I have developed a plugin whose main function is a pop-up message board. The verification code is received via a valid email address and then filled in to confirm the validity of the email.
The plugin is located in the right sidebar, beneath the "About" plugin, and primarily supports Chinese and English languages.
During local testing, the first issue is that the backend management plugin interface does not display the name and introduction of the plugin. Secondly, the settings page is not translated. Lastly, the email verification code function has not been debugged.
I am uploading the original code of the plugin now. Please help improve the functionality of this plugin by a programming expert.
Thank you!
If you have a similar plugin that you could kindly send me, I would be extremely grateful! (Applicable to BLUDIT CMS 3.16.2)
Email Contact Form --〉HELP
-
lastpictures
- Ssr. Bludit
- Posts: 27
- Joined: Mon May 01, 2023 9:18 am
- Has thanked: 2 times
- Been thanked: 4 times
The plugin, as described in the download, is rather problematic. It lacks CSRF protection.
The is generated but not validated anywhere.
There is no rate limiting. can be called an unlimited number of times, leading to potential email spam.
SMTP is only pseudo-SMTP. doesn't use true SMTP but instead uses The SMTP configuration is practically misleading.
Session handling is required. No is visible, posing a risk depending on the CMS.
There are XSS risks due to output like
I wouldn't use this in a production environment!
The
Code: Select all
`form_token`There is no rate limiting.
Code: Select all
`send_code`SMTP is only pseudo-SMTP.
Code: Select all
`sendSMTPEmail()`Code: Select all
`mail()`.Session handling is required. No
Code: Select all
`session_start()`There are XSS risks due to output like
Code: Select all
`$this->getValue('title')`
I wouldn't use this in a production environment!
-
LRAM
- Legend Bludit
- Posts: 244
- Joined: Sat Sep 24, 2016 4:02 pm
- Location: France
- Has thanked: 53 times
- Been thanked: 9 times
- Contact:
Hello
I'm no expert, but I took a look out of curiosity.
Indeed, the plugin name and description did not appear, just the word ‘activate’.
As this is managed by language files, I assumed that the file was incorrectly encoded. I copied and pasted your English text into Notepad and re-uploaded it to my test site, and everything worked fine.
As for the translation, I don't speak Chinese, but I assume it's the same problem: the file is not encoded correctly.
I'm no expert, but I took a look out of curiosity.
Indeed, the plugin name and description did not appear, just the word ‘activate’.
As this is managed by language files, I assumed that the file was incorrectly encoded. I copied and pasted your English text into Notepad and re-uploaded it to my test site, and everything worked fine.
As for the translation, I don't speak Chinese, but I assume it's the same problem: the file is not encoded correctly.
https://sucrepop.com
Candies for the ears
Candies for the ears
Bludit is a lightweight Content Management System (CMS), it's completely free and open source.
Latest stable release: Bludit v3.17.2 (Aura), 7.2.2026
Download
Become a patron of Bludit and get Bludit Pro!
Official website - Offizielle Website - Sitio web oficial
Documentation - Themes - Plugins
Community chat: Discord
Development: GitHub
Bludit CMS em Língua Portuguesa
Documentação e repositório para o Bludit.
Deutschsprachiger Newsletter
Mit dem Abonnieren des Newsletters wird das Einverständnis erteilt, die angegebene E-Mail-Adresse zu speichern und für den Versand des deutschprachigen Bludit-Newsletters zu verwenden. Der Newsletter kann jederzeit abbestellt werden.