WordPress.org

Support

Support » Plugins and Hacks » BulletProof Security » [Resolved] Default user avatar not loading anymore

[Resolved] Default user avatar not loading anymore

Viewing 15 replies - 1 through 15 (of 22 total)
  • Plugin Author AITpro

    @aitpro

    Check your BPS Security Log for errors and post ONLY any errors that are directly related to the Gravatar/Avatar plugin(s).

    Hello there, the error log has no entries whatsoever.

    Plugin Author AITpro

    @aitpro

    Ok next do these steps.

    1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Test your plugin or theme. If the problem is still occurring then the problem is not related to BPS.
    5. Restore your .htaccess files using BulletProof Security built-in Restore.

    If the problem goes away after doing step 4 then BPS is blocking something that the plugin or theme is doing. Once you have confirmed this then these 2 plugins will be tested and a solution will be posted here.

    I´ve done every step and the avatar was still gone. Then I deactivated the BPS plugin and all of a sudden the avatar was back.

    Plugin Author AITpro

    @aitpro

    Deactivating the BPS plugin only deactivates the BPS plugin itself and does not do anything else that would affect anything else. BPS is designed with the built-in troubleshooting tools instead as mentioned above to take BPS out of the equation for testing and troubleshooting. There may be some other issue/factor occurring that we are not aware of so these plugins will be tested to see if this is the case. The test results will be posted back here.

    I think I know what happens.

    The Simple Local Avatar Plugin adds a question mark in the rendered HTML and BPS gives an error when hitting it like this. Try it yourself:

    http://static.stevemakeup.com/avatar.png?

    (Not working, also there was another server error…)

    http://static.stevemakeup.com/avatar.png Working fine.

    I´ll try and find a way to hack that question mark out of the other plugin now.

    Plugin Author AITpro

    @aitpro

    hmm yep that Query string is missing something. Where is the rest of the Query string? Query strings should look like this: default-user-avatar-not-loading-anymore?replies=7#post-4170710

    The question mark in URL’s means a Query string starts here and then the parameters of the Query string follow the question mark.

    Will be testing this plugin shortly.

    Plugin Author AITpro

    @aitpro

    I assume the security rule or rules that is blocking this is one of these below. In any case, the Question mark alone without any parameters after the question mark is most likely a coding boo boo.

    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]

    Probably not this RFI security filter

    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

    Plugin Author AITpro

    @aitpro

    You could probably whitelist the avatar.png file by adding it as shown below.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Only Allow Internal File Requests From Your Website
    # To Allow Additional Websites Access to a File Use [OR] as shown below.
    # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
    # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F,L]
    RewriteCond %{REQUEST_URI} (avatar\.png|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    RewriteCond %{HTTP_REFERER} ^.*example.com.*
    RewriteRule . - [S=1]

    Plugin Author AITpro

    @aitpro

    Code correction: I fat fingered it so recheck the correction above. 😉

    What would I put in anotherwebsite.com and example.com?

    What of those should I use now? I´m a bit confused 🙂

    Plugin Author AITpro

    @aitpro

    You would ONLY be adding avatar\.png| and nothing else. Be sure to include the pipe operator | after avatar\.png|.

    RewriteCond %{REQUEST_URI} (avatar\.png|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]

    Plugin Author AITpro

    @aitpro

    For the Default Gravatar Sans plugin I do not understand what this plugin author is trying to do with the question mark. It does not make any logical sense for it to be there. Just delete them. My hunch is that this was never completed and forgotten about.

    function local_default_avatar( $url )
    	{
    		if( $option = get_option( 'raoh_CustomDefaultAvatar') )
    			$url = $option['url'];
    
    		return $url . '?';
    	}

    or here

    if ( 'blank' == $default )
    			$default = includes_url('images/blank.gif') . '?';
    Plugin Author AITpro

    @aitpro

    FYI – if you just want to create a custom avatar you can do this fairly easily by doing this.

    http://www.christine.biz/blogging/custom-wordpress-avatar/

    Plugin Author AITpro

    @aitpro

    Ah never mind I see what you are trying to do with both plugins. Allow users to upload their own avatar. Ok well by just making the code changes to the Default Gravatar Sans plugin then everything works fine.

Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘[Resolved] Default user avatar not loading anymore’ is closed to new replies.
Skip to toolbar