Skip to:
Content
Pages
Categories
Search
Top
Bottom

Search Results for 'code'

Viewing 25 results - 18,326 through 18,350 (of 32,518 total)
  • Author
    Search Results
  • #106411
    Anointed
    Participant

    before you relax the rules, wait until we hear from JJ. There is a possibility that the info is being saved to the db in a slightly different way than standard posts.

    I’ve been reading through the code, but do not have a strong enough understanding of wp to know for sure.

    No reason to relax unless needed, more security is always best :)

    #106409
    tooltrainer
    Member

    Yep I just found the same:

    ModSecurity: Access denied with code 500 (phase 2). Pattern match “((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe):space:+[A-Z|a-z|$

    I’m guessing it’s my use of the word “create” in my example string.

    Given how much my forum discusses code, I think I’m going to have no long term option but to relax ModSec. I’ve already asked the host to look into it so hopefully they come up with something.

    Thanks for all your pointers as usual!

    Jonathan

    #106408
    Anointed
    Participant

    It is not the individual words but the combination spaces and keywords that are usually used to ‘inject malicious code’ into a db.

    select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe

    *each host uses diff keywords, so your rules may vary

    I’d wait until you hear from JJ, just in case the info is saved to the db differently before you mod anything in mod-security

    #106407
    Anointed
    Participant

    Yup, it is mod-security, same on my end:

    [Sat May 28 18:03:04 2011] [error] [client ip] mod_security: Access denied with code 403. Pattern match ":space:+(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe):space:+[A-Z|a-z|0-9|\\*| |\\,]+:space:+(from|into|table|database|index|view):space:+[A-Z|a-z|0-9|\\*| |\\,]" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "mysite.com"] [uri "/topic/need-healing/page/3/"] [unique_id "TeFxGEUuJUQAAGLkflw"]

    You are probably going to have to have your host think about relaxing the rules.

    Only thing I don’t understand is why it works on posts but not topics/replies. I will read through how the topic/reply is being saved to the db and see if I can track it down. If not, I’ll ask JJ later.

    (he’s finally asleep after pulling yet another all nighter)

    #106404
    Anointed
    Participant

    @tooltrainer

    Keep in mind that this is only beta2, and there are very few people using this plugin so far. It is NOT intended for a live site as noted many times.

    *one last set of tests if you don’t mind:

    1. Try to create a new topic with the exact same string you are trying and see if that works.

    2. Try to create a new reply with the exact same string you are trying and see if that works.

    That will tell me if it is the replies or topics part of the code to look into.

    Finally, understand you have tried this same string a number of times, so it could be a hidden duplicate in the db. I would check your db tables to see if any of these attempts managed to save in a cell behind the scenes.

    JJ has been working on this plugin non-stop, check the change-log, and you will see he never sleeps LOL

    I still think it may have something to do with mod-rewrite. I am 100% that is what happened to me, although it could be different for you.

    What you really need is some server logs in order to really help track this down. If you have a half decent host, then it should only take them 2 mins to track down any errors.

    *It is a good idea to ask your host how to access your own error logs for server, security, and php

    #106402
    tooltrainer
    Member

    Yeah I can paste the content into a post without any issue.

    I’ll go through line by line until I find the offender(s), but if this is going to be a continued problem, I’m going to have to abandon bbP. If this is a bug I’m surprised nobody else is seeing it. :(

    Jonathan

    #106232

    In reply to: Changing Profile Link

    scylderon
    Participant

    Would be helpful to know how to integrate BuddyPress hooks into the bbp template as well. For example:

    <?php echo xprofile_get_field_data(#); ?>

    or

    <a href="<?php bp_displayed_user_link() ?>"><?php bp_displayed_user_fullname() ?></a>

    mhjerde99
    Member

    Great stuff!

    @kai920 +1 for adding “register” link to the login widget. And I like Register Plus Redux, that plugin works nicely!

    @anointed Thanks, good tip! Implemented.

    My sidebars disappeared when upgrading to beta 2b. I’m using the Woo Sidebar Manager and I had to move login/registration down in the footer for the time being. I can’t say for sure that there is causation. Esp because Sidebar Manager seems a bit flaky. But it happened at the same time :-)

    Anointed
    Participant

    @mhjerde99 Can I make a suggestion on the template?

    Add the following to your woothemes custom.css file in order to get full width forums. I saw your post over there, but didn’t really have time to answer your questions as I am also very busy building a custom woo theme.

    #content table.bbp-topics, #content table.bbp-forums, #content table.bbp-replies, #container table.bbp-topics, #container table.bbp-forums, #container table.bbp-replies, #main table.bbp-topics, #main table.bbp-forums, #main table.bbp-replies {
    width: 100% !important;
    }

    kai920
    Member

    I was just looking into this topic a bit – I wonder if it’s useful to add a “Register” link at the bottom of the login widget inside /bbp-includes/bbp-core-widgets.php? This would bring a user directly to /wp-login.php?action=register and would only display if WP’s “Anyone can register” option was turned on.

    I’ve also just installed the Register Plus Redux plugin (https://wordpress.org/extend/plugins/register-plus-redux/) which allows you to upload your own image for the registration page and gives other nice options.

    #106427
    kai920
    Member

    Good to hear – just updated to 3254 and I see Home > Forums > Forum Name breadcrumb :)

    #106426

    I’ve been tweaking the breadcrumbs, trying to find the sweet spot. There’s starting to be a lot of possible ways to display the forum archives now. With page templates, archives, shortcodes, etc… it’s hard to know what is the actual root and where.

    I think I’ve got it dialed in for Beta 3. I spent the majority of last night testing all of the above scenarios.

    #106393
    tooltrainer
    Member

    Definitely no chance at all that the content is identical. It’s like a 2 or 3 page post. :)

    I turned on the slug and – IT POSTED!

    So you’re right on with that… problem is I really seriously don’t want those slugs being shown. So is this just a bug that can be fixed perhaps?

    Thanks!

    Jonathan

    #106432

    I can guarantee you with 100% confidence that a bbPress plugin update alone will *never* nuke any files outside of the /wp-content/plugins/bbpress/ folder. :)

    When you update any WordPress plugin through the auto-updater, it deletes the plugin folder, recreates it, and puts the contents of the new version in there; that’s it.

    When are adding your theme compatibility? If you are hooking in on the ‘init’ or ‘wp’ actions, then it is too late for theme compatibility to pick it up.

    function anointed_theme_setup() {
    add_theme_support( 'bbpress' );
    }
    add_action( 'after_setup_theme', 'anointed_theme_setup' );

    Can you confirm the bbpress.css is inside the bbPress plugin directory and bbp-twentyten theme?

    If it wasn’t working at all, then your custom theme’s bbPress template files wouldn’t be getting loaded either.

    #106390

    @Johnathan – Can you use a tool like Firebug or Inspector, and look at the hidden input fields in your reply form?

    Should look like the following

    <input type="hidden" name="bbp_reply_title" id="bbp_reply_title" value="Reply To: Updated to bbPress 2.0 pre-beta 2" />
    <input type="hidden" name="bbp_forum_id" id="bbp_forum_id" value="138" />
    <input type="hidden" name="bbp_topic_id" id="bbp_topic_id" value="439" />
    <input type="hidden" name="action" id="bbp_post_action" value="bbp-new-reply" />
    <input type="hidden" id="_wpnonce" name="_wpnonce" value="0b78bb87eb" />
    <input type="hidden" name="_wp_http_referer" value="/discussion/topic/updated-to-bbpress-2-0-pre-beta-2/" />

    Also, some details about your configuration would be great. WordPress version, Multisite/single-site, custom theme/theme compatibility, etc…

    #106430

    There’s absolutely no way that bbPress is responsible for doing anything inside your wp-content/themes/ directory. If you made changes to files inside the bbPress plugin folder, then you broke the first rule of using a WordPress plugin. :)

    #38630
    Anointed
    Participant

    I’m no sysadmin, so understanding what is happening is a bit beyond me right now.

    Here’s what I was doing to cause the 403 error:

    1. I wanted to test to see what bbpress does with a really long forum post title, so I tried the following:

    Let’s create a really crazy long title name to see if the table properly removes any extra text from the title or not

    The body of the post says:

    Well I hope that title above was long enough, I can’t imagine any forum titles being longer than this one.

    When I click submit, I get a 403error below:

    [Fri May 27 20:21:10 2011] [error] [client 76.121.8.129] mod_security: Access denied with code 403. Pattern match ":space:+(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe):space:+[A-Z|a-z|0-9|\\*| |\\,]+:space:+(from|into|table|database|index|view):space:+[A-Z|a-z|0-9|\\*| |\\,]" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "mysite.com"] [uri "/forum/prayer-requests/healing/"] [unique_id "TeA-9kUuJUQAABVAGuk"]

    I am unsure of how to interpret the error, and what steps I need to take in order to resolve the problem. Hope this error helps identify something.

    wsokc
    Member

    Gotcha…

    Its because of bb_config integration.

    /** WP Theme **/

    define(‘WP_BB’, true);

    if ( !defined(‘DB_NAME’) ) {

    require_once( dirname(__FILE__) . ‘/../wp-config.php’);

    }

    Hmmm… Last time is not happening, why its happened now ?

    Is there any solution to integrate the theme without having to hardcode the theme itself ?

    Currently I installed bbpress on separate database.

    and I intend to separate the user too.

    So I want only to integrate the theme….

    Any better solution for this ?

    #106424

    The sanity check that I do in the breadcrumb is to check if the root slug is being included in the forums or not. If there’s no root slug, in the URL, then there’s no definitive breadcrumb that bbPress could know about. My logic may still be flawed here though. :)

    wsokc
    Member

    Still finding out…. no luck yet.. :(

    #106422

    You can manipulate the inclusion of the links on customized setups (such as the one I know you have.) :) Check out the plugin code and adjust it to suit your needs in your custom theme.

    When 2.0 goes gold, we’re committed to the code and functions that ship with it. So some objects might shift during shipping. :)

    #100618

    If you aren’t able follow the instructions provided, these kinds of things will happen. Revisit what you couldn’t do, and that should alleviate your woes. Hint: the functions.php code is also responsible for enqueueing the CSS. :)

    #105718

    If you aren’t able follow the instructions provided, these kinds of things will happen. Revisit what you couldn’t do, and that should alleviate your woes. Hint: the functions.php code is also responsible for enqueueing the CSS. :)

Viewing 25 results - 18,326 through 18,350 (of 32,518 total)
Skip to toolbar