plugin users informed me that Sucuri Scanner reported as malware main JavaScript file in GD bbPress Toolbox Pro. But, only minified file is reported as a problem. I have done tests with Sucuri and other malware scanners to determine what the issue is. When render.min.js file is scanned with Sucuri it returns malware warning pointing to ‘MW:JS:GEN2’ malware. Scanning uncompressed version of the file render.js, reports that no malware is found. Upon examination of the reported malware, I have determined that it is false report, considering that my compressed and minified code has nothing in common with the malware information provided by Sucuri. I have tested both render.js and render.min.js with many malware scanners other than Sucuri (both online and antivirus software) and found no malware. Only Sucuri reports it and only in render.min.js. So far, all points to false positive that can happen with minified files.
Now, I have minified render.js again, but a portion of the code is minified with only Shrink Variables method, and for this new render.min.js, Sucuri is no longer reporting malware. This new file is now included in the GD bbPress Toolbox Pro 3.8.3. This points to a problem with Sucuri scanner and I have contacted Sucuri Labs to resolve the issue and determine why their scanner returns false malware report for this file, and only when minified. I will let you know how that goes. Right now important thing to know is that the plugin is safe, containing no malware. To avoid malware reports from Sucuri, new plugin version contains differently minified file.
And, if you find any other issues with this or any of Dev4Press other plugins, please let me know as soon as possible.
Edit on September 11 2015:
Sucuri has responded to the false positive report, and adjusted their detection engine to this detection error, and from now on it should not report false positive malware for this plugin.
Version 4.0
Development of version 4.0 is well underway now, and list of planned features is expanded further to include few new ideas. You can check out this post to learn more on what to expect in 4.0.
Sucuri has responded to the false positive report, and addjusted their detection engine to this detection error, and from now on it should not report false positive malware for this plugin.