ThreeWP Broadcast: v1.12 doesn’t broadcast the caption and description of attached images. The fix is simple, though it requires editing the plugin files. However, I think the developer is currently not actively working on the plugin, so this is necessary evil.
Here’s a quick overview of integrating custom user fields with Membership plugin (v2.0.7 at the time of writing).
Basically, we’ll have to:
- Create some fields to be added after Membership’s own registration form
- Create a function to validate and save the new registration form fields on submission
- Copy-paste the whole user account edit form from Membership plugin and modify it to suit our needs
- Create a function to override Membership’s own account edit form
In the series of tubes there’s a ton of tutorials and guides on image upload security, but apparently still not enough – I stumbled upon yet another PHP application image upload vulnerability. These are ridiculously easy to spot, take about 10 minutes to exploit and if the attackers succeed, odds are they will be able to upload a shell, execute arbitrary code on your server and do pretty much whatever they want. So if you’re a developer (especially PHP!) and don’t know how exactly image uploads should be implemented, please please please take the time to read and understand.