qwertysimo
Forum Replies Created
-
Hi, do not worry about your tone, that is fine! I see your point perfectly.
To be honest, I have played a bit with the code couple of days agot and got it to generate URLs using a custom parameters like “my_gallery_id=” instead of “gallery=”. Unfortunately I got lost in decoding permalinked URLs back combined with rewrite engine. I will give it another try when I have more time.
Thanks for your comments.
photocrati, thanks for explanation and you are right – your answer disappointed me. With 7+ milion downloads I would put fixing security issues to the top of my to-do list. I cannot imagine what must-have features in v2.0 can be more important than this.
Shonu, thanks. I am not quite sure this is the way I want to go. Anonymous access is the majority of my site visits. I do not like concept of pushing users to register just to cover limitations of a plug-in
I want that anonymous visitors only see galleries I want them to see, with no chance to access other galliers by modifying one number in an URL – a 5 second task for everybody who knows what an “URL” is.
I am suprised I do not see any replies. Maybe I did not write it clear enough, sorry for my English. Another try:
Question from plug-in FAQ: Can I password protect galleries?
My answer: No way! Do not waste your time trying that.I appologize to plug-in author if I am wrong but first, please, try these steps to see my point. I made a fresh clean public installation of WP 3.5.1 with only one installed/activated plug-in, NGG 1.9.12. There is one public post with album showing “public image”. There is also a password protected page with album showing “private image”. Please, follow these steps and answer my question at the end of this post.
- Open http://ngg.qwerty.sk site.
- Click on “My Public Gallery” link to show the album.
- You should see this URL in your browser address bar:
http://ngg.qwerty.sk/?p=1&album=1&gallery=1&pageid=1 - Go to address bar and change
gallery=1 togallery=2 and press Enter. - Please notice that thumbnail “public image” has changed to “private”, or, in fact you see a gallery from my password protected page I never wanted to share with you. (Password to access the protected page is “password”, check the album.)
My question is: What to do to prevent this behaviour?
As I wrote in my first post, it seems that content protection has no priority in development. What to say…
There might be a 2-step workaround how to protect your content in NGG.
- The first step is easy – to activate permalinks in NGG settings. When you turn on option “Activate permalinks”, in step 3 above you would see this URL:
http://ngg.qwerty.sk/?p=1&album=my-public-album&gallery=my-public-gallery&pageid=1
You think you are done, because nobody can guess your gallery name. That is true. But, if you edit your address bar and enter this URL:
http://ngg.qwerty.sk/?p=1&album=my-public-album&gallery=2&pageid=1
you will see that private image again. This is because permalinks are translated to URL parameters that use numerical IDs instead of names you give to galleries. - The second step would be to change URL parameter names. I mean, if you modify NGG plug-in to use URLs like
http://.../?my_album_ABC=aID&my_gallery_DEF=gID,
nobody can guess what an URL should look like. I can imagine to have URL parameter configurable on NGG plug-in options page. I am not that good in PHP to modify the source. Can someone do it?
Am I completly wrong with my understanding of this problem. Did not I find some existing configuration options? Do you protect your content in different way? Can you share?
I found this post about setting up “activate permalinks” option in NGG. It works nice. When I hover over album thumbnail, instead of URL showing “/?album=aID&gallery=gID”, browser shows URL in form of “/album-name/galery-name”.
Great, but useless!
If you open any public post (on your site) containing NGG album, you can edit URL in address bar and include “/?album=aID&gallery=gID” to access all existing galleries.
Can someone help to disable showing an gallery when using a properly formated URL?
I have another workaround: I edited file edit-thumbnail.php:
Line
hT = coords.h;
replaced with
hT = Math.round( coords.w / 1.5 + 0.5 );(1.5 = my aspect ration (180/120)).
I am getting exactly 180×120 thumbnails now.
I made a screencapture, zoomed to pixel level:
http://qwerty.sk/images/snap00052.jpgTop left image is 180×119, top right image is 180×120.
How to make Edit Thumb action to produce thumbnail of preset size??
Hi, I found solution for the latest issue above. It was neccessary to modify Subscribe2 plugin, not the Polylang.
In subscribe2.php find this code:
if ( is_admin() ) { require_once( S2PATH . 'classes/class-s2-admin.php' ); global $mysubscribe2; $mysubscribe2 = new s2_admin; $mysubscribe2->s2init(); } else { require_once( S2PATH . 'classes/class-s2-frontend.php' ); global $mysubscribe2; $mysubscribe2 = new s2_frontend; $mysubscribe2->s2init(); }and add two lines at the end of else section:
remove_action('init', array(&$mysubscribe2, 'load_strings')); add_action('wp', array(&$mysubscribe2, 'load_strings')); // after PolylangFrom this moment all Subscribe2 messages show up translated. Solution found in this post. Thanks Chouby.
OK, thanks for explanation. Have a nice day.
I suspect that none of strings read in function load_strings() in class-s2-core.php picks up translation.
(That is why I reported English string for {ACTION} variable. Now I see this string is declared in this function as well.
When I was testing reported issues a day ago, I did not install Polylang plugin – hence it seemed everything was OK.)
Hi again,
I found another issue. I reduced it to this minimal scenario:
- clean WP 3.5.1 installation with WPLANG = sk_SK; tested with Twenty Twelve and Responsive themes
- activated Subscribe2 8.9.1 plugin with two implemented modifications discussed previously in this post; with sk_SK .po/.mo files in root
- enabled and added Subscribe2 widget to sidebar
- Polylang 1.0.4 plugin
When Polylang plugin is not active, your widget shows translated message (original: “You may manage your subscription options from your … profile”). Great, as expected.
When I activate Polylang plugin, your widget suddenly shows English message.
Now I go to Polylang settings and add new language, sk_SK in my case.
I expected that your widget now shows translated message but it does not. I cannot make it to show translation. I assume it is related to language code reading…
If you deactivate Polylang plugin, your widget picks up translation.
Please, don’t say it is a cache issue or theme issue. Other widgets I use correctly show messages based on current language set by Polylang language switcher. Please, can you investigate your code and identify the issue? Thanks.
Your fix works. Good job and good luck with future releases.
WP 3.6 beta 1 + Twenty Thirteen + Subscribe2 8.9.1 (with sk_SK) = this picture
Browser cache cleared, new DB created, new subdomain created, fresh downloaded and installed…
OK. Thanks. Meanwhile, I put “print_r( $widget_options )” into function S2_Counter_widget() (after $widget_options assignment) in counterwidget.php and the output was:
Array ( [classname] => s2_counter [description] => Subscriber Counter widget for Subscribe2 )For some reason, __(‘Subscriber Counter widget for Subscribe2’, ‘subscribe2’) does not pick up translation.
I will install latest dev code tonight to test as well.
Yesterday I wrote this my third post above:
“today I tried to install original English package for WordPress, with new database schema and tables, but still no progress.”If your plugin has issues described in this discussion, which are present in clean WordPress installation with default Twenty Twelve theme, can you unveil what theme you are using? I can do another clean WP installation with your theme to see if it helps.
Thanks a lot.
Thanks for explanation. I just wonder, if couple of other plugins work as expected in my theme (Responsive) in my WP installation, why your plugin does not work in the same theme and WP installation… I hope you see my point.
OK, let me know your findings please.
