happy support
Forum Replies Created
-
Sorry our code be removed from our reply, we’d like copy it in here:
function tooltips_free_language_setting_panel($title = ”, $content = ”)
Inside this function, we used:echo $content;
We call this function as follows:
tooltips_free_language_setting_panel($title, $content);
And the $content variable is constructed like this:
$content .= ‘… ‘ . esc_attr($glossaryLanguageCustomNavALL) . ‘…’;
As you can see, we followed WordPress security standards by applying the esc_attr function to the $glossaryLanguageCustomNavALL variable before passing it into the function.
We thought, tooltips_free_language_setting_panel is a safe function because we already applied security measures before calling it. However, RIPS flagged this approach as unsafe. So we re-developed our plugin like this:
function tooltips_free_language_setting_panel($title = '', $content = '')
{
$allowed_html = array(
'a' => array(
'href' => array(),
'target' => array(),
),
'i' => array(),
'p' => array(),
'br' => array(),
'table' => array(),
'tr' => array(),
'td' => array(
'width' => array(),
'style' => array(),
),
'input' => array(
'type' => array(),
'id' => array(),
'name' => array(),
'value' => array(),
'required' => array(),
'placeholder' => array(),
'class' => array(),
),
'button' => array(
'type' => array(),
'id' => array(),
'name' => array(),
'class' => array(),
'value' => array(),
),
'form' => array(
'method' => array(),
'action' => array(),
'name' => array(),
'class' => array(),
),
);
and
echo wp_kses($content, $allowed_html);We had hoped this issue would be fully resolved…
Forum: Plugins
In reply to: [Tooltips for Wordpress] Load image per lineHi @flx90,
I hope this message finds that you are doing well and haiving happy days with your family 🙂
We checked your website and found that when the mouse hovers over the title, a pop-up window displays an image. 🙂
About “But I want to show the loading progress of the image line per line”
Sorry, I’m not quite sure I completely understand your needs. Could you please tell me in detail what you’re looking for so that I can better assist you? 🙂
Thanks, have a blessed day with your family 🙂
Best Regards,
Support
Hi @ianwork,
Dear friend, I hope this message finds you well and that you’re enjoying happy moments with your family.
Thank you for your reminder. Safety is our top priority.
After receiving your notice, we reviewed the security sites again and found that most report the issue as related to <=10.8.3, and one source mentions an XSS issue in 10.9.3 with the note:
“Low priority, no impactful threat,” and
“This security issue has a low severity impact and is unlikely to be exploited.”
We have run several types of security analysis to scan our plugin once more, but we have not received any issue reports.
Dear Sir, We have carefully looked into this situation again. Let us explain what happened:
A few years ago, we rewrote our plugin in full compliance with WordPress security standards. One month ago, we received a user report about an XSS vulnerability. We immediately scanned our code using RIPS and identified the issue, which we fixed within 4 hours(10.8.7). In the language add-on, we have the following function:function tooltips_free_language_setting_panel($title = ”, $content = ”)
Inside this function, we used:
We call this function as follows:
tooltips_free_language_setting_panel($title, $content);
And the $content variable is constructed like this:
$content .= ”;
As you can see, we followed WordPress security standards by applying the esc_attr function to the $glossaryLanguageCustomNavALL variable before passing it into the function.
We thought, tooltips_free_language_setting_panel is a safe function because we already applied security measures before calling it. However, RIPS flagged this approach as unsafe. So We re-write our code like this:
function tooltips_free_language_setting_panel($title = ”, $content = ”)
{$allowed_html = array( 'a' => array( 'href' => array(), 'target' => array(), ), 'i' => array(), 'p' => array(), 'br' => array(), 'table' => array(), 'tr' => array(), 'td' => array( 'width' => array(), 'style' => array(), ), 'input' => array( 'type' => array(), 'id' => array(), 'name' => array(), 'value' => array(), 'required' => array(), 'placeholder' => array(), 'class' => array(), ), 'button' => array( 'type' => array(), 'id' => array(), 'name' => array(), 'class' => array(), 'value' => array(), ), 'form' => array( 'method' => array(), 'action' => array(), 'name' => array(), 'class' => array(), ), );and
echo wp_kses($content, $allowed_html);We had hoped this issue would be fully resolved…
I’m not entirely certain, but here’s some context that might help explain it:We first developed this plugin back in 2008 and released it on WordPress as free open‑source plugin. In line with the open‑source spirit, we’ve always preserved our modified sections as comments in each new release. This lets users review our updates and easily revert to earlier versions if needed.
Over the past 16 years, we’ve built hundreds of versions across our different Tooltips series plugins. As a result, our codebase includes many years’ worth of outdated, commented‑out sections. We’re wondering if security scanning tools might be flagging these old, inactive code fragments.Even so, we want to be clear: security remains our absolute top priority.
That’s why we’re taking these steps:
We will remove all old code from our comments entirely.
We will fully rewrite every line of code in the plugin to ensure it strictly follows the highest WordPress security standards.Now is the perfect time to rewrite our plugin — shaped by 16 years of user requirements, we can fully restructure it and rewrite the codebase. For instance, maybe we can start using modern CSS features like flex/grid and CSS variables. We’ve long manually coded many modules (for example, automation effects...etc) ourselves, and moving forward, we may replace some of these custom-built modules with existing MIT open-source solutions — this will let us deliver even more powerful functionality to our tooltip users, while still honoring the care we’ve put into those handwritten automation effects, and so much more.We’re excited to build a better plugin for everyone.
Thank you so much — your support helps us improve the experience for all Tooltips users. 🙂
Thanks, have a blessed day with your family 🙂
Best regards,
Tooltips Support
Forum: Plugins
In reply to: [Tooltips for Wordpress] Sidebar supportDear @venutius,
I hope this message finds you well and that you are enjoying happy days with your family. 🙂
We released a new version of Tooltips to enhance the tooltips widget functionality. The tooltip widget now has full Elementor compatibility.
in this release, we introduced a new Elementor Tooltip widget that works seamlessly with the Elementor Free editor.
With the new widget, you can:
Add tooltips using drag & drop
Edit tooltip text visually
Create clean, user-friendly explanations
Build tooltips faster than ever beforeEverything works directly inside Elementor
— just like any other Elementor widget.
Thanks, have a blessed day with your family. 🙂
Warm regards,
Tooltip Support
Hi @babylon1999,
Thanks for the report 🙂
We Fixed the Issue: Stored Cross-Site Scripting in 4 Hours
Our developers sacrificed sleep, working through the night to review our code, and we have released WordPress Tooltips 10.8.7 to enhance plugin security.
1. Enhancements to the Language Settings Panel
2. Improvements to the Tooltip Import File
You can find our detailed document at:
tooltips.org/we-fixed-the-issue-stored-cross-site-scripting-in-4-hours-securing-your-wordpress-tooltips-and-language-settings-best-practices-for-file-uploads-data-sanitization-and-user-input-handling/
Thanks, have a blessed day with your family 🙂
Best Regards,
Support
Hi, I hope this message finds you well and that you’re enjoying happy days with your family. Thank you for the report—we take security seriously and will address this as a priority.
Our plugin does not accept any user input on the frontend; content input is restricted to the WordPress admin area. We follow WordPress security standards by using sanitize_* functions, esc_* helpers, and context-aware escaping to enhance code security.
We will review the report and audit all input paths again. We plan to release a new version with the fix and publish a security advisory, including a changelog and upgrade notes.
We appreciate your report and will fix the issue as soon as possible. Thanks, and have a wonderful day with your family!
Best regards,
SupportForum: Plugins
In reply to: [Tooltips for Wordpress] Sidebar supportDear @venutius,
I hope this message finds you well and that you are enjoying happy days with your family. 🙂
We released a new version of Tooltips to enhance the tooltips widget functionality. The tooltip widget now has full Gutenberg compatibility. Tooltip users can add the tooltip widget in the sidebar as follows: In Gutenberg, click on Legacy Widgets; you will find the Tooltips widget—just drag it to any sidebar where you want to display it.
Currently, we have completed a new version to support Elementor tooltips. Tooltip users can add tooltips in the Elementor page builder directly by clicking the Tooltip widget icon. We are testing the version and will publish it very soon. Then, we will add the tooltip widget in the Elementor page builder as well.
Regarding “Do you think there could be a way where I could get the tooltip to work when the user hovers over the actual link?”
I think we already support it? We created a demo in the post: tooltips.org/%f0%9f%9a%80-wordpress-tooltips-plugin-update-full-gutenberg-polylang-compatibility-for-widgets-wordpress-tooltips-pro-plus-36-2-8/.
If you open the page, you will see that when the mouse hovers over the link “WordPress Tooltips Pro Plus Plugin,” a tooltip window pops up with the tooltip content.
Thanks, have a blessed day with your family. 🙂
Warm regards,
Tooltip Support
Forum: Plugins
In reply to: [Tooltips for Wordpress] Tooltips no longer displayDear @simonjonharding,
I hope this message finds you well and that you are enjoying wonderful weekend with your loved ones.
We apologize for the delay in our response. If you contact us at tooltips.org/contact-us/, we have a small gift for you. 🙂
We’re sorry for the inconvenience—our developer fell ill and endured many sleepless nights. We’ve just brought the service back for our users, and we will check the support forum daily and reply quickly. 🙂
It’s great to know you have find another perfect solution, wishing you continued success with your work 🙂
Thanks, have a blessed weekend with your family 🙂
Best Regards,
Support
Forum: Plugins
In reply to: [Tooltips for Wordpress] Pro activation breaks siteHi @szocshanna,
I hope this message finds that you are doing well and having wonderful days with your loved ones 🙂
We’ve released several updated versions to address the theme conflicts issue, and we’re pleased to confirm that all issues have now been resolved. 🙂
Thank you very much for your positive review. We will be giving you a gift as a token of our appreciation, and we will send the relevant details to your email as soon as possible. 🙂
Thanks, have a blessed weekend with your family 🙂
Best Regards,
Support
Forum: Plugins
In reply to: [Tooltips for Wordpress] Tooltips no longer displayHi @simonjonharding
I hope this message finds you well and that you are having happy days with your family. 🙂
Sorry for the delay. We responded to your ticket at tooltips.org/forums/topic/tooltips-no-longer-display/ a few days ago and will repost the response here for your convenience:
Sir, I’m sorry to hear about the issue. We checked your site and found that you are using a cache plugin called SG Optimizer. We suspect that this cache plugin is breaking the JavaScript code in the tooltips plugin. Ensuring that your tooltips function properly in WordPress while using the SG Optimizer plugin is a simple process. Just follow these friendly steps:
Step 1: Log into Your WordPress Admin Area
Begin by signing in to your WordPress admin dashboard. Once you’re in, locate the “SG Optimizer” menu item on the left-hand sidebar.
Step 2: Navigate Through the Tabs
In the SG Optimizer settings, you’ll see several tabs:
SuperCacher Settings
Environment Optimization
Frontend Optimization
Image Optimization
Step 3: Adjust Frontend Optimization Settings
Click on the Frontend Optimization tab. Here, look for the option labeled “Load Render-blocking JavaScript Files Asynchronously.”
What This Option Does:
Disabling this setting prevents asynchronous loading of JavaScript files in the header section of your site, which can interfere with tooltip functionality. To keep your tooltips running smoothly, simply toggle this option off.
SG Optimizer “Frontend Optimization” Tab
Once you’ve made this change, your WordPress tooltips should work perfectly with the SG Optimizer plugin! Enjoy a more interactive and engaging experience on your site!
More details please check tooltips.org/forums/topic/tooltips-no-longer-display/
Thanks, have a blessed day with your family 🙂
Best Regards,
WordPress Tooltips Plugin SupportForum: Plugins
In reply to: [Tooltips for Wordpress] Uncaught SyntaxError: missing ) after argument listDear @venutius and mhmuc,
I hope this message finds you well and that you are enjoying happy days with your family. 🙂
Thank you for the bug report; we are happy to resolve the issue for you. 🙂
Regarding the “uncaught syntax error,” we apologize for the inconvenience. We conducted several tests, but we were unable to replicate the issue on our side. We have created a tooltip demo here — demos.tooltips.org/thank-you-for-the-bug-report/:
If you hover over the tooltip term in demos.tooltips.org/thank-you-for-the-bug-report/ , you will see everything works well. Additionally, in the tooltip popup window, you will find that we inserted another tooltip keyword, “Welcome,” in the description of the tooltip term “Contact us now.” Unfortunately, as you can see, there are no issues present in this demonstration.
The challenge we face is that we are unable to replicate the problem, so we cannot debug it to identify the cause. Would you please:
- Log in as a WordPress admin.
- In the WordPress dashboard, click on the tooltips menu item.
- Click “Export Tooltips” to export the tooltip terms. This will generate a CSV file containing the tooltip terms. Could you please share this file with us? We will import the tooltips on our side and attempt to replicate the issue in order to resolve it for you. 🙂
We apologize for the delay in our response. If you contact us via tooltips.org/contact-us/, we have a gift for you! 🙂
Thank you, and have a blessed day with your family!
Best Regards,
WordPress TooltipsForum: Plugins
In reply to: [Tooltips for Wordpress] bug since some daysDear mhinparis,
I hope this message finds you well and that you are enjoying happy days with your family.
Thank you for the bug report; we are happy to resolve the issue for you.
Regarding the “bug from a few days ago,” we apologize for the inconvenience. We conducted several tests, but we were unable to replicate the issue on our side. We have created a tooltip demo that you can find here: Great Form — demos.tooltips.org/great-form/
Here’s what we did:
1: On our site, we installed the great plugin Formidable Forms.
2: We created a blank form titled “Thanks.” In the form, we added a text field labeled “Thanks,” set the form name as “Thanks,” and clicked save.
3: Next, we created a page called “Great Form” —demos.tooltips.org/great-form/ — where we added the tooltip term “Contact us now” and published the page.
4: Then, in the Formidable Forms plugin, we selected “Embed” and chose the page “Great Form.
5: We inserted the “Thanks” form into the page “Great Form” and also included the tooltip term “Contact us now.” When you hover over the tooltip term, it works well.
6: On the front end, in the form “Thanks,” we entered “hi” and clicked the “Submit” button. Everything worked correctly, and we did not encounter any errors.
Could you please let us know what issues you are experiencing on your side? Once we understand how to replicate the problem, we will fix it for you as soon as possible.
We apologize for the delay in our response. If you contact us via tooltips.org/contact-us/, we have a gift for you!
please note: our detailed reply with screenshots can be found at tooltips.org/dear-mhinparis-thank-you-for-the-bug-report/
Thank you, and have a blessed day with your family!
Best Regards,
WordPress Tooltips- This reply was modified 10 months, 2 weeks ago by Jan Dembowski. Reason: Giant smileys deleted, it was not readable with full column width emojies
Forum: Plugins
In reply to: [Tooltips for Wordpress] Using with WoocommerceHi @vladav,
I hope this message finds you are doing well! With Christmas just around the corner, I wanted to take a moment to send you an early Merry Christmas and a Happy New Year!
Thanks for the message , we are very happy to help you 🙂
Thank you for providing the URL, sorry this is the first time we heard this kind of problem, would you please contact us at tooltips.org/contact-us/ ? We have a couple of questions and we apologize for the delay in responding and we would like to send you a gift as an apology and thank you. 🙂
Thanks, I hope this festive season brings you plenty of joy, love, and wonderful moments with your loved ones 🙂
Best Regards,
Support
Forum: Plugins
In reply to: [Tooltips for Wordpress] Useless link in tooltipHi @klwild,
I hope this message finds you are doing well and having wonderful days with your family 🙂
Thanks for the message , we are very happy to help you 🙂
Thank you for providing the forum URL, I know this is a great forum plugin, and I noticed that in your forum mecker-ecke.com there are some tooltip terms like facebook / tiktok that don’t work well in the forums, at this time, we don’t support loading the tooltip effect on content which generated by this great forum plugin, but we’d be happy to integrate the tooltips with the forums! plugin integration if that’s what you want. 🙂
Sir, would you please contact us at tooltips.org/contact-us/ ? We have a couple of questions and we apologize for the delay in responding and we would like to send you a gift as an apology and thank you. 🙂
Thanks, have a blessed day with your family 🙂
Best Regards,
Support
Forum: Plugins
In reply to: [Tooltips for Wordpress] First tooltip appears, others do not (2)Hi @davidyo2
Hope this message find you are doing well and having wonderful day with your family 🙂
Thanks for the message, we are very happy to resolve the issue for you 🙂
Sorry this is the first time we heard this kind of problem, would you please create a ticket via tooltips.org/contact-us/ , our developer will help you resolve the issue as soon as possible we can 🙂
We apologize for the delayed response, we have received many amazing features requests from users for the Tooltip Pro plugin functionality, we release one version a day we’re losing sleep, once got your ticket, we will give you a gift as a Sorry 🙂
Thanks, have a wonderful day with your family 🙂
Best Regards,
Support