Comments on: Here’s a quick way to run a petition in WordPress

By: Mouad

Mouad — Mon, 24 Aug 2009 11:37:57 +0000

Please , at least tell us how can we manually confirm the signatures.. in WordPress Extend you say that it supports manual confirmation, but I dont see that anywhere in the petition management.

By: Mouad

Mouad — Wed, 22 Jul 2009 11:18:49 +0000

Hey James… I am still waiting for the you to resolve the issues I have earlier mentioned regarding the plugin. I understand if you are busy in your personal life, but please at least tell us if you are willing to fix the issues and make the changes or not. Thank you

By: pauleco

pauleco — Wed, 29 Apr 2009 16:28:38 +0000

@James Davis

Here’s a patch.. I got our developer to have a look – he said:

“This is because $sub_title which is defined in one function and used in another function is not a global variable. I simply made it a global variable, really this should be object orientated…”

——————————–

— wordpress-petition-plugin/fcpetition.php.bak 2009-04-29 16:05:04.000000000 +0000
+++ wordpress-petition-plugin/fcpetition.php 2009-04-29 16:01:16.000000000 +0000
@@ -435,7 +435,7 @@
}

function fcpetition_form_bottom($petition) {
- global $wpdb;
+ global $wpdb, $sub_title;
global $signature_table;
global $petitions_table;
$pa = fcpetition_fetchattributes($petition);
@@ -483,7 +483,7 @@
}

function fcpetition_form($petition){
- global $wpdb;
+ global $wpdb, $sub_title;
global $signature_table;
global $petitions_table;

———————————–

Hope that helps?! (Never posted a patch before…)

By: pauleco

pauleco — Wed, 29 Apr 2009 14:49:32 +0000

@James Davis

Hiya James – no they aren’t confirming their sigs… wondering if it is possible to use akismet somehow to prevent them from posting..?

Upgraded to 2.3.3 today (plugin prompted me btw) – no vote count on the petition page like there used to be… should there be or has that functionality been moved to the widget?

Cheers
Paul

By: James Davis

James Davis — Mon, 27 Apr 2009 17:00:21 +0000

Try upgrading to 2.3.3, does it still happen?
As for attempted spam: I presume they aren’t successfully confirming their signatures?

By: pauleco

pauleco — Wed, 22 Apr 2009 10:48:01 +0000

Hiya James,

I noticed after one of the recent upgrades that the total signatories figures is no longer displayed on the petition page. Is there a way to turn it back on?

Also – a little suggestion for the next update: Blacklist email/IP addresses.

I am getting a lot of attempted spam from mail.ru on the petition at the moment…

By: James Davis

James Davis — Mon, 16 Mar 2009 11:53:37 +0000

Thanks for spotting this. I’ve been on holiday, but managed to sneak out a new release which should fix this problem.

By: James Davis

James Davis — Mon, 16 Mar 2009 11:52:16 +0000

I’m afraid that I don’t know anything about programming facebook applications.

By: Vivek

Vivek — Sat, 14 Mar 2009 16:05:47 +0000

Hi,

I am using your petition plugin on my website. I wanted to use the petition on a facebook app and on a standalone website. I want to use the e-mail verification option on the website, but not on the app. How can I do that?

By: Anatolie Gavriliuc

Anatolie Gavriliuc — Fri, 27 Feb 2009 18:47:20 +0000

Great plugin!
There is a JS-injection security problem, though. Try input >’>alert(123)<’ for the name or any custom field and you will see then the jscript will execute on both the post page and in the admin panel. This can be used by malicious users to redirect all visitors to other sites, for example.

The fix is pretty simple – use htmlspecialchars(field,ENT_QUOTES) when displaying html.