Hi there!
I just started using the Forum plugin, and really love it. However, on a few occasions I have been blocked by ModSecurity while making changes with it. According to my web host, the plugin is using a very old version of PHP that is no longer supported. Are there any plans to update it?
Thank you!
Hello:
The plugin does not control the PHP version used on your site - your WordPress host does. The plugin requires version 7.0 of PHP and is compatible with PHP up to version 7.4.
Thanks.
Apparently, there is a line of code in the plugin that attempts to use an old version of PHP. The following is quoted from my web host:
"Looking at the cause of the block, you have a plugin that is attempting to use a version of PHP that is well over 2 years deprecated and past end of life. Resolving this issue itself would prevent further blocks while allowing mod_security to remain enabled and protecting your site."
They also included this error message which cites simplepress:
[Tue Dec 22 14:53:42.211300 2020] [:error] [pid 13926:tid 47236583118592] [client 173.238.13.189:55751] [client 173.238.13.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "-C" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "19"] [id "220030"] [rev "9"] [msg "COMODO WAF: Vulnerability in PHP before 5.3.12 and 5.4.x before 5.4.2 (CVE-2012-1823)||hsjccforums.ca|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "hsjccforums.ca"] [uri "/wp-content/plugins/simplepress/admin/resources/css/fonts/sp-admin.woff"] [unique_id "X@JOxje0sSrLuCF8KIj3rwABEwY"], referer: https://hsjccforums.ca/wp-content/plugins/simplepress/admin/resources/css/spa-menu.css?ver=6.6.1
Maybe I'm missing something but what in that error message they provided has to do with php or a specific version of php?
My apologies. I'm certainly not an expert. I'm just conveying what I was told. I am looking though at the error message that cites simplepress and says that it's trying to use an old version of PHP. "Vulnerability in PHP before 5.3.12 and 5.4.x before 5.4.2"
It does appear to point to a specific section of simplepress that is causing this - wp-content/plugins/simplepress/admin/resources/css/fonts/sp-admin.woff
I'm really just an end user, and I'm loving your product, except for this problem.
Hi:
The only way that the "Vulnerability in PHP before 5.3.12 and 5.4.x before 5.4.2" message makes sense is if your site was actually running on those PHP versions. If it is, that's not a simple:press issue but a hosting issue. More importantly, our minimum php version is 7.0 and there will certainly be other issues besides this one if you're running on any PHP version prior to that.
The sp-admin.woff file is a font file, not a php file.
Hence, why I don't understand the error message. Frankly it sounds like either a false error or a mis-configuration in the PHP version on the WordPress site.
Thanks.
