I have addressed what I hope is the last of the security concerns with Google Forms and resubmitted to WordPress.org for approval. In the meantime, should anyone want early access to the next update, which includes some additional debug features as well as addressing the security concerns, you can download it here.
This afternoon I posted beta-4 of Email Users v4.8.5. This build adds some additional debug information to help chase down slow database queries. When in debug mode, Email Users will now report information about the query like this:
This evening I uploaded another beta (beta-2) build of Email Users v4.8.5. This build addresses an issue with the user’s email preferences not being respected when using a custom meta filter. This problem was reported in the WordPress Support Forum a few weeks back.
I’ve posted Email Users v4.8.5-beta-1 for testing purposes. This is a minor update which restores functionality which was removed in 4.7.1. See this recent thread and this old 4.7.1 thread on the WordPress Support Forum for more details on the change in 4.7.1.
The change in 4.8.5 introduces a new option (Send User Exclude Role) on the Settings page which is enabled by default to retain the current functionality. When turned off, the user’s current role is also included in the list of roles presented as potential recipients.
Please provide any feedback ASAP as my window to fix this over the holiday break at work is small.
Last week I was notified my Google Forms plugin had a potential security flaw and would be de-listed from the plugin repository until addressed. I have implemented the fixes recommended by the WordPress Security Team and am in the process of getting the plugin listed again.
I would like to enlist some additional testing besides my small suite of test cases with the updated code.
This morning I released v0.87 of the Google Forms plugin. This update includes a new check when saving a form definition. The check scans the HTML from the form to ensure it has the proper HTML structure the plugin expects.
The new version of Google Forms is not supported by the plugin so this check ensures that a user is notified that the form isn’t of the expected format.
You can find this updated on your WordPress Dashboard or in the WordPress plugin repository.
A week ago (July 19th) I was contacted by WordPress regarding a potential security flaw in Email Users. Email Users was “closed” (which is why it doesn’t show up at WordPress.org) until the security flaw was addressed and a new version of the plugin was tagged and release.
Due to some work issues, I did not have a chance to work on the plugin until this past weekend. I have resolved the security concerns, committed all of the changes, and tagged a new release. On July 26th (Sunday) I notified WordPress.org that everything (I know of) has been addressed. At this point, I am waiting for the plugin to be opened again or notified that I’ve missed something.
I’ve uploaded v4.84. to my web site in the event anyone wants to download the update before WordPress.org makes it live again.
It has been quite a while since I’ve updated Email Users. There have been a couple of enhancement requests that I’ve wanted to add and some deprecated notices I wanted to resolve.
Email Users 4.8.2-beta-2 adds the following:
Custom Header (similar to the custom footer which has been part of the plugin for a while).
Control over customer header and footer usage. Each can be applied to Notifications, User and Group Emails, or both.
Ability to remove the “Notify Users about this Post/Page” on the Post/Page editing screen.
All references to get_currentuserinfo() have been updated. The get_currentuserinfo() API function has been deprecated for a while but WordPress 4.5 issues a strong warning on the Dashboard about it so it was time to resolve it.
Please report any issues and I’ll do my best to get them fixed quickly and get this release out.