sm8ps
Forum Replies Created
-
As a (stupid) work-around, I have replaced the back-tick (`) instead of the apostrophe (‘). Nevertheless, I do think that @imagely should take care of the problem.
The work-around is not applicable in my case as I am on shared hosting, and SecRuleRemoveById is disabled by my hosting provider as per the error log:
[TIMESTAMP] [core:alert] [pid 2571105] [client IP] /PATH/.htaccess: SecRuleRemoveById not allowed here, referer: URL
I can see why they won’t allow just anybody to bypass ModSecurity.The error thrown by NextGen gallery refers to XSS and is clearly related to the use of an apostrophe in the alttext field. Thanks @cfrascadore for hunting this down, BTW!
[TIMESTAMP] [:error] [pid 2571054] [client IP:PORT] [client IP] ModSecurity: Access denied with code 403 (phase 2). String match "'" at ARGS_POST:images[189][alttext]. [file "/etc/modsecurity/02_comodo/27_Apps_WPPlugin.conf"] [line "785"] [id "229500"] [rev "1"] [msg "COMODO WAF: XSS vulnerability in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress (CVE-2015-9229)||MAIN-URL|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "HOSTNAME"] [uri "/PATH/wp-admin/admin.php"] [unique_id "YeP6XV1lCcDH05yHL-c3ygAAAGI"], referer: https://URI/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=6&_wpnonce=53aec984acIMHO this should be fixed on the side of NGG because it is a systematic error affecting many users that seriously make use of image meta-data. Without any in-depth consideration this looks like a case for htmlentities() or htmlspecialchars(). Thanks for your consideration, @imagely!
Forum: Plugins
In reply to: [Geo2 Maps Add-on for NextGEN Gallery] Settings page messed upThis is becoming more and more confusing! As it was just a test installation I wiped it all and started over from scratch. Now I have only Geo2 2.0.4 and NextGEN Gallery 3.17 activated on WP 5.8.2 with the standard theme twenty twenty-one. I have removed all other plugins completely.
Still the settings page NextGEN > Geo2 looks all messed up. And it is the only one page like that — all other settings pages look just fine. So I suspect that it does have something to do with the plugin. I use Firefox but it looks the same in Chromium.
I checked with the developer console and there are indeed many CSS errors. Two of them are found in Geo2’s file style.css:
19:08:13.977 Unknown property ‘ont-size’. Declaration dropped. style.css:164:11 19:08:13.977 Error in parsing value for ‘scrollbar-width’. Declaration dropped. style.css:263:20The first one seems to be a clear typo but I do not know if it could overthrow all of the page. I downloaded the plugin via the mechanism built into WP so errors in this version should affect all users AFAICT.
Forum: Plugins
In reply to: [Geo2 Maps Add-on for NextGEN Gallery] No geotags in uploaded imagesThanks for your support @pablo2 ! Unfortunately it does not seem to work at all. Here is what I did for trouble-shooting:
1.) I copied the image
http://www.geo2maps.com/wp-content/gallery/chile/DSCF3611.jpg
from your website and verified that it does indeed contain gps values.
2.) I uploaded that image to Nextgen gallery nr. 3 named TEST2 which contains no other images.
3.) I embed the shortcode [geo2 id=3] into a test article:
https://munterwegs.org/hightrails/2021/10/30/hello-worldThe result is a map centered at my current browser location without any images. I must be doing something completely wrong although I have read all the available info. Can you help me? Thanks in advance!
- This reply was modified 4 years, 6 months ago by sm8ps.
Forum: Plugins
In reply to: [Geo2 Maps Add-on for NextGEN Gallery] No geotags in uploaded imagesSome progress albeit not in the intended direction: when adding
[geo2 worldmap=1]to the above HTML, I get a map with a red circular marker centered at LAT=51.24540 LONG=-1.23923 (as manually traced from a Opentopomap) instead of 42 deg 28′ 55.66″ N, 8 deg 52′ 17.90″ E (as extracted by exiftool).
The only sense I can make of this is that the gallery is named “TEST4” and that the marker is placed on a small island in the midst of a lake labeled “Source of the river test”. This might be expected behavior but still I am confused.
Forum: Plugins
In reply to: [Geo2 Maps Add-on for NextGEN Gallery] No geotags in uploaded imagesMany thanks for getting back, @pablo2 , and thanks for double-checking the meta-data shown by by NextGen gallery. That was confusing me. Indeed, the images are uploaded without any conversion and when I download them again, they do still contain the geolocation information lat/long plus respective references (north/south or east/west, respectively).
I have read pretty much all of the posts here in the support forum to no avail. Originally I did not use any short-code; i.e. it was just the following int HTML:
[ngg src="galleries" ids="1,2" display="basic_thumbnail" thumbnail_crop="0"]This does show a map below the gallery but it is centered at my current browser location and no images are marked anywhere on the whole map even if zoomed totally out and especially not in the expected location. Adding [geo2] in the front of the previous HTML I get another map that behaves exactly the same.
The relevant meta-data as extracted by exiftool contains at least …
GPS Latitude Ref : North GPS Longitude Ref : East GPS Longitude : 8 deg 51' 0.62" E Circle Of Confusion : 0.005 mm GPS Position : 42 deg 29' 38.91" N, 8 deg 51' 0.62" E… and the “circle of confusion” is in fact pretty large on my end. (:
Some images have more details in their meta-data:
GPS Version ID : 2.2.0.0 GPS Latitude Ref : North GPS Longitude Ref : East GPS Altitude Ref : Above Sea Level GPS Date Stamp : 2021:10:16 GPS Time Stamp : 06:43:57 GPS Processing Method : GPS GPS Altitude : 1133 m Above Sea Level GPS Date/Time : 2021:10:16 06:43:57Z GPS Latitude : 42 deg 28' 55.66" N GPS Longitude : 8 deg 52' 17.90" E GPS Position : 42 deg 28' 55.66" N, 8 deg 52' 17.90" EThe difference is that some of the pictures were taken as panoramas where the camera software obviously strips away some information. — However the problem remains even when using only images with the complete geolocation information.
