Česlav Przywara
Forum Replies Created
-
Forum: Plugins
In reply to: [Contact Form 7] Sender email address does not belong to the site domain.Hi Daniel,
You can ignore this error as long as the form still works.
It’s more a warning than a real error: on some webhosts, webserver is only allowed to send email from email address that belongs to the site domain.
Thanks for fixing it in 1.6 🙂 Also the
flamingo_csv_quotationfilter is handy!Forum: Plugins
In reply to: [Flamingo] Bug: Superfluous field in CSV exportThanks for fixing it in 1.6!
Forum: Plugins
In reply to: [WP Store Locator] Compatibility with PolylangAnother related PHP notice:
Use of undefined constant ICL_SITEPRESS_VERSION in [...]/wp-store-locator/inc/class-i18n.php on line 87- This reply was modified 8 years, 11 months ago by Česlav Przywara.
Hi,
The statement I made above is false. “Prevent Hotlinks” feature does not prevent direct access, it only prevents hotlinking. In other words: it prevents images (or other media) from your site to be directly embedded on other website.
Cheers,
ČeslavForum: Plugins
In reply to: [Cachify] Htaccess rules HDD cache and HTTPS onlyHi,
I’m sorry, but the only solution I can think of is to rename the cache directory to something random. But you would have to edit both .htaccess and plugin file(s) to make it work…
All the best,
Ch.Forum: Plugins
In reply to: [Cachify] Htaccess rules HDD cache and HTTPS onlyForum: Plugins
In reply to: [Contact Form 7] Request: Language selection optionHi,
Perhaps the simplest solution would be if Contact Form 7 created new forms in site language, not admin user language.
Forum: Plugins
In reply to: [Polylang] Polylang not recognize browser languageHi,
Are you sure you don’t have any cookies left in your iPad browser? I just tested Polylang 2.1.1 and, as long as the pll_language cookie is not set, the language detection works ok.
Btw. it would help, if you posted a link to your website…
Cheers,
ČeslavForum: Plugins
In reply to: [Polylang] Flags links wrongHi,
In Languages > Settings > URL Modifications, do you have maybe “The front page url contains the language code instead of the page name or page id” checked?
Cheers,
ČeslavHi Nastia,
Thanks for quick response. I know how to fix these problems, I just wanted to let you know 🙂
Cheers,
ČeslavBut, for the others php of plugins and themes? Full Path Disc. is very extended…
Well, as I said, if you are concerned with full path disclosure, then just apply
display_errors = Offvia your php.ini orphp_flag display_errors offvia your .htaccess (if your server supports it). As a webmaster, you are in control of your website and this is completely valid approach in such case. I also encourage you to report any errors to plugin/theme developers like you did here.On the other hand, as a plugin developer, I have no authority to decide whether a website should report errors or not – this is completely up to you (a website owner). Therefore, it is just wrong to call
error_reporting(0);from within plugin code. As a plugin developer, I only should ensure that my code has no issues that would result in error being reported.Can I use WordFence and AIOWSF together? I did try, but I get an error. Not login.
I don’t know about any compatibility problems, but having multiple security plugins active at the same time is often problematic. At least make sure you are not using the same features in both.
But maybe you can update AIOWSF Scaner the next time.
Maybe, I already have this function implemented, but it can be quite resource intensive and unfortunately I have no time to tweak it.
I hope you can find a better solution.
For a plugin, the best way to avoid full path disclosure is to not trigger any PHP errors. The problem you reported will be fixed in next version. I am not aware of any other part of plugin that could trigger a PHP error/warning/notice in the moment, but if you find any other similar issue, we’ll fix it promptly.
An off-topic question. How does AIO Scan work? I’ve tried the WordFence Scaner, it’s interesting, it even shows if a file has been changed.
AIOWPSF file scanner will alert you when file modification date has changed since the last scan. Wordfence file scanner is more powerful, because it can alert you when file contents has changed.
@mbrsolution The error message only appears, if a webserver has display_errors = On configured by default. Your probably doesn’t, so you couldn’t see it. The display_errors option can be altered in several ways, as @livingflame suggested in his posts.
However, this only hides the error, it does not fix it. Even that hiding error prevents full path disclosure, a better solution is to not trigger any error at all. In this case, it is enough to check if some of core WordPress constants is defined. If it is not, it means that php file is likely being accessed directly, so no code in the file should be executed (this way no errors are triggered and there is no full path disclosure). I already submitted a pull request, so this should be hopefully fixed in next version.
display_errors = Off works for all php full path disclosure.
But, for now, I don’t know if this solution is the best.
This is a completely good solution how to prevent full path disclosure, but only when applied by webmaster, not from within a plugin code. Imagine that you install a plugin that turns off error reporting and in the same time conflicts with your other plugins. Suddenly, your site stops working, but you see no errors. Frustrating.