KrownThemes saidCome on Stephen, please educate your reviewers about this issue. They rejected our theme again for using the TGM 2.4.1 class
Hey Ruben,
Which theme? I canāt see it. Feel free to send me a message about it and Iāll investigate.
Were you using the 2.4.1 hotfix version with the security fix, or the develop version with the 2.4.1 hotfix and the bulk install fix?
Cheers,
Stephen
StephenCronin saidKrownThemes saidCome on Stephen, please educate your reviewers about this issue. They rejected our theme again for using the TGM 2.4.1 class
Hey Ruben,
Which theme? I canāt see it. Feel free to send me a message about it and Iāll investigate.
Were you using the 2.4.1 hotfix version with the security fix, or the develop version with the 2.4.1 hotfix and the bulk install fix?
Cheers,
Stephen
Itās not on my account, itās on this one: http://themeforest.net/item/lobo-portfolio-for-freelancers-agencies/7762848
We were using the 2.4.0 version which was available yesterday evening when we did the update. 2.4.1 only appeared this morningā¦
meanthemes saidwebcreations907 saidItās in the hotfix branch.
https://github.com/thomasgriffin/TGM-Plugin-Activation/tree/hotfix/2.4.1
Lovely, so the answer wasā¦ yes I was missing something
Thanks by the way
Thanks for the link, I didnāt see it at first. Iām just wondering whether the hotfix branch is āstableā enough to be applied to themes? There was bulk installation error but it seems to be fixed in the latest update (5 hours ago). Any other issues in this hotfix?
Thanks.
KrownThemes saidCome on Stephen, please educate your reviewers about this issue. They rejected our theme again for using the TGM 2.4.1 class
Sorry for the confusion, can you please resubmit the updates? We will proceed asap.
billyf saidmeanthemes saidwebcreations907 saidItās in the hotfix branch.
https://github.com/thomasgriffin/TGM-Plugin-Activation/tree/hotfix/2.4.1
Lovely, so the answer wasā¦ yes I was missing something
Thanks by the way
Thanks for the link, I didnāt see it at first. Iām just wondering whether the hotfix branch is āstableā enough to be applied to themes? There was bulk installation error but it seems to be fixed in the latest update (5 hours ago). Any other issues in this hotfix?
Thanks.
Right now the develop branch seems to be the best choice - it has the security patch and the bulk install fix. As they make more changes to this branch it may not be the best choice, but right now, today, it looks like it.
Thanks for the info!
webcreations907 saidItās in the hotfix branch.
https://github.com/thomasgriffin/TGM-Plugin-Activation/tree/hotfix/2.4.1
There is still an error on this version;
EDIT:
Sorry, that error has been fixed but Iām still getting the following error;
āFatal error: Class āTGM_Bulk_Installerā not found in ā¦/includes/class-tgm-plugin-activation.php on line 1586ā
Has anyone tried this version?
Noted.
egemenerd saidwebcreations907 saidItās in the hotfix branch.
https://github.com/thomasgriffin/TGM-Plugin-Activation/tree/hotfix/2.4.1
There is still an error on this version;
EDIT:
Sorry, that error has been fixed but Iām still getting the following error;
āFatal error: Class āTGM_Bulk_Installerā not found in ā¦/includes/class-tgm-plugin-activation.php on line 1586ā
Has anyone tried this version?
Think that was fixed in the Develop branch(link below) as StephenCronin said, which includes the bulk fix from the hotfix/2.4.1.
I just tested and didnāt notice the fatal error you had got.
Make sure to watch the master branch though 
webcreations907 saidegemenerd saidwebcreations907 saidItās in the hotfix branch.
https://github.com/thomasgriffin/TGM-Plugin-Activation/tree/hotfix/2.4.1
There is still an error on this version;
EDIT:
Sorry, that error has been fixed but Iām still getting the following error;
āFatal error: Class āTGM_Bulk_Installerā not found in ā¦/includes/class-tgm-plugin-activation.php on line 1586ā
Has anyone tried this version?
Think that was fixed in the Develop branch(link below) as StephenCronin said, which includes the bulk fix from the hotfix/2.4.1.
I just tested and didnāt notice the fatal error you had got.
Make sure to watch the master branch though
Thanks webcreations907. I just tested develop branch and youāre right, I didnāt get a fatal error at this time but there is another issue now;
Link is something like āā¦/wp-admin/?page=mytheme-install-required-pluginsā but it should be āwp-admin/themes.php?page=mytheme-install-required-pluginsā. It works if I edit the link manually. Did you notice any problem like that?
@StephenCronin since TGMPA was the preferred solution provided by Envato when we initially had the āfunctionality in pluginsā debate a while ago, please donāt do the same as what happened with the Revslider issues a while ago and start disabling themes left right and center, give authors the time needed to make these updates.
Also, this needs announcing on the author dashboard, not many authors actually come though these forums.
Is anyone else getting the permissions error on a multisite setup when trying to install or activate a plugin using TGM? Iāve seen the issue posted on the TGM Github a few times dating as far back as last March.
EugeneO saidIs anyone else getting the permissions error on a multisite setup when trying to install or activate a plugin using TGM? Iāve seen the issue posted on the TGM Github a few times dating as far back as last March.
Yap, been getting this for a long while now.
EugeneO saidIs anyone else getting the permissions error on a multisite setup when trying to install or activate a plugin using TGM? Iāve seen the issue posted on the TGM Github a few times dating as far back as last March.
Yeah, it doesnāt work on a multisite.
egemenerd saidLink is something like āā¦/wp-admin/?page=mytheme-install-required-pluginsā but it should be āwp-admin/themes.php?page=mytheme-install-required-pluginsā. It works if I edit the link manually. Did you notice any problem like that?
TGM v2.4.1 - Same error as in screenshot for bulk install.
Hi All,
I just updated the original post with the following:
OptionTree
If you use OptionTree, then although this does use add_query_arg and remove_query_arg, we are confident that none of the instances can be exploited. There will be an update that escapes these functions in future that you should include in your item, but you should not delay updating your items waiting for this.
UPDATE: Version 2.5.4 of this plugin has been released and is now available from the WordPress plugin directory. This version escapes all instances of the functions and also fixes the term splitting issue for WordPress 4.2 (due to released very soon). Please update your items to use this version.
Now Iām confused on which file should useā¦
this one: https://github.com/thomasgriffin/TGM-Plugin-Activation/blob/hotfix/2.4.1/class-tgm-plugin-activation.php (with 2204 lines) updated 14 hours ago
or
this one: https://github.com/thomasgriffin/TGM-Plugin-Activation/blob/develop/class-tgm-plugin-activation.php (with 2310 lines) - updated 5 hours ago
both are v2.4.1
Hello,
Can anyone explain me why we should care XSS attacks? It is not persistent right?This will not give access to server to modify the website page for all users. It will only affect on the browser who visits the link with malicious script? This can be easily identified right?
Iām not a WP Dev, I have read all XSS related stuff. But I donāt see a real life situation where this is harmful.
So, Is there any real world examples, an XSS attack can be harmful?
Any help would be appreciated.
surjithctly saidHello,
Can anyone explain me why we should care XSS attacks? It is not persistent right?This will not give access to server to modify the website page for all users. It will only affect on the browser who visits the link with malicious script? This can be easily identified right?
Iām not a WP Dev, I have read all XSS related stuff. But I donāt see a real life situation where this is harmful.
So, Is there any real world examples, an XSS attack can be harmful?
Any help would be appreciated.
How about redirecting your users to malicious websites using jsā¦
Anyway, this TGM situation isnāt that bad because the attacker must be an admin or have similar privileges to do something bad to your website.
