FPCSJames
Forum Replies Created
-
I see this fix was applied in 3.14.2, but nothing was done about accessing the API over HTTP instead of HTTPS (for no valid reason), and no reply ever landed here. Stellar support as always, folks.
Forum: Themes and Templates
In reply to: [OceanWP] No changelog entry for 2.1.0WP itself and WP.org provide no meaningful way to view update details for themes. Your own docs provide a substitute:
https://docs.oceanwp.org/article/653-oceanwp-theme-changelog
Unfortunately, this article was not updated for 2.1.0. I’ll reference changelog.md via the SVN repo from now on, but most users will not know to go there, and downloading the latest version and opening changelog.md from there is a couple more steps than should be necessary. Because of the lack of WP-native facilities, your own docs will continue to be the most convenient place for most people who care about the changelog to view it, so ensuring it stays updated (and that your changes to it fully publish) will be great.
Forum: Plugins
In reply to: [LiteSpeed Cache] The LiteSpeed Cache plugin appeared on my websitesHappy to help – if my answer resolved your question, you may want to mark this topic as Resolved from the sidebar.
Forum: Reviews
In reply to: [LiteSpeed Cache] Overzealous optimization leads to breakage@lclarke Thank you for your reply, which ww.wp.xz.cn has emailed me about but unfortunately is not showing here yet. On JS localization, that is not the feature I am referring to. Yes, “Localize Resources” is toggleable in versions 3.5 and 3.5.0.1. This is entirely separate from and not related to the forced inclusion of external resources by JS Combine. The changelog for 3.5 states:
“JS Combine now combines external JS files, too.”
In 3.5 and 3.5.0.1, this is NOT toggleable, and is likely not desired by a vast majority of users. While Localize Resources uses a whitelist of domains from which localization is considered “safe”, 3.5’s JS Combine forces admins to use a blacklist to hopefully find and prevent all external includes that should not be happening. That’s not good, and it should never happen again. Inclusion of external resources as part of JS Combine must have a toggle switch, and must be off by default, full stop. Allow users to opt in if they wish.
I did see the 3.5.0.2 rollback update, and I am debating applying it. I’ll happily change my review to a five-star one should these important changes we’ve discussed happen.
Forum: Plugins
In reply to: [LiteSpeed Cache] Last update has broken Stripe payment field@jjinton No. Putting it there is correct, because you want it to load from Stripe’s servers, not be combined into the script loading from your server. By excluding it, you are allowing it to load from Stripe’s server.
Forum: Plugins
In reply to: [LiteSpeed Cache] Last update has broken Stripe payment field@hailite – you definitely do. There are no circumstances in which Stripe allows loading their JS from your own server. If you try, it will throw IntegrationError.
Forum: Plugins
In reply to: [LiteSpeed Cache] The LiteSpeed Cache plugin appeared on my websites(Note: I am not part of the LiteSpeed team.)
Web hosts that run LiteSpeed Web Server can opt to auto-install the LiteSpeed Cache plugin on all WordPress sites they host. If you want to prevent this from happening, you can add a file named
.litespeed_flagto your WordPress root directory.For more information, see the LiteSpeed team’s blog post on the subject here.
Forum: Plugins
In reply to: [LiteSpeed Cache] Last update has broken Stripe payment fieldIt appears a recent version of this plugin has started including off-domain resources, like those from js.stripe.com, to be minified and combined with on-domain resources. This is definitely not how it should be, and an option should be provided to turn it off.
@hiroprot If you created the custom post type, you would set it in the arguments to
register_post_type():https://developer.ww.wp.xz.cn/reference/functions/register_post_type/
or in the options of any plugin you might have used.
@mikes41720 Only the CPT without public = true had the
nullvalue. Other CPTs with public enabled were not affected.- This reply was modified 5 years, 9 months ago by FPCSJames.
I can confirm this issue – same situation as @hiroprot. The information in the Knowledge Graph & Schema section is complete and correct, cache has been cleared repeatedly, and this is affecting a custom post type.
In my case, I found a fix. The post type in question was publicly visible, but the “public” param was not enabled. Fixing that, then saving at Search Appearance > Content Types (where the post type was not listed before) produced valid markup confirmed in Google Search Console.
I can confirm seeing this on some sites as well.
Forum: Plugins
In reply to: [Authy Two Factor Authentication] Is it necessary to log API responses?This is fixed in version 3.0.2, thanks to a patch I submitted last year. They finally merged it – better late than never. Cheers Authy team.
It seems this is still an issue, unfortunately. I wouldn’t bump a five-month-old thread otherwise.
I’d strongly prefer not to edit the plugin, to prevent losing changes on update – is an official fix for this going to come any time soon?
It may be wise to avoid using
is_admin()for this, asis_admin()returns true any time submissions to admin-post or admin-ajax occur, which can be (often are) from unprivileged users. (See: Sucuri on the MailPoet vulnerability)I haven’t yet dug into the plugin to find a better solution, but may do so later.