erniecom
Forum Replies Created
-
Thanks!
Forum: Plugins
In reply to: [Display Environment Type] Feature request: extensible environment typesI can share the code here as far as I got it:
add_filter( 'login_message', function ( $message ) {
// Get the environment type using the WP_ENVIRONMENT_TYPE constant.
$environment_type = defined( 'WP_ENVIRONMENT_TYPE' ) ? WP_ENVIRONMENT_TYPE : 'unknown';
// Add a styled message to the login page.
$environment_message = sprintf(
'<p style="background: #f5f5f5; border-left: 4px solid %s; padding: 10px; margin-bottom: 20px; font-size: 14px;">
<strong>Environment:</strong> %s
</p>',
// Choose a color based on the environment type.
$environment_type === 'production' ? '#d9534f' : ($environment_type === 'staging' ? '#f0ad4e' : '#5bc0de'),
ucfirst( $environment_type )
);
// Append the environment message to the existing login message.
return $environment_message . $message;
});It directly reads the constant WP_ENVIRONMENT_TYPE but it might read as well take it from wp_get_environment_type() or better still, from your code so the new hook will work for both.
- This reply was modified 1 year, 5 months ago by erniecom.
Forum: Plugins
In reply to: [Display Environment Type] Feature request: extensible environment typesYou are right. I tested it and only the agreed environment types are passed on by core. Still the same, the filter allows a user to change the Notification text that is seen in the admin menu. I changed the filter codo to test for an environment variable that only Lando sets in its http server and now it displays Lando in stead of Local:
add_filter( 'display_environment_type_name', function ( $name, $env_type ) {
// Map custom environment types to user-friendly names.
$custom_env_types = [];
if ($_ENV['LANDO']=='ON'){
$custom_env_types['local'] = __( 'Lando', 'display-environment-type' );
}
// Return custom name if it exists, otherwise fallback to the original name.
return isset( $custom_env_types[ $env_type ] ) ? $custom_env_types[ $env_type ] : $name;
}, 10, 2 );I also added filter code that shows the environment type in wp-login.php, which was what I was originally looking for. It would be another valuable addition to your already appreciated plug-in. When I see a wrong notice there I avoid both that of logging in and the risk of forgetting to look at the top line notice. Two notices is better than one for some.
Lo segundo es un plugin de seguridad o el mismo servidor que detectan algo en el bot de notificaciones de Redsys que no les gusta e impiden que se responda.
El plugin de seguridad es Wordfence. No cambio, es la misma versión que antes. El servidor es propio, no hay detección de bot, todo lo hace Wordfence. Entonces, ¿cómo puede ser que esto fue provocado por la actualización de este plugin? A lo mejor no tiene que ver con el plugin.
Analicé los logs de WooCommerce. Donde Redsys dice “timeout” los registros de log confirman haber recibido confirmación:11-17-2023 @ 11:09:11 - Received valid notification from Servired/RedSys 11-17-2023 @ 11:09:11 - <borrado> 11-17-2023 @ 11:09:11 - 11-17-2023 @ 11:09:11 - Checking order $order_id: 32582 11-17-2023 @ 11:09:11 - 11-17-2023 @ 11:09:11 - 11-17-2023 @ 11:09:11 - Order Exist: 32582 11-17-2023 @ 11:09:11 - 11-17-2023 @ 11:09:11 - 11-17-2023 @ 11:09:11 - Order Status: pending 11-17-2023 @ 11:09:11 - 11-17-2023 @ 11:09:11 - 11-17-2023 @ 11:09:11 - $spaid: pending 11-17-2023 @ 11:09:11 - $status: pending 11-17-2023 @ 11:09:11 - 11-17-2023 @ 11:09:11 - Ds_Amount: 4256, Ds_Order: 946000032582, Ds_MerchantCode: <borrado>, Ds_Currency: 978, Ds_Response: 0000, Ds_AuthorisationCode: 960251, $order2: 32582 11-17-2023 @ 11:09:11 - Order is Paid: FALSE 11-17-2023 @ 11:09:12 - Payment complete. 11-17-2023 @ 11:09:46 - $is_redsys_order: YESNo sé como explicar lo que pasó. ¿El plugin responde con a la notificación con una confirmación? ¿Esta no llegó de vuelta a Redsys? ¿De qué se trata aquí?
Forum: Themes and Templates
In reply to: [Zita] Reoccurring issue causes site crashNot sure if this is already fixed in Zita, but I experienced this same issue in another theme. I am only contributing my thoughts here.
I wonder if zita_is_woocommerce_activated is sufficient. Woocommerce is always active in my case and apparently even then there can be occasions that the global object variable or parts there of (cart) are null. It is more thorough to check the existence of the object.
To be sure I am going to try is_object($woocommerce->cart) as test before using the methods get_totals or cart_content_counts, as suggested in other forum posts.- This reply was modified 2 years, 7 months ago by erniecom.
Forum: Plugins
In reply to: [Product Attachment for WooCommerce] Freemius vulnerabilityThanks for the fix! I was about to update the Freemius library folder myself.
Many thanks! I could have reported earlier were it not that I mixed up your plugin with the another with very similar name.
- This reply was modified 2 years, 10 months ago by erniecom.
Oooh, I am so sorry! By accident I clicked the wrong link when I Googled for the plugin name that Wordfence quoted in the notification email. The search result lists your plug-in indented under the plug-in I should have clicked. They seemed to belong together. Plugin names are confusingly similar, but still my fault. I will follow a different workflow to avoid this in the future.
I just reported what I did in response to the Wordfence notification (the link) of a vulnerability in your plug-in. It is no accusation from my part. I am just stating a fact.
If you can convince Wordfence that you are NOT using Freemius library in your plug-in then they will withdraw their accusation.
From my search I could discover there is a freemius folder in your plugin. If it is still used or not, I cannot tell. What I can tell is that it is not patched. I compared your freemius/includes/fs_core_functions.php with the patched version 2.5.10 at github.
May this (unused) folder caused a false positive in Wordfence’s scans? If you are convinced that you don’ t use Freemius (any more?) then you better remove that folder not to cause false positives in Wordfence’s scans.I hoped I could do without actually posting the debug.log so finally here it is:
[18-Jul-2023 12:18:26 UTC] PHP Notice: La función is_embed ha sido llamada de forma incorrecta. Las etiquetas de las consultas condicionales no funcionan antes de ejecutar la consulta. Haciéndolo antes, siempre devuelven falso. Por favor, ve depuración en WordPress para más información. (Este mensaje fue añadido en la versión 3.1.0). in /var/www/whoever/htdocs/whoever.com/wp-includes/functions.php on line 5865 [18-Jul-2023 12:18:26 UTC] PHP Notice: La función is_search ha sido llamada de forma incorrecta. Las etiquetas de las consultas condicionales no funcionan antes de ejecutar la consulta. Haciéndolo antes, siempre devuelven falso. Por favor, ve depuración en WordPress para más información. (Este mensaje fue añadido en la versión 3.1.0). in /var/www/whoever/htdocs/whoever.com/wp-includes/functions.php on line 5865 [18-Jul-2023 12:18:58 UTC] PHP Warning: mysqli_real_connect(): (HY000/1130): Host '127.0.0.1' is not allowed to connect to this MariaDB server in /var/www/whoever/htdocs/whoever.com/wp-includes/class-wpdb.php on line 2019As you can see the first two are from somewhere in WordPress while the latter is pure PHP. Since the default language is Spanish, one would need to guess what the original English was to form a correct search string in the preferred language.
May be this is not within the scope of the plugin but I just wanted to explore where to best put this request correctly.If you refer to the site language as per WordPress then that in my case is not allowed. The site owner requires the default to be Spanish.
I am not sure if the debug messages come straight from PHP. Some do and are in English. Others are written in the default language of the site. The idea I am after here is that these messages will in English too. One of the obvious reasons is that I would like to search for them in one language.The reported error:
An error of type E_PARSE was caused in line 171 of the file xxx/wp-content/plugins/mycred/addons/buy-creds/gateways/bitpay.php. Error message: syntax error, unexpected ‘)’
The same happens with the ReCaptcha logo. It is always English no matter which site language is active. I checked with browser Developer tools in the Network tab that the parameters sent are render (the site key) and ver. According to this post the lang parameter is missing with as value one of the expected language codes.
Without the lang parameter the browser’s top language preference will determine the language, which is okayish in many cases, but in my opinion the WordPress language should rule not the browser language.
- This reply was modified 3 years, 7 months ago by erniecom.
Yes, you are right. I simply didn’t notice. Thank you! Case closed.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] reCaptchaThis is so far, not a very good experience simply because some reCaptcha keys were mistakenly deleted from Google reCaptcha admin… really?
Yes that mix up with 2FA was a big mistake of mine. Please note that I am no way related to the Wordfence developer team. I am a user like you are. I was too self confident and eager to help you. Won’t happen again without a proper contract relation and setup of a test system of your site to safely find a solution. With my clients I do these kind of operations always in a test site first, before applying it in a production site. I was mistakenly presupposing that you do the same.
Even in the test site, before I emptying that table I made a backup with the table export function of phpmyadmin, just to be sure. Since you apparently were confident enough to talk about the command line, I hoped that you would do the same.
All pages go white, and the website stops serving any content. I feel as if this plugin is holding our website hostage.
The Wordfence plugin has a special set up of its firewall that starts before anything else in the boot process. When active this is configured with a PHP server configuration setting. Before anything else the server runs wordfence-waf.php which appears in the WP root folder.
The 500 errors you experience could be because you removed that file but the PHP server setting is still pointing to that file. When you used the regular WordPress method to deactivate and remove Wordfence, then, I just noticed, the wordfence-waf.php file is not removed and the site should work OK.
Without knowing the rest of plugins and configuration of your site I cannot be further help to restore your site.
Sincerely sorry for my mistake mixing up things. The ReCaptcha API key and secret appear to be stored in table wp_wfls_settings, the rows with in the name column recaptcha-secret and recaptcha-site-key but I did not tested this.