Ok, so that AdNing plugin has another security vulnerability (even the newest 1.5.6), we just discovered. We will try to report that as well. But their whole upload/add/edit procedure is a tragedy. We advise to remove this plugin from server until they will clean up their security issues.
Thanks, we will make sure this gets fixed asap.
Yes, only images are allowed.
Not only images, appears that you can upload anything. Not even vidoes, but scripts, linux executables. I’ve also sent you an e-mail via PM here, can you reply to it, so that I could list you all issues in security.
You should have received a reply. Thanks
Hi, I did not received any reply.
You can just email to the email address you used. Thanks
It seems there’s a security vulnerability in the plugin …
Got error ‘PHP message: PHP Warning: move_uploaded_file(../Vuln.php): failed to open stream: Permission denied in …/wp-content/plugins/angwp/include/classes/ADNI_Uploader.php on line 171PHP message: PHP Warning: move_uploaded_file(): Unable to move ’/tmp/phpp9PjwC’ to ’../Vuln.php’ in …./public_html/wp-content/plugins/angwp/include/classes/ADNI_Uploader.php on line 171’
The plugin author needs to fix this security hole by validating the uploaded file properly, validating if the user has the required permission, authentication and the nonce token etc. Uploading rogue files is a major vulnerability that has the potential to do a lot of damage…
Could you let me know what is doable for that ?
Thanks in advance,
Hi, all uploaded files get validated true the default Wordpress nonce system. The error you mention is because the uploaded file has no supported format.
Hello there, we currently suspect this plugin has a security breach somewhere. We have 2 sites which were simultaneously hacked, which only shared this plugin.
Please update to v1.5.6
Hi. I have your plugin for two years.
Now i want to change the site that it is used on, and the license key is not valid.
I follow the instructions when uninstalling in the previous site, but it does not work.
I ask you to reset the license, and you want to force me to renew the support, because of security measures that you´ve created..
So not cool tuna…
I have a recommendation. I suspect many users of this plugin bought it so their advertising system can be more streamlined and less cumbersome of a workload.
However, I feel like I’m getting pinged every day or two to update. Obviously I can ignore these…and I do. But even the email I receive telling me to update makes me to come to Code Canyon, just to make sure I’m not missing an update that’s security oriented.
May I recommend that you follow a pattern of updating on a weekly basis or something, at the most? I hate having to jump over to this site frequently just to see what today’s update entails.
Note that you can turn off email notifications for updates of a specific item. At the bottom of each email you will find the link.
Once you no longer receive the emails you can start following an weekly, monthly,… update pattern yourself. Which would be exactly the same as when we would update our product once a week. Only difference is that this way we don’t need to limit the possibility for all other customers who do want to update whenever an update is available.
The reason why we do frequent updates is to improve our plugin the best we can. This way new options get tested right away and we can receive feedback from thousands of customers about possible issues or improvements. This makes it much easier for us to work and keep improving the plugin.
Trust me, I understand the desire to improve the plugin. I gave you 5 stars and I like the plugin generally speaking.
It’s just feedback as a customer. Take it or leave it. I can’t fathom any customer of any plugin wants to update any one plugin multiple times per week, that is a major productivity drag—and I see others have mentioned this.
Personally, I’d rather just switch to a plugin that’s comparable, stable and secure and I don’t have to scramble to see if today’s update plugs a major security hole.
I have buy license for plugin WP PRO ADVERTISING to use my site www.anexartitos.gr. After change security on my site from http to https the product WP PRO ADVERTISING is deactivate, and when put my license key display the message “This license has already been activated on http://www.anexartitos.gr". i want to tranfer my license to new address
Hi, your support license has been expired so you will not be able to use the license unless you renew it. Please note that activating the plugin is only necessary to receive premium support. All other functions keep working even if the plugin is not activated.
Love this plugin, everything is working great, except the ‘Get Code’ link. When I click it I get this:
Warning: require_once(../../../../../wp-config.php) [function.require-once]: failed to open stream: No such file or directory in /nfs/c10/h05/mnt/149524/domains/demo2.fantasticosports.com/html/fs_maxima/wp-content/plugins/wp_pro_ad_system/includes/thickbox_files/get_adzone_code.php on line 2
I think what it’s trying to tell me is that wp.config.php isn’t where it normally expects it, which is true. For security reasons, I have moved it. Anything I can do to resolve this?
How do you upgrade?
I have upgraded sorry for the request. but I have another problem. When I upload a swf file it does not upload it goes X and no size no file? whats wrong
Have a look here: Tuna Helpdesk Wordpress disabled SWF uploads since version 3.6. Make sure you allow SWF uploads.
when I add this code to the function.php my whole site goes blank
In that case you will need to find another way around to allow .swf uploads again.
Have a look at the official security fixes for the WP 3.6.+ under Summary -> Additional security hardening: Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default.
i am using wp 3.7.1 … any help on this?
Well its the same. The changes apply for all Wordpress versions higher than v3.6.1.
ok it worked. it will not work if you put the code in the /wp-content/functions.php you have to put this code into your theme functions.php
The piece of code to add to your functions.php works fine on my websites. I found it on the official Wordpress support forums. If it does not work for you you may need to start a topic on the official Wordpress support forums as this has nothing to see with the Advertising plugin.
its working fine now Like I said. I was adding this piece of code to the functions.php of wp itself … after I added this into the functions.php of my theme it worked like a charm
one more question. any way of changing the transition effects? of the ads?
No, This is not yet available.
tuna, having another problem. now I cnanot upload jpg files ... it lets me upload swf but no jpg anymore
Change the line
$mimes = array(‘swf’ => ‘application/x-shockwave-flash’);
$mimes[‘swf’] = ‘application/x-shockwave-flash’;
jesus cant upload swf files again .. wtf
This has nothing to see with the plugin. It’s Wordpress who disabled .swf uploads since version 3.6.+. If you need help please start a topic on the official Wordpress support forums. Thanks.
ok after going around and trying everything this plugin fixed it (not trying to advertise because I have no contact or anything) just saying for people who are having the same problem as me. this plugin allowed me to upload swf and jpg all good now the plugin name is: AP Extended Mime Types its free on wp
Hi there. I just bought this plugin in order to show flashbanners on my newsportal. However, when I have selected a flashbanner, and filled out the forms I get this message shown below – as no banner was selected in the first place. Do you why this problem?
Warning: getimagesize(): Filename cannot be empty in /customers/1/3/8/rogvi.net/httpd.www/online/politikkur/wp-content/plugins/wp_pro_ad_system/templates/pages/banners.php on line 614 x
please email me including a link to your website and admin logins for support. Thanks.
thanks. problem is your website does not allow .swf files to be uploaded. Error: “Sorry, this file type is not permitted for security reasons”.
You will need to make sure you can upload swf files. thanks.
Just purchased WP Pro Advertising along with Buy and Sell Ads add-on and loving it so far!
Is there any way to setup ad packages? So when an advertiser buys an ad space they can select options to purchase it for 30 days, 6 months, or a year, and purchase a package for multiple ad spaces at a discount? I have different ads positioned on different pages of my site based on city, whereas my home page is another section to position an ad by the same advertisers if they so choose so providing a special rate or ad package would help. Also I want to provide a special (incentive) rates for duration of the ad postings. I am using the Buy Sell Ads with PayPal (eventually may use Stripe) as my site is not PCI-DSS compliant so I do not want collect credit card payment via my site directly for security purposes. Is there a way I can do what I need within the Buy Sell add-on purchased? Does the Woo Commerce Buy Sell add-on allow this functionality, setup ad packages with PayPal (and Stripe) and above payment options?
Ad packages are something we are working on. for both the Buy and Sell Add-On and the Buy and Sell Woocommerce Add-On.
OK thank you. I look forward to that feature.
Hi, When with WP_Debug ON in Back End I have the errors below:
Warning: getimagesize() [function.getimagesize]: http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /nfs/c07/h01/mnt/178872/domains/ibrasurf.com.br/html/wp-content/plugins/wp_pro_ad_system/classes/Pro_ads_Banners.php on line 25
Warning: getimagesize(http://www.ibrasurf.com.br/wp-content/uploads/2013/11/c412704340cb6c73069a141d0ff888ed.png) [function.getimagesize]: failed to open stream: no suitable wrapper could be found in /nfs/c07/h01/mnt/178872/domains/ibrasurf.com.br/html/wp-content/plugins/wp_pro_ad_system/classes/Pro_ads_Banners.php on line 25
Also the Flash Banner is not working. When I upload it not show up in the list or preview
Also the column list that show the size is not working since about 3 updates ago…...it just show “x”
Any clue about this problems?!
getimagesize() is a server configuration. It has nothing to see with the plugin. Make sure your server does allow the getimagesize() function.
For flash banners make sure your WP version does allow SWF uploads. As since version 3.6 dis has been disabled by default. have a look here: Tuna Helpdesk
HI, please, I’m trying to use your plugin but when I Activate and go to the plugin Page settings are all texts with no styling…must me some conflict…..could you have a look at it?! Please!?
Hi forget….its working now! Thanks
I may have found a fix for this. Please email me. thanks.
Warning: getimagesize() [function.getimagesize]: URL file-access is disabled in the server configuration in /data/13/1/126/23/1289675/user/1380122/htdocs/wp-content/plugins/wp_pro_ad_system/templates/pages/banners.php on line 618
Warning: getimagesize(http://01ee760.netsolhost.com/wp-content/uploads/2012/02/bjrentals.gif) [function.getimagesize]: failed to open stream: no suitable wrapper could be found in /data/13/1/126/23/1289675/user/1380122/htdocs/wp-content/plugins/wp_pro_ad_system/templates/pages/banners.php on line 618
You need to contact your hosting provider. and ask them to allow the function getimagesize().
The errors mentioned… manifest themselves when your website is attempting to retrieve outside web URLs. The solution is to use the PHP Curl library to do so instead, which is more secure. How you use PHP ‘s Curl library to circumvent this issue depends on which warning you’ve received.
ALSO, i sent a message through your contact form TF page regarding being able to add WP users & Advertisers (using the add-on which i also purchased)... ? Did you get that ?
Basically for the Buy and Sell add on… I want to use it so customers can sign in and view their stats. However, I don’t want to allow people to upload their own ads. How can one sleep at night wondering what someone else is going to advertise on the site?
It is a little strange because… the only way a person gets added as an advertiser is if there is an empty zone and they click on the ad space and subscribe as an advertiser.
I want to add a WP user.
Then add that user as an advertiser.
Then send the login information to the client and they can login to view stats.
I suppose I can work out some sort of system to register and subscribe the user myself, and upload the ad. However, how can I disable the client being able to create new campaigns, add banners, upload images…
when i was testing out if i could do this. i could even overwrite someone’s ad that was already in place… This would not be a problem if they are rotating images in this ad zone. however, i don’t have rotating images setup.
So, there lies another problem with advertisers being able to upload their own ad. they can choose an ad zone and it replaces someone’s banner.
your thoughts are appreciated. thanks.
I can see where collecting payments might be handy.
But, i can’t allow clients to be uploading their own unapproved ads to the site.
Quick question: is it yet possible to import settings from the old version of this plugin?
no, and this will never become possible. The new system is to much different from the old one, its just impossible to do as there would be to much settings missing.
Five months ago, when I asked about importing old data, you said: “There are plans to make an export/import file to transfer all data but currently our main focus is still on the main plugin itself.” Seriously, no way to even import the campaigns, banners and URLs? Obviously, new settings would have to be done from scratch, but I’m surprised that you would require old customers to start all over again.
Thats right, 5 months ago we where looking in to this but soon we found out it would not be useful to only import the titles and nothing more. The new plugin is just to different from the old one. Anyway the old plugin still works perfectly fine so if you don’t want to start from scratch you can just keep on using it.
>> we found out it would not be useful to only import the titles and nothing more.
I would be useful in that it would save a LOT of time in reuploading all the banners from scratch, and associating them with URLs and campaigns.
>> Anyway the old plugin still works perfectly fine so if you don’t want to start from scratch you can just keep on using it.
Yes it works, but presumably won’t get security fixes (if any are needed), bug fixes or new features.
So basically, old customers are screwed. Either spend a lot of time starting over, or use an old system which won’t be updated.
Sorry, I don’t mean to be unpleasant, but I find it somehow wrong that you think it is OK to just have people throw away many hours of work and start over, without offering at least something by way of help in migration (ie, import of old data). I certainly cannot recommend this product to others, if you consider this acceptable.
When we first created the plugin things weren’t yet like these days. Plugins where not yet getting integrated with Wordpress like it should be done today.
In order to improve the plugin we had to start from scratch change the code and integrate it into Wordpress 100%. We had 2 options. Create a completely new plugin or update the existing plugin. We decided to update the plugin so that our customers who bought the plugin before version 4.0 would have the change to download it as well! knowing that they would have to start from scratch if they chose to upgrade to the new version.
Most of our customers (not to say all of them, except 1) are very happy with this choice and greatly appreciate the update.
I’m sorry if you think we made the wrong choice. But like always you never can do good for everyone.
The wrong choice was not creating at least a partial import/upgrade option.
But I’ve said what I had to say. Thank you for your time.
Why does your support system need these permissions (others seem to be OK):
View your name, location and account balance
View your account financial history
Download the items you’ve purchased
View your items’ sales history
Verify purchases of your items
Permissions are needed to verify users purchases. as we only supply support for our customers.
But in addition to these, there already is this permission: “View your purchases of the app creator’s items”. I don’t know why you would need to know my balance, see what transactions I have made, download apps that I have purchased, see what I have sold in the past???
We off course don’t need tho get all of the info and that info is not getting used by our system. We just need some more specific data to verify the purchase and to allow automatic plugin updates than only the “View your purchases of the app creator’s items” data.
What is this data? Please only ask permissions for that and nothing else. Privacy and security is not a small thing for customers. There is no way you need e.g. “View your account financial history” or”View your items’ sales history” to verify our purchase of your items.
Sure buts its currently not possible using the API. We need some specific options from the “Private user details” option and unfortunatly all these options like account balance, sales history, ... all come under the same option. Please have a look here: https://build.envato.com/api/ to have a better idea how things are divided.
I did check this before posting and no they don’t. You can choose the scope that you request when you register the App: https://build.envato.com/register/ . You should know this as your app does not request two of these permissions so you’ve left them unchecked when registering the app.
well, that’s all info I got from the developers. I have no further details about the app. I will contact them and ask some more info. thanks.
Good. I hope you’ll get this fixed ASAP so I can continue to use your support and products.
Any news on whether or not you’ll get this fixed? We’re not able to use your support system before this is done and we have one bug pending….
Yes, they removed unnecessary items.
Thanks, but now I get “Error creating user.” I used to have support account before the new authentication.
Please try again. anyone else is registering successfully so it must have been a temporary problem. No problem if you already have an account even if it uses the same email it will just log you in again.
Hi, I tried twice and received the same problem “Error creating user.”. There is a var_dump at the top of the page saying: Array (  => Could not get bearer, please contact admin ).
Use, by you or one client, in a single end product which end users are not charged for. The total price includes the item price and a buyer fee.
Use, by you or one client, in a single end product which end users can be charged for. The total price includes the item price and a buyer fee.
View license details
Price is in US dollars. Price displayed excludes sales tax.
Deliver better projects faster. Web, design & video assets
Unlimited downloads, from $16.50/month
Effortless design and video. Made online by you.
Smart templates ready for any skill level.
Designers matched perfectly to
you on Envato Studio
2000 artists ready to undertake your work