Suspicious function found – DataBuilder.php

#10713
  • Resolved Jack Lavender

    5 years, 4 months ago

    Rank Math free

    I had an open ticket about this that RankMath closed without a resolution.

    I still have an error from Defender Pro that says, “The function extract line 692 column 13 execute using unsanitize user inputs”

    687 public function getUrlProto()
    688 {
    689 $proto = ”;
    690
    691 if (!empty($_SERVER[‘HTTP_FORWARDED’])) {
    692 extract($this->parseForwardedString($_SERVER[‘HTTP_FORWARDED’]));
    693 }

    There is another for line 717.

    • This topic was modified 5 years, 4 months ago by Jack Lavender.
Viewing 10 replies - 1 through 10 (of 10 total)
  • Jack Lavender

    5 years, 4 months ago

    Rank Math free

    File is /www/wp-content/plugins/seo-by-rank-math/vendor/rollbar/rollbar/src/DataBuilder.php

    Michael Davis

    5 years, 4 months ago

    Rank Math pro

    Hello,

    Thank you for getting in touch and sorry for any inconvenience caused.

    Please edit the first post on this ticket and include your WP and FTP logins in the designated Sensitive Data section.
    Sensitive Data Section

    It is completely secure and only our support staff has access to that section. If you want, you can use the below plugin to generate a temporary login URL to your website and share that with us instead:

    https://wordpress.org/plugins/temporary-login-without-password/

    You can use the above plugin in conjunction with the WP Security Audit Log to monitor what changes our staff might make on your website (if any):

    https://wordpress.org/plugins/wp-security-audit-log/

    We really look forward to helping you.

    Jack Lavender

    5 years, 4 months ago

    Rank Math free

    Hello,

    I have updated the sensitive data as requested. Can you please check further?

    Thank you.

    Michael Davis

    5 years, 4 months ago

    Rank Math pro

    Hi Jack,

    Thanks for the access.

    This information has been submitted to our dev team for closer investigation and we will be getting back to you in a short while.

    We appreciate your patience. Thank you.

    Rank Math

    5 years, 3 months ago

    Hello,

    That is the issue in the Rollbar and needs to be fixed on their end.

    You can turn it off by unchecking this option:
    https://i.rankmath.com/DytLow

    Hope that helps. Thank you.

    Jack Lavender

    5 years, 3 months ago

    Rank Math free

    I’ve turned it off and run the file scan and it’s still reported as a suspicious function.

    Rank Math

    5 years, 3 months ago

    Hello,

    Yes, but the code won’t be executed. So, you can safely ignore that warning.

    Thank you.

    Jack Lavender

    5 years, 3 months ago

    Rank Math free

    …but ignoring warning messages is, generally speaking, a bad idea.

    How about you fix, instead?

    Levent Ultanur

    4 years, 8 months ago

    Rank Math free

    Hei,
    I also have the same warning and my setting is also off…
    Can you please fix that issue in a near future update?
    Thanks.
    Levent

    Michael Davis

    4 years, 8 months ago

    Rank Math pro

    Hi Levent,

    Thanks for getting in touch with us today.

    This warning is a false positive since the function is used in the Rank Math plugin for error logging. We have however noted this problem internally.

    We appreciate your patience. Thank you.

Viewing 10 replies - 1 through 10 (of 10 total)

You must be logged in to reply to this ticket.