[wp-hackers] Plugin update & security / privacy - Data sent
Moritz 'Morty' Strübe
morty at gmx.net
Sun Sep 23 13:30:02 GMT 2007
To get some facts out added some debugging output.
Notice that there are 11k of data transmitted. Also of course your
Wordpress version and your url (which I already encapsulated in a md5).
IMHO a list of plugin names and a answer with the current version
numbers is enough data to be transmitted.
The request:
POST /plugins/update-check/1.0/ HTTP/1.0
Host: api.wordpress.org
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11000
User-Agent: WordPress/2.3-RC1; 4b028de5098db7fb05c6d6dd264de215
And the data:
data:object(stdClass)(2) {
["plugins"]=>
array(15) {
["akismet/akismet.php"]=>
array(5) {
["Name"]=>
string(7) "Akismet"
["Title"]=>
string(71) "<a href="http://akismet.com/" title="Visit plugin homepage">Akismet</a>"
["Description"]=>
string(354) "Akismet checks your comments against the Akismet web service to see if they look like spam or not. You need a <a href="http://wordpress.com/api-keys/">WordPress.com API key</a> to use it. You can review the spam it catches under “Comments.” To show off your Akismet stats just put <code><?php akismet_counter(); ?></code> in your template."
["Author"]=>
string(80) "<a href="http://photomatt.net/" title="Visit author homepage">Matt Mullenweg</a>"
["Version"]=>
string(5) "2.0.2"
}
["cjd_delete_de.php"]=>
array(5) {
["Name"]=>
string(35) "CJD-<br />Spam Nuke <br />(deutsch)"
["Title"]=>
string(121) "<a href="http://chrisjdavis.org/category/wp-hacks/" title="Visit plugin homepage">CJD-<br />Spam Nuke <br />(deutsch)</a>"
["Description"]=>
string(216) "Dieses Plugin macht all die Kommentare sicht- und löschbar, die mit dem Attribut ‘Spam’ in der Datenbank herumliegen. Deutsche Bearbeitung: <a href="http://www.journal.kylaloo.net/">Mathias Hundt</a>"
["Author"]=>
string(105) "<a href="http://chrisjdavis.org/" title="Visit author homepage">Chris J. Davis, Scott (skippy) Merill</a>"
["Version"]=>
string(5) "1.5.3"
}
["follow.php"]=>
array(5) {
["Name"]=>
string(10) "Follow-URL"
["Title"]=>
string(79) "<a href="http://blog.taragana.com" title="Visit plugin homepage">Follow-URL</a>"
["Description"]=>
string(108) "Dieses Plugin entfernt das <strong>nofollow</strong>-Attribut, dass WordPress an Links in Kommentaren setzt."
["Author"]=>
string(90) "<a href="http://blog.taragana.com/" title="Visit author homepage">Angsuman Chakraborty</a>"
["Version"]=>
string(3) "1.0"
}
["gengo/gengo.php"]=>
array(5) {
["Name"]=>
string(5) "Gengo"
["Title"]=>
string(88) "<a href="http://jamietalbot.com/wp-hacks/gengo/" title="Visit plugin homepage">Gengo</a>"
["Description"]=>
string(180) "Multi-language blogging for WordPress.<br/>Licensed under the <a href="http://www.opensource.org/licenses/mit-license.php">MIT License</a>, Copyright © 2006-2007 Jamie Talbot."
["Author"]=>
string(80) "<a href="http://jamietalbot.com/" title="Visit author homepage">Jamie Talbot</a>"
["Version"]=>
string(3) "0.9"
}
["gravatars2.php"]=>
array(5) {
["Name"]=>
string(10) "Gravatars2"
["Title"]=>
string(84) "<a href="http://zenpax.com/gravatars2/" title="Visit plugin homepage">Gravatars2</a>"
["Description"]=>
string(326) "Implements Gravatars (global avatars: gravatar.com) with enhanced caching support, cron support, & administrative interface to control default options. Registered users can use local Gravatars (also cached). Copyright 2006 Kip Bond; Licensed under the terms of the <a href="http://www.gnu.org/licenses/gpl.html">GPL</a>."
["Author"]=>
string(82) "<a href="http://zenpax.com/gravatars2/" title="Visit author homepage">Kip Bond</a>"
["Version"]=>
string(5) "2.6.1"
}
["gravatars2-wpcron.php"]=>
array(5) {
["Name"]=>
string(18) "Gravatars2 WP-Cron"
["Title"]=>
string(92) "<a href="http://zenpax.com/gravatars2/" title="Visit plugin homepage">Gravatars2 WP-Cron</a>"
["Description"]=>
string(194) "Refreshes the cached gravatar images using a pseudo-cron implementation — Requires WP-Cron (http://skippy.net/blog/2005/10/09/wp-cron-14/) & Gravatars2 (http://zenpax.com/gravatars2/)"
["Author"]=>
string(82) "<a href="http://zenpax.com/gravatars2/" title="Visit author homepage">Kip Bond</a>"
["Version"]=>
string(3) "1.1"
}
["hello.php"]=>
array(5) {
["Name"]=>
string(11) "Hello Dolly"
["Title"]=>
string(78) "<a href="http://wordpress.org/#" title="Visit plugin homepage">Hello Dolly</a>"
["Description"]=>
string(295) "This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. When activated you will randomly see a lyric from <cite>Hello, Dolly</cite> in the upper right of your admin screen on every page."
["Author"]=>
string(80) "<a href="http://photomatt.net/" title="Visit author homepage">Matt Mullenweg</a>"
["Version"]=>
string(3) "1.5"
}
["locktest.php"]=>
array(5) {
["Name"]=>
string(9) "Lock test"
["Title"]=>
string(96) "<a href="http://xn--strbe-mva.de/post-notification/" title="Visit plugin homepage">Lock test</a>"
["Description"]=>
string(14) "Tests locking."
["Author"]=>
string(86) "<a href="http://xn--strbe-mva.de" title="Visit author homepage">Moritz Strübe</a>"
["Version"]=>
string(3) "1.0"
}
["a_o42-clean-umlauts.php"]=>
array(5) {
["Name"]=>
string(17) "o42-clean-umlauts"
["Title"]=>
string(116) "<a href="http://otaku42.de/2005/06/30/plugin-o42-clean-umlauts/" title="Visit plugin homepage">o42-clean-umlauts</a>"
["Description"]=>
string(366) "Das Plugin konvertiert die deutschen Umlaute in den Beitragstiteln, Kommentaren und Feeds zu ASCII. - Aus ä,ü,ö,ß wird ein ae, ue, oe und ss. auf der Lösung von <a href="http://www.papascott.de">Scott Hanson</a>. Das Plugin wirkt sich nur aus, wenn bei der Permalinstruktur “<em>Basierend auf Datum und Name</em>” aktiviert ist."
["Author"]=>
string(79) "<a href="http://otaku42.de/" title="Visit author homepage">Michael Renzmann</a>"
["Version"]=>
string(5) "0.2.0"
}
["wp-pagesnav/wp-pagesnav.php"]=>
array(5) {
["Name"]=>
string(7) "PageNav"
["Title"]=>
string(88) "<a href="http://www.adsworth.info/wp-pagesnav" title="Visit plugin homepage">PageNav</a>"
["Description"]=>
string(18) "Header Navigation."
["Author"]=>
string(80) "<a href="http://www.adsworth.info/" title="Visit author homepage">Adi Sieker</a>"
["Version"]=>
string(5) "0.0.1"
}
["post_notification/post_notification.php"]=>
array(5) {
["Name"]=>
string(17) "Post Notification"
["Title"]=>
string(104) "<a href="http://xn--strbe-mva.de/post-notification/" title="Visit plugin homepage">Post Notification</a>"
["Description"]=>
string(74) "Sends an email to all subscribers. See readme or instructions for details."
["Author"]=>
string(86) "<a href="http://xn--strbe-mva.de" title="Visit author homepage">Moritz Strübe</a>"
["Version"]=>
string(8) "1.2.rc 5"
}
["PN_mailfix.php"]=>
array(5) {
["Name"]=>
string(25) "Post Notification Mailfix"
["Title"]=>
string(112) "<a href="http://xn--strbe-mva.de/post-notification/" title="Visit plugin homepage">Post Notification Mailfix</a>"
["Description"]=>
string(54) "Fixes problems sending HTML-mails - Only for WP 2.2.x!"
["Author"]=>
string(86) "<a href="http://xn--strbe-mva.de" title="Visit author homepage">Moritz Strübe</a>"
["Version"]=>
string(5) "1.2.1"
}
["timezone.php"]=>
array(5) {
["Name"]=>
string(9) "Time Zone"
["Title"]=>
string(92) "<a href="http://kimmo.suominen.com/sw/timezone/" title="Visit plugin homepage">Time Zone</a>"
["Description"]=>
string(136) "Automatische Umstellung von Sommerzeit auf Winterzeit. Einstellungen können unter: Optionen » Time Zone geändert werden."
["Author"]=>
string(85) "<a href="http://kimmo.suominen.com/" title="Visit author homepage">Kimmo Suominen</a>"
["Version"]=>
string(3) "2.1"
}
["update-monitor.php"]=>
array(5) {
["Name"]=>
string(14) "Update-Monitor"
["Title"]=>
string(78) "<a href="http://blogshop.de/" title="Visit plugin homepage">Update-Monitor</a>"
["Description"]=>
string(133) "Stay informed about new WordPress releases. <em>Powered by <a href="http://wordpress-deutschland.org">WordPress Deutschland</a></em>."
["Author"]=>
string(79) "<a href="http://blogshop.de/" title="Visit author homepage">Olaf A. Schmitz</a>"
["Version"]=>
string(3) "1.3"
}
["wp-db-backup.php"]=>
array(5) {
["Name"]=>
string(25) "WordPress Database Backup"
["Title"]=>
string(105) "<a href="http://www.skippy.net/blog/plugins/" title="Visit plugin homepage">WordPress Database Backup</a>"
["Description"]=>
string(44) "On-demand backup of your WordPress database."
["Author"]=>
string(80) "<a href="http://www.skippy.net/" title="Visit author homepage">Scott Merrill</a>"
["Version"]=>
string(3) "1.8"
}
}
["active"]=>
array(3) {
[0]=>
string(12) "locktest.php"
[1]=>
string(39) "post_notification/post_notification.php"
[2]=>
string(27) "wp-pagesnav/wp-pagesnav.php"
}
}
--
strübe.de <http://xn--strbe-mva.de>
Diese Email ist signiert. Sollte Dein Email-Client keine Signaturen
unterstützen wird eine smime.p7s-Datei im Anhang angezeigt.
Meinen PGP/GPG-Key gibt es auf den üblichen Keyservern.
More information about the wp-hackers
mailing list