(wordpress.org)

172 points ValentineC | 1 comments | 12 Oct 24 18:38 UTC | HN request time: 0.207s | source

Show context

CharlesW ◴[12 Oct 24 19:27 UTC] No.41821726[source]▶

So WordPress-the-org — which is effectively Matt, as far as I can tell — just Sherlocked a developer's plug-in using the developer's own code, ostensibly as retribution for a security issue that the developer had already fixed. https://www.advancedcustomfields.com/blog/acf-6-3-8-security...

What am I missing?

replies(5): >>41821790 #>>41821829 #>>41821872 #>>41821880 #>>41823351 #

sureIy ◴[12 Oct 24 19:44 UTC] No.41821872[source]▶

>>41821726 #

> Sherlocked

The verb you're looking for is stole

Sherloking is when a Walmart is built next to a cornershop. Here the dude tore open the corner shop while claiming to be a victim.

replies(2): >>41821969 #>>41821973 #

CharlesW ◴[12 Oct 24 19:56 UTC] No.41821973[source]▶

>>41821872 #

When I posted, I was under the impression that ACF was open source. But the GitHub repo doesn’t list one, so if it’s not open source…WTF.

replies(3): >>41822031 #>>41822266 #>>41822313 #

1. danillonunes ◴[12 Oct 24 20:28 UTC] No.41822266[source]▶

>>41821973 #

I think being GPL is a requirement to host plugins in wp.org, so yes, that free version available there is (was?) open source.

↑

Secure Custom Fields by WordPress.org