Version 1.1.3 – Custom Training Video

Vito Peleg Update Announcement


This week we’re releasing a cool new addition to allow you to include your own training video, a few more translations, bug fixes and compatibility.

But the biggest thing is that over the last couple of weeks we dove into the code to try and find any security issues, even the smallest ones to give you an enterprise grade secure functionality throughout the solution.
This included extensive work with leading security experts that reviewed each line of code and work with the dev team to put us on a whole new level when it comes to security.

Also, I just came back from WordCamp Brighton, recovering from a great weekend where I also delivered my first talk at WordCamp!

Hopefully, this will lead to a lot more that will be published in the upcoming year ❤

Here’s an exclusive view of the presentation

So what’s it about?

Imagine this. You’re in a new country, knowing only one person in a 500 miles radius. The little savings you had are quickly running out to the point you can hardly afford a bus ticket to the city center, not to mention next month’s rent, no job and you’re not sure what you’re doing tomorrow morning. 

How would you rebuild your life and business to support your dreams and goals? 

An inspiring story of how I found myself in a new country, busking for money on the street and how I optimised my way from the average £40 per day up to hundreds per day using growth hacking strategies. And how YOU can do the same for your business and life. 

The talk will walk you through the concept of Growth Hacking along with some processes and ideas on how you can implement the same principles yourself. 

The same strategies later helped me grow my WordPress business to 6 figures in revenue by the end of year 1 and to a team of 12 by year 3, as well as making history in the WordPress community by launching the first plugin by a new company to reach 6 figures in the first month. 

Train your clients

As we’re expanding the solution we’re adding more and more customisation options so that you can adpot the tool to your own workflow.

Since I personally did (and still doing) extensive research on the nature of communications, UI and UX for non savvy users and the art of getting users to adopt new tools, so that you and your clients will have the least amount of pushback possible, simply by being a great product that everyone wants to use, we will be creating some more resources for you all understand the deeper philosophy behind some of the decisions we are making.

One of the most poweful ways to train a client, is by simply showing them what to do via a short video.

So now, you can create your own video and embed it, to replace our own initial training video.

You can embed the video from any service, being YouTube, Vimeo, Wistia or any other solution you may choose.

Just please keep in mind, that this is the first experience your clients will have with their new website or at least with our feedback tool.

So make sure you keep it simple – short and sweet is the best approach to showcase just the very basic functions of how to give you feedback or request support. The tool is designed for self-discovery so you just want to give them a nice bump in the right direction and they should be taking it from there.

The new embed field was added to the Settings screen, under the White Label area and will be visible on 2 places:

  • The Frontend Wizard – Just before they dive in and start commenting.
  • The Tasks Center – If there are no tasks found yet.

Once you add your own code, it will replace our own default video, so you’re always covered, even if you don’t have your own custom video yet.

Tranlsations

Last week we made a mistake with the Spanish translation and even though it was ready, it wasn’t added to the plugin – Now it has!

We also compelted the German translation and included that as well.

If your language is not included just yet, you have other options as well!

You can translate it yourself as we’re fully compatible with tools like WPML.

OR, you keep let us know that you would like to contribute to the project by emailing support@wpfeedback.co or posting on our Facebook Community group and we will give you access to our translation document so that you can add your own language.

Please note, that we ran into some issues with the Email Translations so they will be added on the next update as we’re sorting this part out and systemising our translation process further.

Bug Fixes

  • Quick Edit conflict – WooCommerce Product’s quick edit on product listing page was not working when WP Feedback was active. This is now fixed.
  • General Tasks Error – Some users use to get Server Error 500 on Tasks listing page on backend.
    They were receiving it since the dropdown “General Task: Choose a page/post to comment” for creating the general task from the backend had lots of posts when the number of products on site were in multiple of thousands making it impossible to load all those at once. Currently, we have added a condition so that it will load not more than 50 latest products on the dropdown.
    We’re already exploring other ways of implementing a more solid solution that will allow you to find ALL the posts from that dropdown in the upcoming updates. For now, you can, of course, navigate to the right post and create a general task by clicking the button on the frontend sidebar.

Compatibility

  • OnePress Theme – The conflict was with the js of theme which was resolved to make it compatible with WP Feedback.
  • Divi theme latest version – We made sure all is working nice and smooth after some major update by the Divi team last week.
  • Customizer Screen – WP Feedback was visible when customizer was ON making it difficult for user to use theme customizer.
    We removed WP Feedback from the view where theme customizer is loaded.

Security

  • SQL injection found in wp_ajax_list_wpf_comment_func
    Earlier we were using traditional SQL Query and now we are using WordPress function get_comments which will nullify the effect.
  • SQL injection found in list_wpf_comment_notif_func
    Earlier we were using traditional SQL Query and now we are using WordPress function get_comments which will nullify the effect.
  • Stored XSS on all pages via wpf_selcted_role
    • Earlier we were using post value $_POST[‘current_user_id’] but now we are using the value of logged in user using ( global $current_user ) instead of $_POST[‘current_user_id’]. Also, we are now sanitizing wpf_selcted_role before updating.
    • Earlier we used to update wpf_user_type without checking but now we are only updating the “wpf_user_type” if their values are (‘king’, ‘advisor’ or ‘council’).
  • Stored XSS via notify_users
    Now sanitizing task_notify_users.
  • Stored XSS – adding new task
    We are now sanitizing whole $task_data array before adding the information to the database.
  • File upload – File type bypass
    We are now checking the extension inc/wpf_ajax_functions.php => function wpf_upload_file.
  • Footer XSS – Internet Explorer Only
    We are now using the WordPress function “add_query_arg( $wp->query_vars)” instead of $_SERVER[‘request_uri’]
  • Improper privilege check on profile update
    Now the user that do not have the ability to edit the users won’t be able to update the parameters related to WP Feedback for the user.
  • Self XSS – Adding new comment
    Now returning the content in ajax response and the same content is displayed in the latest comment.

Join the conversation

Don’t forget to join us on the Facebook Group as we’ll be discussing the new Cloud application and showcase what we’re working on as we progress ❤