Blobfolio
Forum Replies Created
-
Forum: Plugins
In reply to: [Apocalypse Meow] can’t search by subnetThanks for the details, @nosilver4u !
Subnet search should be working again in
23.0.0. Please let me know if you’re still getting an error after updating.Forum: Plugins
In reply to: [Apocalypse Meow] plugin preventing update checks?Haha. Probably not at this point…
I think what I’ll do is leave the feature but change the default status to off for new installations, and add a note about hosting providers potentially being weird about it.
Thanks again for digging into the issue!
Forum: Plugins
In reply to: [Apocalypse Meow] plugin preventing update checks?Thanks @nosilver4u !
I don’t have any WPE-hosted sites to test, but from what I can tell, that feature isn’t causing host-wide issues anywhere else, and thankfully it doesn’t look like there are any conflicts with the FAIR plugin either. Every site I’ve looked at is displaying/fetching updates as usual, so that’s good.
If the WPE devs need more details, all Meow is doing is using the http_request_args hook — at priority 500 — to make three changes to the “parsed args”:
if (isset($parsed_args['user-agent'])) {
$parsed_args['user-agent'] = 'WordPress/0';
}
if (isset($parsed_args['headers']['wp_install'])) {
unset($parsed_args['headers']['wp_install']);
}
if (isset($parsed_args['headers']['wp_blog'])) {
unset($parsed_args['headers']['wp_blog']);
}Forum: Plugins
In reply to: [Apocalypse Meow] plugin preventing update checks?Hi @nosilver4u ,
The “Anonymize User Agent” setting can cause issues with custom update systems that rely on the data WP normally leaks when making requests.
Does disabling that make any difference? (WPE makes it hard to ever see realtime updates, but if you clear all their caches and hit reload a dozen times it should get there eventually.)
That hasn’t historically affected updates host-wide, so I’m concerned there might be a conflict with FAIR or similar. If that’s the case, I’ll push an update to remove the feature entirely.
Forum: Plugins
In reply to: [Apocalypse Meow] please point stable tag to a tagI don’t mind boring details. Haha.
Thanks for the heads up. I didn’t realize the “trunk” trick had been deprecated.
I updated the stable tag for Meow to point to the latest release. Please let me know if that does the trick for you and I’ll go through and make the same change to my other plugins too.
Forum: Plugins
In reply to: [Lord of the Files: Enhanced Upload Security] Renaming of .bin to .txtThanks for reporting, @frenchomatic !
Formats without formal definitions are tricky. (Those first few characters are almost certainly confusing PHP/WP.)
If your site has a custom theme, you can add something like the following to functions.php:
/**
* Allow .bin files to be text/plain.
*/
function bin_alias_plain_text ( $mimes, $ext ) {
if ('bin' === $ext) {
$mimes[] = 'text/plain';
}
return $mimes;
}
add_filter( 'lotf_get_mime_aliases', 'bin_alias_plain_text', 10, 2 );Or if not, that code — with a “<?php” added to the beginning — can be saved to its own file in the MU folder, e.g. wp-content/mu-plugins/bin_alias_plain_text.php.
That should prevent the file from being renamed when you upload it.
Please let me know if that does the trick. I’ll leave this ticket open in the meantime.
- This reply was modified 1 year, 2 months ago by Blobfolio. Reason: Clarify the need for <?php if saving to MU
Forum: Plugins
In reply to: [Apocalypse Meow] Community Ban Database QueryHi @the8055
The Community Pool is a self-contained co-op!
The raw data is supplied by the participating sites themselves, not independent “bad bot” lists or anything like that.
The Pool then boils down the aggregate into a digestible list of the widest and worst offenders, and returns it to the same participating sites so they can preemptively block those networks.
Forum: Plugins
In reply to: [Jeepers Peepers: WP Syslog] Time Stamp does not respect localtimeWordPress itself actually resets PHP’s default time zone to UTC early into setup to make it easier to construct “local” times using the stored site preference (a timezone string or offset or nothing).
Jeepers Peepers has been using UTC rather than site time for consistency, especially across multiple sites and servers, but you make a good point.
To that end, I just pushed a new release (
0.5.4) with support for an extra config override,BLOBAUDIT_LOG_UTC, that can be used to toggle between the two choices.Once you’ve updated, double-check your site’s timezone is set to the desired locale (Settings > General), then add the following to
wp-config.php:// Use site time instead of UTC for Jeepers Peepers logs.
define('BLOBAUDIT_LOG_UTC', false);Log times should reflect the current site time rather than UTC thereafter.
Forum: Plugins
In reply to: [Apocalypse Meow] Compatible Plugins and Optional settingsHi @the8055
There doesn’t seem to be much overlap between Apocalypse Meow and those other plugins, beyond the three options in the Request Headers section. Just disable anything in there that the Headers plugin is handling separately, or vice-versa.
Neither 2FA nor CAPTCHAs are planned features for Apocalypse Meow.
The current WordPress flow isn’t well-suited to secondary challenges (like 2FA). It is possible to bolt extra steps onto the process anyway, but the resulting code complexity is high enough to risk introducing all sorts of new and terrible security vulnerabilities by mistake. Haha.
CAPTCHAs, on the other hand, are easy to add, but don’t provide any particular benefit in this context. The “login nonce” feature already blocks submissions bypassing the
wp-login.phplanding, and the fail-counting limit quickly puts a stop to any brute-force nonsense.Forum: Plugins
In reply to: [Well-Handled Email Templates] HTML in data array()Hi @pixelcrash ,
The data array can contain any JSON-able content, including HTML.
On the template side, use triple curly brackets instead of pairs to render the HTML within.
For some reason Gutenberg is removing all the braces when I try to give you an example with three, so just imagine
{{htmlcontent}}with an extra{and}on either end. Haha.Note that I accidentally introduced entity encoding issues in the last release while trying to replace a deprecated PHP method. That should be fixed in
2.4.4.There are two different ways you can fix this (without manually patching the plugin):
OPTION ONE:
If
.slavefiles are always zips, the simplest solution is to update yourupload_mimesfilter hook to use the appropriate ext/type pairing, i.e.$existing_mimes['slave'] = 'application/zip';(rather thanapplication/octet-stream).OPTION TWO:
If you want/need to keep the files associated with
application/octet-streamin the backend, you can hook intolotf_get_mime_aliasesto programmatically expand the alias list used byLord of the Files.(This is equivalent to manually patching
aliases.php, but saves you the trouble of having to repatch that file every time a new version of the plugin is released.)function my_custom_mime_aliases ( $mimes, $ext ) {
if ('slave' === $ext) {
// $mimes should already have 'application/octet-stream' since
// it inherits types known to WP (including custom upload_mimes
// types), so you just need to add the ZIP type:
$mimes[] = 'application/zip';
}
return $mimes;
}
add_filter( 'lotf_get_mime_aliases', 'my_custom_mime_aliases', 10, 2 );Please let me know if either work out for you! I’ll leave the ticket open in the meantime just in case.
Forum: Plugins
In reply to: [Lord of the Files: Enhanced Upload Security] .bin files with two MIME typesThanks for confirming, @frenchomatic !
The multi-MIME problem is the main reason this plugin exists. I spent a couple years trying to address this in WP core itself, but there was zero upstream interest.
C’est la vie…
Forum: Plugins
In reply to: [Lord of the Files: Enhanced Upload Security] .bin files with two MIME typesThanks for reporting, @frenchomatic !
application/x-dosexechas been added to the type alias list forbinfiles in the latest version of the plugin (1.3.20).Please do me a favor and retest that file upload once you’ve updated
Lord of the Filesjust to be sure, but those files shouldn’t give you any more trouble. 😉Forum: Plugins
In reply to: [Jeepers Peepers: WP Syslog] Unable to write logsHi @4p0hk,
Unless you accidentally placed two
define('BLOBAUDIT_LOG_PATH')lines within yourwp-config.phpfile, it sounds like the WP bootstrap is running before your custom definition is getting read.Generally speaking, any custom constants or settings added to
wp-config.phpshould appear before anyrequireorincludestatements, because those are where WordPress sneaks off to load all the plugins and themes and whatnot.In the stock version of the config file — some hosting environments use a modified format, so yours may look different — that just means adding your custom bits before the line reading
require_once ABSPATH . 'wp-settings.php';As for the path itself, it should be absolute, e.g.
/home/$user/$website/wp-log/jeepers-peepers-wp-syslog.log, and you should create thewp-logdirectory manually if it doesn’t already exist.Did any of that help?
- This reply was modified 3 years, 4 months ago by Blobfolio.
Forum: Plugins
In reply to: [Apocalypse Meow] Logic of True and FalseSorry @website-rob, I just noticed part of my reply got cut off:
The
wp-configtab shows you the potential constants you can define based on your current settings. Constants are an alternative way to configure the plugin, allowing you to programmatically autoset/force particular values.When such locking is desired, the easiest way to figure out the appropriate constants/values is to configure the plugin using the GUI settings page first. Then once you’ve landed on a combination of settings you’re happy with, you can click the
wp-configtab to see the equivalent constants, and add the ones you want to lock-in to yourwp-config.phpfile. 😉