Posts by: juergen

Posts: 1384
Post: 10945
Topic: Colors - proposal
There is no possibility to delete a topic–at least I don't have one (I'm not webmaster of
1 year ago
Post: 10927
Topic: Colors - proposal

> Its just that not everybody knows the bootstrap-version and it would be a small enhancement - but ok.

Sorry, I don't quite understand the issue. Both plugins should work the same way with and without Bootstrap.
Glyphicons Halflings was part of Bootstrap 3 courtesy of Jan Kovarik, but it's not free open source software. Therefore, to use it legally, it must either be used with Bootstrap toghether with an Attribution, or a license has to be obtained.

Technically, both plugins are almost identical.

1 year ago
Post: 10923
Topic: Colors - proposal

Both plugins look pretty much the same and work together in CKEditor 4.5.7.
(The only small difference I see is that the Glyphicons plugin defines colors as rgb(n, n, n) while FontAwesome sets hex values.)

1 year ago
Post: 10921
Topic: Web Application Cookies Lack

For everyone interested, here is a brief recap of the 2 'vulnerabilities' and why they are not relevant:

CVE-2018-6888: The researcher made a mistake by copying an active session's CSRF token (AKA post nonce) to the exploit code. It simply does not work.

CVE-2018-6889: There is no known way to trick a vcitim into sending such a modified host header. I tested it myself and it didn't work on any life (name-based) production host.
It will work on IP based hosts with Apache default configuration and only with special client software–not with a regular web browser. 

Edited: 1 year ago
Post: 10920
Topic: Web Application Cookies Lack
No, the both CVEs are not cookie related, and already discussed.
1 year ago
Post: 10903
Topic: Web Application Cookies Lack

Unfortunately, I'm not an expert in this field, but as far as I understand it, Typesetter's default PHPSESSID cookie will not serve any particular purpose as long as you're not logged in.
Once you are logged-in, Typesetter will store relevant session information in a different cookie called gpeasy_[your unique installation id]. This cookie has the HTTPonly flag and, in case your webhost is secured via https, it also has the Secure flag.

There are also 2 more cookies which are used by Typesetter's admin JavaScript (gp_menu_select and gp_menu_hide) which may NOT have the HTTPonly flag but are of no concern in terms of security.
Addons may set their own cookies, which may also require JavaScript access. Therefore I would not fiddle with the server/vHost/.htaccess cookie directives, which might break some JavaScript functionality.

So, to come to a conclusion, I believe you can safely ignore the 2 mentioned advices from

Edited: 1 year ago
Post: 10894
Topic: moving installation from subfolder to root?

what about changing from http to https (which we will have to do #DSGVO..) – will it be the same problem..?!

This should work independently from the folder structure, same apples to with www/without www.
So, no action required in this regard.

1 year ago
Post: 10891
Topic: Issue with center template
1 year ago
Post: 10890
Topic: Backup in my plugin not working
1 year ago
Post: 10889
Topic: Bootswatch Theme has no effect on resulting page?
1 year ago


Typesetter 5.1

Typesetter 5.0.1 is now available for download. 5.1 includes bug fixes, UI/UX improvements, ... Read More

Over 8 Times Faster Than Wordpress

We've known for a long time that Typesetter is fast. It's something we take pride ... Read More

More News

creisi productions

Dienstleistungen von creisi productions, Luzern (Schweiz): * Konzeption, Planung und Erstellung Ihres Internet-Auftritts * Betreuung und Aktualisierung/Pflege Ihrer Website * ...

Find out more about our Provider Spotlight

Log In