Archive

Archive for the ‘troubleshooting’ Category

Enabling RSS URLs Creates a Security Hole

March 10th, 2013 No comments

(Since version 2.5.1)

RSS URLs do required you to login to access them by default. You can create RSS URLs to add to any RSS feed reader to show some of all of the contents of a form. But to make it work with a feed reader that doesn’t allow you to login, you have to make such URLs publicly accessible.

How to Generate an RSS URL

Go to the WordPress administration page,

  • Contact Form DB -> Short Code
  • Choose a form
  • Choose “Export File” = “RSS
  • Choose a form fields for the “Item Title” (title for each item in RSS list)

This will display a URL that you can use as an RSS feed. But by default you must log into WordPress for the URL to work. Some RSS readers will not be able to use this URL because they cannot login. The URL is secure

How to Turn off Security

This creates a security hole whereby a savvy person could see (but not change) all the saved form data in your databaseIf someone knows or can guess one of your form names, they can easily work out the RSS URL needed to show the form’s data.

If you want to make RSS URLs like this publicly accessible, then go to the WordPress administration page,

  • Contact Form DB -> Options,
  • set “AllowRSS URLs” = “true

This option makes all RSS URLs that you could possibly generate publicly accessible. All form data can be viewed, it is only a matter of creating the right URL.

 

Categories: export, tips, troubleshooting Tags:

Avoiding “_wpcf7″ Fields

February 10th, 2012 13 comments

For Contact Form 7 Users: a recent update of the Contact Form 7 plugin seems to have added several new meta fields to form submissions. These automatically get saved by the CFDB plugin. If you look on the Database page in your administration panel,  you will see extra fields associated with new submissions:

_wpcf7,_wpcf7_version,_wpcf7_unit_tag,_wpnonce,_wpcf7_is_ajax_call

You may view these fields as unwanted clutter.

To avoid saving these fields, go to the Database Options page,  and paste the list of fields in the following:

 

Update

Since regular expressions can now be used in this field, you can achieve the same effect but putting in this:

/.*wpcf7.*/,_wpnonce

 

Categories: tips, troubleshooting Tags: