Plugin Mod / Fork, Update and what happened

[thexmanxyz]

Hey there, I know many of you noticed that something strange happened to this plugin. There was over a long period no update and at the beginning of the year a new version was released and shared only over the website by a potential new owner. The old version which is available over this repo is still v3.3 and the version provided over the new "official" website (at least the domain changed) http://www.mapsplugin.com is v3.5. I did a rough diff over the files and there were a lot of changes between these two versions. But most of them look ok. However the changes were never updated here in the git repo (even after 8 months). That's mysterious. There is a popular fix for PHP 7 which also was not integrated even since it is known for at least a year #28

Moreover @jaccsnl noticed strange lines in the code, possibly found during a Sucuri.net scan - see also #39. So I tried to find the problematic lines described by @jaccsnl by myself because he did not provide further infos. As already discussed in #39 the related code that I found seems to be a bit strange and very questionable. Moreover I noticed a bug in 'plugin_googlemap3.css.php' and a deprecated Google Maps JS Api query parameter "signed_in=0|1", which is still sent during requests. So I decided to fix these issues, remove the mysterious lines of code described in #39 and create a new version. For further information please review #39 I will not describe everything I discovered again.

So the new version is 3.5.1 3.5.2 and contains:

• fixes Getting Array to string conversion error on Php 7 #28 / Fix#28 Avoid notice: Array to string conversion #30 / php7 Array to string conversion #36 for PHP7
• fixes Undifined variable: readonly #25 / Fix#25 Undefined variable $readonly #29 / Fix: Notice: Undefined variable: readonly; Feature: Force SSL #38 (force SSL - readonly already fixed in v3.5)
• fixes Maps JS API query parameter ("signed_in")
• fixes a bug introduced with one of the last joomla versions (factory.php lib moved to database subfolder), i corrected the path in 'plugin_googlemap3.css.php'
• the mysterious lines in 'plugin_googlemap3.php' were removed because they can be easily used to reload malicious code and i personally do not trust them (Hacked? #39)
• removed MOSX platform files

Please give me some time to prepare the new version. I will come back here to further discuss these issues and provide you further information. For more infos see the next post.

[thexmanxyz]

So finally the updated version v3.5.2 of the plugin with the above described fixes is here. I know that this is far from the best way to provide an update but currently I do not know a better or faster way to offer a distribution of the updated version of the plugin. I strongly recommend everyone who still uses this plugin to download this version and install it. However please consider the problematic situation around this plugin, I'm not responsible for anything...it's just a fix to circumvent the possibility to inject code over this potential "backdoor" as long as the owner does not communicate what these lines actually do and for what they are used. I personally doubt that these lines make any sense other than pushing some stuff on the webserver of a person using this plugin. Why load a credit from the server and not hard code it? It's stupid because if a person understands PHP code it doesn't makes it more difficult to remove the credit. That's the only comprehensible thing I can think about and this doesn't makes any sense either.

Everything is just an assumption by me, but as long as there is no official communciation or statement by the owner (other than the updates without any changelogs) on the "official" site, it's better to take care. Moreover I have to invest a bit more time to get an overview between the v3.3, v3,4 and v3.5 and the fake version(s) of the plugin because something is messed up in the whole version management and the overtaking of the plugin... I now fully reviewed the file and code changes from v3.3 - v3.5 and except the lines described in #39 there is nothing suspicious in the code as far as i can tell but I invite everyone to also do a review of the code. Especially the plugin and kml JS code obfuscated by minification...

Feel free to verify my archive and the code I uploaded. But there are no differences except the fixes described above. Moreover I hope that someone joins the discussion. I'm looking forward for some community input. The base for v3.5.2 was the version v3.5 taken from http://www.mapsplugin.com/update/. For the moment this version should work. In the near future I will create a fork of this repo because the current situation is far from acceptable. I don't have deep knowledge of the Maps API so I hope on participation :D.

plugin_googlemaps-J25_J3x.v3.5.2.zip

[ballaballa123]

Thanks a lot.

[thexmanxyz]

@ballaballa123 np

[ypr52]

I have been using 3.5.2 for a while and find no problems. Thank you for all your hard work.

[thexmanxyz]

@ypr52 glad to hear, np :)

[ypr52]

I have a question. The 3.5.2 plugin works fine on a live site but when using it on a test site (using XAMPP v3.2.2) it does not always load (I sometimes get a location in Holland). Do you know the reason for this?

[thexmanxyz]

@ypr52 TBH I can't really say what's the actual issue, never noticed it on one of my test sites. Open please a new issue maybe someone else has a solution. It would be better recognizable by other people within an separate issue. If there is a solution I will integrate it and create a new release.

[grantiago]

@thexmanxyz -- Five years late. Thank you. I've been using this for 3.5.2 without problems. It is, still, five years later, the only viable maps plugin for joomla. Does pretty much everything: kml, directions, sidebar, etc.. The important feature is it works in categories, articles, modules. It will display multiple instances of the map on one page! Rain, snow or sleet.

It would be great if someone could fork this 😉 and keep it going. I am here commenting as I was trying to mod another map plugin and I just don't have the coding skills with joomla. I dropped by to snoop around the code for some insight and felt the need to comment. 🍺 👍