Path to move back to regular WP plugin support

[mcvlot]

I understand the wordpress organization maintaining the regular wordpress plugin repository behaves very unsympathetically towards this excellent plugin on the argument that this plugin raises security concerns. And as much as |I appreciate the approach to maintain it via github it is not an acceptable path for me. Probably I am not alone. Can I and others do something to help getting the issue resolved?

[mcvlot]

There is a deafening silence... not good. I am sad; this plugin has served me well over the years, Highest regards for the author.

I will start to evaluate alternate plugins:

• Flamingo - seems awkward, how to select the form for export; very rudimentary documentation
• Storage for Contact Form 7 Plugin (not free)
• Save Contact Form 7 (dubious update history)
• Contact Form Submissions (is alive, hope this one survives)
• Contact Form 7 Database Addon – CFDB7 (can it survive?)

Recommendations are appreciated.

[CraigT543]

What I have done is move to Gravity Forms. It works with CFDB still. I moved every thing over to it. Now, that is a temporary solution. CFDB has been my interface to other programs. I am having to develop custom web servers for what I do to replace CFDB. Again, Gravity Forms appears more effective given how it is set up. Gravity is not free but it is at least stable and it will save forms to the database and export to csv files. When CFDB and CF7 stopped working it shut down my entire business until I found workarounds. That was a heart attack making experience. None of the solutions you mention above was any good (at least for my purposes). So, I am giving money to Gravity and I am glad I did. I would have been happy to pay for CFDB as well but it is not being resurrected.

[DebShadovitz]

I continue to use Contact Form 7 but started using the CF7 developer's Flamingo plugin. On 2nd look, it did more than I realized at first. I never used the extensive stuff that our beloved plugin did so I get by with the basics that Flamingo does, which are pretty much equal. Flamingo requires more steps to see the same info — an export or a double-click on an individual record — so that's frustrating. But it keeps me going.

I didn't want to switch but it certainly seems that the WP people were never going to be happy and the fight just wasn't worth it for the developer. I'd posted about it and the reply from the WP person who I understood to be responsible said they aren't. Lose-lose.

[kimipooh]

I suggest to use "Automatic Updater with GitHub API for WordPress plugin" to this GitHub. I hasn't a skill to install it, but the tool is interesting...

[mdsimpson]

Simply install the GitHub updater plugin and you can update CFDB from the plugins page just like any other plugin. https://github.com/afragen/github-updater

[mcvlot]

Installing the github updater was not exactly a "for dummies" experience with 5 trial and error attempts and I am still not certain it will keep itself and the CFDB plugin decently up to date. I am holding my breath.

The average WP admin will not be able to do this. So I would still recommend you (and we as far as we can help) keep trying to get this excellent plugin re-registered in the "wordpress" sanctioned pool. Why are these wordpress guys wining about security and is there a straightforward way to fix this? Probably not. But maybe we can come up with some clever workaround to "upgrade" the perceived security.

[CraigT543]

What exactly is this security issue? Is it the XSS attacks issue that was already patched? I personally am celebrating the fact that Michael Simpson is back to updating. I would like to keep using it, but if it is not safe for the transmission of sensitive personal information, other options need to be considered.

The updater works ok. It is a reasonable compromise. I am willing to work with that. I agree that it would be more convenient to have on the Wordpress plugin's page. But I do not blame anyone for for avoiding rude, disrespectful, and arrogant behavior. Wordpress could have handled this better.

[mdsimpson]

@mcvlot all you need to do is install github updater. The next time I check in the right file on in this repo indicating a new release version, you will see that CFDB needs to be updated in your Plugins page, just like all other plugin.

[mdsimpson]

@CraigT543 I'm not aware of any actual reproducible security issues that currently needs to be resolved. I can't guarantee anything, however. Certainly the latest version here is more secure than the last version published on WP. Although I fixed an issue there, they delisted the plugin before anybody could update it to get the fix, ironically.

The WP person I was dealing with was concerned about protecting strings to avoid XSS, which I am doing but not the way he wants. So I did some updates, but he kept telling me it wasn't right. So I asked for guidance on a specific scenarios on how he wants me to do it. But when pressed he couldn't tell me and just kept pointing me to unhelpful documentation. I think he doesn't actually know. I think he is just running some scanner then lecturing people. And he was a real **** about the whole thing. So I got fed up and moved it here and I don't have any motivation to move it back. I don't do much with WP these days, but I'll try to make appropriate updates to problems that are brought to my attention.

[CraigT543]

Sounds reasonable. I do not trust people who cannot explain with plainness and tend to favor using confusing paragraphs of jargon. I also think that the updater is a very clever backend way to get around the Wordpress cabal. Nevertheless, Wordpress has been very useful. Of all the products I have used on that platform, yours has been the most useful for me. Thanks for putting it out there.

[mcvlot]

Michael,

The process with the github updater was tricky and may not work flawlessly in my case. It was not a good experience. Not realistic for an average WP admin.

Your plugin deserves to be on the regular WP pages for plugins. There it can be helpful to more people. Does it make any sense some users argue the case with WP and try to move them to be more reasonable?

Regards,

2017-09-23 8:35 GMT+02:00 Craig Tucker notifications@github.com:

Sounds reasonable. I do not trust people who cannot explain with plainness and tend to favor using confusing paragraphs of jargon. I also think that the updater is a very clever backend way to get around the Wordpress cabal. Nevertheless, Wordpress has been very useful. Of all the products I have used on that platform, yours has been the most useful for me. Thanks for putting it out there.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mdsimpson/contact-form-7-to-database-extension/issues/31#issuecomment-331614669, or mute the thread https://github.com/notifications/unsubscribe-auth/Ad13y25UXxvRJ_NXkwuSlzFnM3S2-dlgks5slKabgaJpZM4PAg6p .

[afragen]

@mcvlot, as the developer of GitHub Updater, what seems to be the difficulty?