wp_kc
Forum Replies Created
-
Thanks. I filed a bug report on your web site. Here is an update for others reading this support thread.
I found and fixed one problem only to find another. A plugin was adding a “defer” parameter to the link for jquery. Since Envira adds inline script in the header right after all the queued scripts are loaded, jquery wasn’t ready for it yet. There was a “jQuery undefined” error because of this. It might be better to surround that code in an onDocumentLoaded event.
After the defer issue was fixed, the images now load on the gallery page as normal. When you click on an image in the gallery, it opens in a lightbox, so that works too. But there is no way to close the lightbox or navigate to the next image in the gallery. When I looked at the javascript debug console, I saw this error immediately after clicking an image to view it…
Uncaught TypeError: s.get(...).style.removeAttribute is not a function F /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:11 jQuery 32 M /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:10 D /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:10 onload /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:10 L /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:10 envirabox /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:11 jQuery 2 envira-min.js:11:1033 F /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:11 jQuery 32 M /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:10 D /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:10 onload /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:10 (Async: EventHandlerNonNull) L /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:10 envirabox /wp-content/plugins/envira-gallery-lite/assets/js/min/envira-min.js?ver=1.8.3.1:11 jQuery 2Thanks.
Thanks.
Forum: Plugins
In reply to: [Advanced Custom Fields (ACF®)] PHP: Input variables exceeded 1000Some additional details…
Server setup:
- Debian 9
- WordPress – Version 4.9.8
- PHP 7.0 FPM
- Advanced Custom Fields – Version 4.4.12
- Advanced Custom Fields: Flexible Content Field – Version 2.1.0 (w/valid license)
- Advanced Custom Fields: Repeater Field – Version 2.1.0 (w/valid license)
Conditions causing the bug:
- The problem occurs when trying to add a new location rule to a field group using a single flexible content field.
- The flexible content field had 12 layouts, with a total of 37 sub-fields among them.
- The field group had 6 Location rules.
- 8 ‘Hide on Screen’ items were checkmarked
- This setup had been working in the past on the same server, with the same configurations files.
- Trying to add a new location rule resulted in the last 3 layouts (along with their 7 sub-fields) being deleted. The new rule also was not saved. And the last field of the last surviving layout was deleted, as well as some settings of the second to last sub-field.
Temporary work-around:
I bumped the php.ini variable ‘max_input_vars’ up to 2000, restarted apache, reconstructed the field group and was able to save it. So too many form variables being submitted at once is definitely causing the problem. Luckily, everything that used that field group was restored to normal operation after reconstructing the field group. Then I returned ‘max_input_vars’ to its default value of 1000 and restarted apache again to prevent attackers from trying to abuse GET and POST requests.Suggested solution:
It is my understanding that WordPress is moving toward using its REST-API for all screens in the admin area. Maybe now is a good time to start converting ACF to submit all data from the field group editor as a single JSON data string. This would avoid triggering the default 1000 input variable setting on apache.I bought and installed Ninjafirewall WP+ Edition. Syslog events are working great. I wrote a Fail2Ban filter for it too. Also available on Github
Thanks for your response. It sounds like I need to upgrade!
- This reply was modified 7 years, 11 months ago by wp_kc.
Forum: Plugins
In reply to: [Exploit Scanner] Hashes missing – 4.9.7https://github.com/philipjohn/exploit-scanner-hashes
The file goes in the plugin’s main directory.
I don’t know why it is not working then. When I do everything you recommended, the image urls show up as “http://234” or similar, like it is receiving an ID. However, if I change your code to…
$acf_exists = function_exists( 'acf_shortcode' ); foreach ( $posts as $post ) { $image = ''; $url = ''; $alt = ''; if ( $thsource == 'custom-field' ) { $debug .= 'Using custom field;'; //$url = $basic_url = get_post_meta( $post->ID, get_option( 'relpoststh_customfield', $this->custom_field ), true ); if ( $acf_exists ) { $url = $basic_url = get_field( get_option( 'relpoststh_customfield', $this->custom_field ), $post->ID ); } else { $url = $basic_url = get_post_meta( $post->ID, get_option( 'relpoststh_customfield', $this->custom_field ), true );…then everything works perfectly. I’m guessing that ACF does not store custom field data in the postmeta table using the specified ACF field name, but instead does some sort of name mangling that get_field() undoes.
Thanks!
I noticed though that the change log says, “This only affected users using a locale different than en.” This does not seem to be true in my case. All of them have the following added by Yoast SEO…
<meta property="og:locale" content="en_US" />Or does that change log refer to the less specific, and more generic “en” locale, with no country specifier? I guess it’s doesn’t matter as long as it is working now.
Same problem on my web sites too. Even worse, two of those sites use Fail2Ban, so the repeated 404s end up locking out my clients from their web sites!
Yup. The developer released the fix a few hours ago. Fast service!
Wow! Fast service! You are awesome.
Thanks!
You might also want to Google “SecRuleRemoveById” You can find a number of tutorials on finding which ModSecurity rule is being triggered on what requested URL. Then you can disabled that rule on that URL if you have access to your site’s .conf file for your web site (ModSec2 removed the ability to disable rules in .htaccess).
I run both ModSec2 and NinjaFirewall with no problems, but I do have about 10 modsec rules disabled to keep WordPress functioning normally (I still had to do that even with ModSec’s WordPress CRS whitelist enabled).
Do a Google search for “countmodsec” and/or “modgrep” to find some helpful scripts for tracking down what rules are being triggered.
I found this info to be helpful. I had one web site that just a couple of days ago started giving me the “It seems that the user session set by NinjaFirewall was not found by the firewall script…” message when looking at the NinjaFirewall Overview page. But all my other web sites with a similar setup were working fine. Another symptom was that all media uploads were being blocked on that site (because I had NinjaFirewall set to block all uploads for non-admins).
It turned out that a plugin called “mb.miniAudioPlayer” was causing the problem. I will start a new thread on that plugin’s support page to let them know.
Thanks!
Thanks!