Bidirectional scrolling: what’s not to like?

Category Image 052

Some baby bear thinking from Adam Silver.

Too hot:

[On horizontal scrolling, like Netflix] This pattern is accessible, responsive and consistent across screen sizes. And it’s pretty easy to implement.

Too cold:

That’s a lot of pros for a pattern that in reality has some critical downsides.

Just right:

[On rows of content with “View All” links] This way, the content isn’t hidden; it’s easy to drill down into a category; data isn’t wasted; and an unconventional, labour intensive pattern is avoided.

Direct Link to ArticlePermalink


The post Bidirectional scrolling: what’s not to like? appeared first on CSS-Tricks.

You can support CSS-Tricks by being an MVP Supporter.

WooCommerce Patches Vulnerability that Allowed Spam Bots to Create Accounts at Checkout

Set Up Woocommerce

WooCommerce 4.6.2 was released yesterday with a fix for a vulnerability that allowed account creation at checkout, even when the “Allow customers to create an account during checkout” setting is disabled. The WooCommerce team discovered it after several dozen users reported their sites were receiving spam orders, or “failed orders” where the payment details were fake.

WooCommerce developer Rodrigo Primo described how the bot is attacking stores:

The gist of it is that the bot is able to create a user when placing an order exploiting the bug fixed by 4.6.2. After creating the user, the bot tries to find vulnerabilities in other plugins installed on the site that require an unprivileged authenticated account.

WooCommerce recommends users update to 4.6.2 to stop bots from creating users at checkout and then remove any accounts the bot previously created. This will not stop the bots from creating fake orders so store owners are advised to install additional spam protection from the WooCommerce Marketplace. Some users in the support forum are trying free plugins like Advanced noCaptcha & Invisible Captcha and Fraud Prevention Plugin for WooCommerce.

The first logged instance happened nine days before WooCommerce was able to issue a fix. In the meantime, some users reported having their site’s URL changed and other hacking attempts. Dave Green, WordPress engineer at Make Do, used log files to determine that the script relies on exploiting other vulnerabilities in order to gain access to the database.

“That script is creating the order, and is also likely to be exploiting whatever vulnerability is available to bypass customer account settings and create a new user; it may or may not be relying upon other exploits for this,” Green said.

“Assuming it has successfully gained access to the system, it then tries to update the DB. It either fails and leaves you with nuisance orders, or succeeds and points your site to the scam URL.”

The WooCommerce team has also fixed this same bug in WooCommerce Blocks 3.7.1, preventing checkout from creating accounts when the related setting is disabled.

WooCommerce did not publish the names of any of extensions that have vulnerabilities being exploited by this script. However, some one user reported an attack that coincided with the fake orders:

I had a failed order yesterday with similar info to the OP as well.

At the exact same time that failed order came in, my WAF blocked two attempted attacks from the same user/IP (bbbb bbbb) for “TI WooCommerce Wishlist < 1.21.12 – Authenticated WP Options Change”

The script may have been probing for a vulnerability in the TI WooCommerce Wishlist plugin, which was patched approximately two weeks ago. The plugin is active on more than 70,000 WordPress sites.

The WooCommerce team is still researching the origin and impact of this vulnerability and will publish more information as it becomes available.

Search SQL between two dates

Category Image 101

Hi All,

I am having an issues with an SQL query and I can't quite work out how to resolve it.

I have searched Google for the answer but can't seem to find the solution there either.

Basically I have a database andin one of the tables it has a start date column and an end date column.

I have a form that you input the start date and end date range you want to search the database for and display the results.

My issues is with getting the dates that are inputted on the form to display on the SQL results page.

I have tried the following code:

$sql = "SELECT * FROM table
WHERE Start >= '2020-01-01' AND End <= '2020-02-02'
Order By colour DESC";

and this works for the given dates specified above.

I have also tried changing it to the following but this didn't work

$sql = "SELECT * FROM table
WHERE Start >= '$start_date' AND End <= '$end_date'
Order By color DESC";

Thank you in advanced for your help.