Skip to:
Content
Pages
Categories
Search
Top
Bottom

Forum Replies Created

Viewing 25 replies - 1 through 25 (of 1,734 total)

  • Burt Adsit
    Participant

    @burtadsit

    This is a pretty stale thread gee101. Why don’t you start a new topic and post a complete description of your issue. wpmu, bp versions, walk us through the problem.


    Burt Adsit
    Participant

    @burtadsit


    Burt Adsit
    Participant

    @burtadsit

    I haven’t updated bpgroup to be compatible with trunk bp yet. There’s a trac ticket by me whining about the lack of wp actions on group creation with the new group creation stuff.


    Burt Adsit
    Participant

    @burtadsit

    If this 2.8.1 vunerability was the source of the security hole your upgrading should take care of things. You should be able to turn xmlrpc, ping and track backs on again after upgrading. I’m not really sure that pings, tracks and xmlrpc had anything to do with your issue now.


    Burt Adsit
    Participant

    @burtadsit

    Temporarily disable xmlrpc in wp’s backend: Settings > Writing > xmlrpc

    Temporarily disable pingbacks and trackbacks Settings > Discussion > Default article settings

    Delete the blogs that look like that.

    The cracker seems to be using that. Very definately upgrade immediately.


    Burt Adsit
    Participant

    @burtadsit

    Upgrade to 2.8.2 Roy. That very recent version change was released because of an XSS scripting attack hole in the blog post comments system.


    Burt Adsit
    Participant

    @burtadsit

    Wow. I see what you mean. Your site was sitting in my browser and when I punched ‘Home’ in your nav menu I got: tara4839297’s blog.

    Looking from this end…


    Burt Adsit
    Participant

    @burtadsit

    Roy, what do you mean ‘hijacks my home page’. When I visit modestobuzz.com I *don’t* see your root blog page? I just went there and it seems ok. Are you using a some sort of page cacheing like ‘supercache’?


    Burt Adsit
    Participant

    @burtadsit

    The css can be modified to fit your theme /bpcontents/css/structure.css


    Burt Adsit
    Participant

    @burtadsit

    Jeff, others have had WSOD issues and in many cases they are related to the php memory limit set on your host. Check your error logs and if it’s running out of mem then check this codex article:

    https://codex.wordpress.org/Editing_wp-config.php#Increasing_memory_allocated_to_PHP


    Burt Adsit
    Participant

    @burtadsit

    Haha. You just don’t get to pick your virtual ‘muppetness’ though.


    Burt Adsit
    Participant

    @burtadsit

    Mariusooms, you should be aware that very soon the group creation process and access to features will change. See Andy’s docs about this:

    https://codex.buddypress.org/developer-docs/group-extension-api/

    This is going to happen in bp 1.1 which will be out next month. You really should have this change in mind when coding.


    Burt Adsit
    Participant

    @burtadsit

    You should take a look at how the skeleton component does this kind of thing.

    https://codex.buddypress.org/how-to-guides/creating-a-custom-buddypress-component/


    Burt Adsit
    Participant

    @burtadsit

    All I did was hunt down the filters and functions that used to be in bp to support the helper plugin. Let me know if I missed any spot. I tested activity and the group forums templates.


    Burt Adsit
    Participant

    @burtadsit

    In 1.0.2 the support for the bbpress helper plugin was pulled out. This ticket: https://trac.buddypress.org/ticket/853 has the essentials for re-enabling the helper plugin support in 1.0.2.

    I stuck the ticket’s attached code into bp-custom.php and it works from there fine. I don’t see any need to hack up a bunch of core files. This is going to be a temporary situation.

    We need to still run the bbpress helper plugin and the support code in bp 1.0.2. Nothing is gonna work right otherwise.


    Burt Adsit
    Participant

    @burtadsit

    I was just talking about this issue with jjj on irc. This bp helper plugin provides data that isn’t normally sent over to bp as well as escaping the html <> brackets. plrk is right. The patch only works in the forum templates not the topic templates. I can’t patch the topic templates because it’s not getting user id info without the bp helper plugin activated.


    Burt Adsit
    Participant

    @burtadsit

    I installed 1.0.2 and then the patch. That works as well. Perhaps the difference is in the bbpress versions. Are you running v1.0 or v1.0.1 of bbpress?


    Burt Adsit
    Participant

    @burtadsit

    Are you in the member profile, or just trying to trap url signatures in the root? Is the url something like mysite.org/classifieds/otherstuff or mysite.org/members/me/classifieds? What the nav code sees and gets as $bp vars can be completely different than what is seen in the member profile area, the group area or just the root.

    This is a confusing area of bp so it helps to know where you are working.

    It looks like $bp->is_single gets detected after the trap for ‘is the user in their own profile or somebody elses profile’. Those two cases cover all cases so $bp->is_single doesn’t even get considered. If I read your skeleton code right.


    Burt Adsit
    Participant

    @burtadsit

    I just tried out the group blogs plugin and it works pretty slick. Nice.


    Burt Adsit
    Participant

    @burtadsit

    Mariusooms, there’s somebody over at CUNY who has dev’ed an enhancement to the community blogs plugin that lists the user’s subscribed groups in a more user friendly format than my plugin. Boone Gorges over here: http://dev.commons.gc.cuny.edu/

    His enhanced community blogs plugin might be something to look at.


    Burt Adsit
    Participant

    @burtadsit

    I think you are relying on $bp->is_single_item for your url parsing. I’m not sure that var gets set to what you expect it to be set to. In the url signature you mention above:

    /classifieds/classified1234

    The $bp->current_component is ‘classifieds’ the $bp->current_action would be ‘classified1234’ and $bp->action_var’s would be an empty array. Adding the ‘watch’ to the end of the url such as:

    /classifieds/classified1234/watch

    would make the $bp->action_var[0] be ‘watch’.

    It might be better to know the url signature you are expecting and trap for that pattern. Like:

    if ($bp->current_component == $bp->classifieds->slug && $bp->current_action){

    .. figure out if the user is in their profile or someone else’s profile ..

    }

    if ($bp->current_component == $bp->classifieds->slug && $bp->current_action

    && ‘watch’ == $bp->action_vars[0]){

    .. ‘watch’ the classified specified in $bp->current_action ..

    }


    Burt Adsit
    Participant

    @burtadsit

    plrk noticed that with the bp enable bbpress plugin disabled that we lost usernames and avatars in group forums. This patch works for me with bp trunk and bbpress 1.0 in group forums.

    https://trac.buddypress.org/ticket/848


    Burt Adsit
    Participant

    @burtadsit

    Plrk you don’t need the buddypress-enable.php plugin anymore. It was a fix for the libxml issue. Disable that.


    Burt Adsit
    Participant

    @burtadsit

    If I were you Brian Katz, I’d avoid the wpmu 2.8.1 release for the moment. Have you seen all the issues floating through trac and svn for that ver? It’s not exactly ready for prime time yet. Soon, but not yet.


    Burt Adsit
    Participant

    @burtadsit

    I don’t trust the auto upgrade thing in 2.7.1. It’s flaky when it comes to sitewide plugins like bp. Upload and activate away. No if bp detects it’s table exist it just goes happily along you won’t get duplicates.

    Nice job with the fix. It probably was the wp users table that was hosed.

Viewing 25 replies - 1 through 25 (of 1,734 total)
Skip to toolbar