Terms of Use Inline Thickbox

  • Resolved yezzz

    (@yezzz)


    8 years, 4 months ago

    With the new inline thickbox url I thought I’d rewrite my resize script. However I noticed the thickbox now ignores width/height values. I guess you didn’t see it when you made the changes. Can you confirm and see if there’s a fix for this. Otherwise I’ll write something to set the styles directly.

    As for more safety it takes less than 1 minute to make the form inaccessible without url parameters by putting this at the top of the form template:

    <?php if(!count($_GET)) {
echo 'You cannot access this form directly';
}else{
?>
// regular template below this line

    https://wordpress.org/plugins/wp-greet/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter yezzz

    (@yezzz)

    8 years, 4 months ago

    It’s also great for adding custom content, like an ad, SEO content, or an image gallery 😉 For those who like to try the above. The last line should be html comments
    <!-- regular template below this line-->

    An even safer approach would be to show the form only when image parameter is set in the url, but I’m not sure it has other implications

    <?php if( !isset($_GET['image']) ){
echo 'You cannot access this form directly';
}else{
?>
<!-- regular template below this line -->

    Of course baddies can still get to the form if they follow a link from image galleries that have been setup for ecard use.

    Sorry to be off-topic, but it was the improved thickbox security that started this 😉

    Plugin Author tuxlog

    (@tuxlog)

    8 years, 4 months ago

    The external thickbox had to include wp-config.php which is not allowed by the wordpress guys, so I put it inline. And of course this means you can not change the thickbox parameters from the outside. I have had a discussion with Mika (core developer) and the result was:

    Including wp-config.php, wp-blog-header.php, wp-load.php, or pretty much any other WordPress core file that you have to call directly via an include is not a good idea and we cannot approve a plugin that does so unless it has a very good reason to load the file(s). It is prone to failure since not all WordPress installs have the exact same file structure.

    Well, I can understand what Mika said. There are several reasons not including wp-config.php directly: security, performance (the whole WP stuff gets loaded twice). may produce side effects, which are difficult to track down.

    But you can do the following:
    – Edit wpg-form.php and change width and height for the thickbox link directly into the code
    – You have to replace the ? before width with a & (I will do this for the next release)

    Thread Starter yezzz

    (@yezzz)

    8 years, 4 months ago

    Ok, thanks for the background info. So, then here’s my new resize script for use with v4.8. Hardcoded the url again to keep it simple.

    Instructions for users:
    Place the script in your wp-greet-form-template.php file
    Use with wp-greet 4.8 and later.
    Adjust the 4 var values to your liking. The tosReduce… values make the box smaller, like margins. The tosMax… values set maximum dimensions: 600 = wp-greet default.

    <script>
/* wp-greet v4.8+  Terms of Use autoresize Thickbox */
var tosMaxWidth=600;
var tosMaxHeight=600;
var tosReduceWidth=50;
var tosReduceHeight=50;

function resizeTos() {
var tosWidth = window.innerWidth-tosReduceWidth;
if (tosWidth > tosMaxWidth) {
    tosWidth=tosMaxWidth;
}
var tosHeight = window.innerHeight-tosReduceHeight;
if (tosHeight > tosMaxHeight) {
    tosHeight=tosMaxHeight;
}
jQuery(".wp-greet-form .thickbox").attr("href", "#TB_inline&width=" + tosWidth + "&height=" + tosHeight + "&inlineId=wpg-tou" );
}
jQuery(document).ready(resizeTos);
jQuery(window).resize(resizeTos);
</script>
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Terms of Use Inline Thickbox’ is closed to new replies.