ablewave

For anyone who has the problem with using on a subdomain (ex: http://sub.domain.com):

Mine was a cpanel/whm install, and Apache was using http://www.sub.domain.com as the SERVER_NAME.

In the file wp-content/plugins/chenpress/fckeditor/editor/filemanager/browser/mcpuk/connectors/php/config.php

Change the line (its around line 40)
‘$fckphp_config[‘urlprefix’]=$fckphp_config[‘prot’].$_SERVER[‘SERVER_NAME’];’

to

$fckphp_config[‘urlprefix’]=$fckphp_config[‘prot’].$_SERVER[‘HTTP_HOST’];

The editor will then reference images correctly, instead of using ‘<img src=http://www.sub.domain.com….>’

My issues from previous post have been solved – Thanks Chen for a great plugin.

New problem though:
using Chenpress on a subdomain (ex: http://sub.domain.com) – the image browser will automatically add a www in there, thus breaking the proper image reference (ex: http://www.sub.domain.com/wp-content…etc). Thought I might have found in the filemanager config.php on line 39:
$fckphp_config[‘urlprefix’]=$fckphp_config[‘prot’].$_SERVER[‘SERVER_NAME’];

Is this the line that needs to be changed? If so, to what?

Thanks in advance for any help.

Anyone have the file uploading feature working here? It doesn’t seem to be finding the file structure properly. My WP installation is in the web root (www.mydomain.com/index.php). I’ve gone through those config files, and that doesn’t seem to do it.

Anyone have this working for 1.5.1.1 yet? I just need to block unregistered users from viewing posts. Using some kind of plug in seems like the most upgrade-friendly way to do it, but I’m open to other ideas if you have them.

Thanks!

Consider itreported here. Had my images directory wiped out across 5 different WP sites I was running due to 777 *(all files wiped out, and an index.html “hacker signature” file put in their place). This can happen to any 777 directory, not necessarily the just one you have designated for upload (trust me).

From what I have read, there are conflicting reports. Some say it is the hosting situation whether 755 will work, yet I saw another post mentioning that he had other scripts using 755 that worked, yet WP needed 777 on the same host.

Many other posts say things like “they are only images, so it will be ok” – you can say that until 100 or more images are wiped out and your site looks like a disaster. Or worse yet, explain it to a paying client.

The one thing I have used that seems to work is a technique used by other CMS’s such as Mambo – put a blank “index.html” file in each of these image/upload directories. That will prevent the hacker from reading the dir from http. We got targeted again recently, and that seemed to work.

That said, would still love a definitive answer from the WP team as to what the minimum CHMOD we can use and still be able to upload safely. Would also love to see a “How to Secure WP” doc from any experienced user who has the time. Thanks in advance!!