Posts by: andrew

Posts: 14
Post: 10125
Topic: SimpleBlog or something else?

This is a bit of a question really for Josh S.

Why is it that simple blog creates its own set of pages (under /data/_addondata/z3oh4ex/posts/) instead of extending the general page type that is kept under (/data/_pages/)?

I've realized the blog articles are kind of inflexible, as you can't include sections, galleries, all of those nice responsive image plugins of Juergen, etc.  It isn't such a big deal when an image in a blog is just "fluff" to pretty it up, but for instance if a blog has some graphs it would be nice to include them as an image that could be clicked to expand to full screen.

But obviously what I like about the blog is the feature of having categories that can be assigned, as well as pages listing newest entries.

Personally, for our use, we don't care about having comment functionality.

6 years ago
Post: 9928
Topic: CRITICAL SECURITY ISSUE. Update PHPmailer!

Thanks for bringing this up!  I got a security message from Gentoo (the linux distro I use) about this vulnerability, but I didn't realize phpmailer is part of Typesetter.  Worth noting as well is that at least one Typesetter addon "Special Contact Form" also includes phpmailer.

It would be a good idea for anyone to search for these four files on their webserver, if running multiple sites, multiple software, etc. 

6 years ago
Post: 9468
Topic: WARNING: typesettecms.com compromised!

I really just got lucky in discovering this.  I upgraded Typesetter on Thursday afternoon.  Just before or after (I can't really remember very clearly) I also did system software updates on my server.  From that, some config file settings got messed up.  I think I also messed up some permissions on the data directories in typesetter, which probably prevented the malicious code from having write access.  It is supposed to send an email on the first run, and then comment out the line that sends the email.  Instead, from what I can tell from my mail logs, or more from bounces from google, my mail server tried to deliver the message more than 2000 times to the gmail server, which caused gmail to apply rate limiting, and to send to the postmaster address for my server (which comes to my email) a notice that the message was rejected for being spam.  So Friday morning is when I noticed that a .css file was trying to send an email with a dodgy looking URL in it.

According to my logs (which I misinterpreted last night at 2am when I woke up worried and re-examined them, and then panicked and shut down my server again preventively!), the attacker accessed first on the 4th of June, Saturday, at 20:05 CET from IP 104.167.236.218 which is in Bosnia.  When this failed (because I'd already deleted the files), at 20:39 CET it was accessed from IP: 82.199.150.202 which different databases identify as either being in Germany or being part of an anonymizer service.  In both cases, the same requests were made as in the first part of hausbau's server log, likewise several seconds apart.  My server returned 404, but it seems that whatever script the attacker uses doesn't check for results of the initial queries.  Likewise, the latter IP still tried to access .wsoo and fm.php.

Like I said, I just got lucky.

I had even been adding in extra code that I use to Nivo Slider, and making a diff of the code, so I saw the include of .style_en.css even, but it didn't look suspicious (though really, I should have thought why a CSS file is getting included into PHP code!).

As far as what the attacker could potentially do, it is limited to whatever your webserver user can do.  In fact, you can install the filemanager software that the attacker tries to install on your server and do a security audit.  So, for example, I cannot access my webserver log files through that.  On the other hand, I can access other websites on my server, some of which use drupal which stores a mysql database password in cleartext in the PHP file; thus those passwords are vulnerable (though my drupal installs are a different database username/pass for each install).

But an attacker could, for instance, use your server for sending spam emails, or anything PHP allows them to do.  And it might be advantageous for a Bosnian hacker (assuming the first IP address I saw was the attackers real one) to have proxies in Western countries for launching further attacks, as many Western companies / webhosts block eastern Europe, Asia, etc. (much to my dismay, being an American living in Slovakia and having random English language websites get blocked!).

6 years ago
Post: 9450
Topic: Please include my code for links on images

In my post last year, I shared some code that looks for files with a .lnk extension with the same name before the extension as the image file. 

e.g.:   image.png, my code looks for another file image.lnk

for each image that has a corresponding .lnk file, the .lnk file is read and the URL in the file is used to turn the whole image into a hyperlink, using functionality already present in Nivo Slider.

It only checks for LNK files if the config setting to get image captions from text files is set.  There is no way to enter the links in through the UI, as this file based system works well enough for my needs.

I just updated my Gadget.php with the 1.0.6 changes.

A working example can be seen at http://www.cbreurope.sk (square images in middle of homepage, change every 5 seconds, right now I think there are just two, but it should give you the idea).

My Gadget.php can be downloaded: http://www.freedomlives.net/files/nivo_links_1.0.6.zip

I'm not a professional programmer.  I imagine it wouldn't be a good idea to allow an untrusted individual access to upload these .lnk files in case there is some way to cause a buffer overflow, but I guess that risk is already there with allowing the .txt file captions.

 

6 years ago
Post: 7730
Topic: Hyperlinked images

I made some changes to the plugin so that if there are .LNK files the image will become a clickable link.
e.g. image.png, image.lnk contains text: http://www.test.com/, when image.png shows on the slideshow, clicking anywhere on it will follow that link.

This is of course just using the functionality already present in nivo jquery, which recognizes an <a> tag enclosing an <img> tag.

Here is my modification of your code:

foreach ($slide_images as &$value) {
                $linkMade = false; // capture whether or not a closing </a> will be needed
                // I suppose something should be added to the config to control behavior properly
                if ($this->config['captions']=='textfiles') {
                    $txt_file = substr($value,0,strrpos($value, '.')).".lnk"; // message($txt_file);
                    $TXT_file = substr($value,0,strrpos($value, '.')).".LNK"; // message($TXT_file);
                    // DEBUG  echo ' txtfile="'.$txt_file.'" bool="'.(in_array($txt_file, $slide_captions)).'"';
                    $myTxtFile = false;
                    if (in_array($txt_file, $slide_links)) { $myTxtFile = $txt_file; }
                    if (in_array($TXT_file, $slide_links)) { $myTxtFile = $TXT_file; }
                    if ($myTxtFile) {
                        $fh = fopen($myTxtFile, 'r');
                        $Linkdata = fread($fh, filesize($myTxtFile));
                        fclose($fh);
                        echo ' <a class="gpE_nivo_slide" id="gpE_nivo_link_'.$slidenumber.'" href="'.$Linkdata.'">';
                        $linkMade = true;
                    }
 
                }
                echo '  <img class="gpE_nivo_slide" id="gpE_nivo_slide_'.$slidenumber.'" alt=""';
 
                if ($this->config['captions']=='filenames') {
                    $fileNameCaption = str_replace('_',' ',substr(basename($value),0,strrpos(basename($value), '.')));
                    echo ' title="'.$fileNameCaption.'"';
                }
 
                if ($this->config['captions']=='textfiles') {
                    $txt_file = substr($value,0,strrpos($value, '.')).".txt"; // message($txt_file);
                    $TXT_file = substr($value,0,strrpos($value, '.')).".TXT"; // message($TXT_file);
                    // DEBUG  echo ' txtfile="'.$txt_file.'" bool="'.(in_array($txt_file, $slide_captions)).'"';
                    $myTxtFile = false;
                    if (in_array($txt_file, $slide_captions)) { $myTxtFile = $txt_file; }
                    if (in_array($TXT_file, $slide_captions)) { $myTxtFile = $TXT_file; }
                    if ($myTxtFile) {
                        $fh = fopen($myTxtFile, 'r');
                        $HTMLdata = fread($fh, filesize($myTxtFile));
                        fclose($fh);
                        echo ' title="#gpE_nivoTxtCaption_'.$slidenumber.'"';
                        $HTMLcaptions .= '<div id="gpE_nivoTxtCaption_'.$slidenumber.'" class="nivo-html-caption">'.$HTMLdata.'</div>';
                    }
                }
 
                //DEBUG  message(htmlspecialChars($HTMLcaptions)."-<br/>");
 
                if ($this->config['slideStyles']!='') { echo ' style="'.$this->config['slideStyles'].'"'; }
 
                echo ' src="'.$dirPrefix.'/data/_uploaded'.$this->config['imagepath'].'/'.basename($value).'"';
                echo ' data-thumb="'.$dirPrefix.'/data/_uploaded'.$this->config['imagepath'].'/'.basename($value).'"';
                echo ' />'."\n";
                if($linkMade == true) { echo '</a>'; }
                $slidenumber++;
            }

Then the function getAllLinkfiles is no different except for what file extension it looks for:

function getAllLinkfiles($txtdir) {
    $allTextfiles = array();
    $dtxt = opendir($txtdir);
    while($txtfile = readdir($dtxt)) {
        if(strtolower(substr($txtfile,-3)) === "lnk") {
            $allTextfiles[] = $txtdir.$txtfile;
        }
    }
    return $allTextfiles;
}

 

7 years ago
Post: 7719
Topic: International Fonts for Bootswatch themes
The problem is that Lato doesn't fully support Latin-Extended.  I tried first (on that google fonts page, which makes it easy to check), and  most of the extra letters Czech and Slovak use weren't included.
7 years ago
Post: 7713
Topic: International Fonts for Bootswatch themes

I set up a website using Bootswatch Flatly as the theme.  When I started adding real content, in Slovak, I noticed immediately a problem.  Bootswatch Flatly uses the web-font "Lato" for the font.  "Lato" was developed by a Pole, who clearly wasn't concerned about supporting his brother-slavs to the south of Poland, so while "Lato" not only has normal Latin characters but also those funny looking Polish ones (e.g. Ł) but not any of the funny letters used in Slovak and Czech (e.g. Š, Č, Ť, Ň, Ô, etc.).

So the solution is to change the default font setting, and in case anyone else wonders how to do this:

Homepage » Administration » Manage Layouts

then: "Edit this layout" for each layout you use and add:

// Location of font I want, etc:

@import url(http://fonts.googleapis.com/css?family=Roboto+Condensed:700,400,400italic,700italic&subset=latin-ext);

// This import line comes from: https://www.google.com/fonts

// Replaced "Lato" with the font I wanted to use instead:
@font-family-sans-serif:  "Roboto Condensed", "Helvetica Neue", Helvetica, Arial, sans-serif;  

 

This is hardly a tutorial, but hopefully will help someone else in the right direction.

7 years ago
Post: 7712
Topic: gpEasy Updater fails
Well, I just copied folders manually.  It is also easy enough to do...
7 years ago
Post: 7708
Topic: gpEasy Updater fails

"Could not connect using the supplied values. (Couldn't find root)"

Updater (using ftp update) failed with this message.  I have verified that the username I gave can change director to the path of the gpEasy install and has ownership of the files there.

Is there anywhere I can manually specify the path the to the gpEasy install so the updater will work?

Thanks!

7 years ago
Post: 7018
Topic: Not explicitly adding home/start page to menu?

Thanks Josh,

That does the trick.

I need to learn CSS better.

9 years ago

News

elFinder 2.1.50 in Upcoming Release
12/28/2019

A new release for Typesetter is in the works with a lot of improvements including the ... Read More

Typesetter 5.1
8/12/2017

Typesetter 5.1 is now available for download. 5.1 includes bug fixes, UI/UX improvements, ... Read More

More News

creisi productions

Dienstleistungen von creisi productions, Ennetbürgen (Schweiz): * Konzeption, Planung und Erstellung Ihres Internet-Auftritts * Betreuung und Aktualisierung/Pflege Ihrer Websi...

Find out more about our Provider Spotlight

Log In

  Register