wp-SwimTeam v1.45 released

Today I released wp-SwimTeam v1.45 which fixes a possible security problem I was alerted to as well as addresses a number of bugs.  The CSV roster export bug was the primary issue holding up getting this release out, I fixed the security problem last week.

It turns out I had implemented a method in both a parent class and (redundantly) in a child class as well.  The RE1, SDIF, and HY3 exports all (properly) used the method from the parent class but the CSV export was using the child class version.  It took me a while to sort it out as I was staring at the wrong code trying to determine what was wrong. It turns out, nothing was wrong, I was just looking in the wrong place.  Once I removed the redundant method declaration, everything resumed working as it should.

I think I have resolved all of the multi-site issues, please let me know if you run into any more.

This update is available via the WordPress Dashboard or from the WordPress Plugin Repository.

wp-Swimteam v1.45 beta 3 now available

Earlier today I received a report of a security bug in wp-SwimTeam.  While the security flaw is true, I believe the ability to take advantage of the exploit is pretty hard is it would require knowing the value of a WordPress site’s ABSPATH value.  It is certainly possible to guess the value in some cases but without knowing the proper value, the exploit simply fails.

None the less, I have fixed it employing WordPress Nonce Verification.  All downloads now perform a verification before proceeding.

There is still one know bug in this build, the CSV Roster export from the Manage tab doesn’t do anything.  The RE1, HY3, and SDIF Roster Exports all work correctly.

There may also still be some oddities when running on WordPress Multi-Site.  I’ve been chasing them down slowly, if anyone runs into anything please report it.

There is a good chance I’ll release a new version once I fix the CSV export in order to get the security fix out in production release.

wp-SwimTeam Beta (443 downloads)