Jump to content

opalepatrick

Members
  • Posts

    233
  • Joined

  • Last visited

Everything posted by opalepatrick

  1. Thanks @cstevensjr - I think those links will be useful to people. I wonder if it is possible to apply CSP in .htaccess for the site part only (not using meta tags)?
  2. Just for the record, had this just happen on 2.7.2
  3. HI @AndZyk, yes I read that and was a bit surprised that there had not been a discussion since, especially as there seems to be a bit of movement from people like Mozilla to pay more attention to it. I just wondered if there is anything being considered in development that may address it. Or, maybe, that it is not worth bothering about?
  4. Well that was the problem matjazp - I had implemented the policy without paying attention to the back end and of course I only got the score on the front end and messed up the back end. Also, how does one edit the title to add [Solved] ?
  5. Well that was the problem matjazp - I had implemented the policy without paying attention to the back end and of course I only got the score on the front end and messed up the back end.
  6. Well I was just hoping to spark a conversation, cstevensjr, about CSP as the resolution was in the other thread. But basically I had added a CSP to my site that essentially made the admin area unusable because of the pw requirements. I removed the policies from my .htaccess to resolve.
  7. Hi there, wondering what others are thinking about CSP. I came a cropper after implementing it on a pw site of mine (as per ) but I do think that it makes a lot of sense and was disappointed to be demoted from an A+ to a D at https://observatory.mozilla.org after ripping it out to make my site admin work again. Any thoughts?
  8. Yes. It was CSP. Thanks Rick. I would like to implement CSP as policy. I saw the other thread from about a year ago but nothing since? It does seem a good way to prevent things like cross site scripting etc, and basically a lot more secure. Although I know it was a pain to implement. Now my score at the observatory has gone from an A+ to a D Will open another thread.
  9. Thanks Rick. Centos 6 (but I have about 7 other pw sites on the same server working fine) Remote Version 2.01 release 24 Extension installed by me on my server. Permissions are out of the box - although going to just re-check that. The sole difference between this and the others is that cert I believe. *** I may have caused this myself by setting up a CSP (Content Security Policy) and not dealing with the PW install.
  10. Thanks for responding Rick. There are no errors either in errors.txt or in the error logs for the server. The cert was installed using the Plesk plugin but it is working fine. The issue I had was to do with a challenge problem on renew with .well-known directory. Sussed that out (one of the settings was missing a trailing slash on the hostname) but have this problem. If it was out and out permissions, I would expect to be blocked out of the site or admin. I did roll back that change to verify and it is still an issue. I have also checked it in another browser to make sure it is not cache. It was working fine with the cert previous to this. It does feel database related, but things like templates are listed (but no details when clicked), fields are the same. Users are not listed, but roles are with details. I checked the db and the info is there.
  11. I seem to have a weird issue since I messed around after having issues with a letsencrypt renewal yesterday on one of my installs. I can log in to admin, but I cannot see the pages tree or search for pages, I can see the templates but not click to relevant pages. Obviously caused something. I have uncommented the https section in .htaccess as well. If anyone has any ideas that would be great.
  12. Sorry I took so long to get back adrian. Stuff Thanks for the reply. It was not in fact the issue but it did make me realise that I needed to check my code more rigorously and then discovered a variable typo further on that was not producing an error. So, thanks a lot.
  13. If I use batcher to check these selectors template=product,product_code|title|general_text|specification|hints%=12302,include=hidden I get my hidden pages correctly. However if I use this in this code $result = $pages->find("template=product,product_code|title|general_text|specification|hints%=" . $part . ",include=hidden"); I get no results. Any ideas appreciated.
  14. Thanks a lot. I thought I was over-complicating things . That scenario, Arjen, is the setup I use in the console. I just got a bit twitchy because of the points on this page - https://support.google.com/googleapi/answer/6310037?hl=en-GB - Thanks everyone for responding so quickly.
  15. I am looking to hide a googlemap api key from general source code. The first suggestions were to use an environmental variable, then because that doesn't hide the info to then encrypt it. Others have suggested using a config file. (Can I put an array in the config file?) What do you guys do to hide API keys from general source code like this?
  16. Thanks Robin S, Macrura and BitPoet... Breaking it down as per last edit was the solution... $sub_image_page = $pages->get("has_parent.id=$sub->id, template=product, product_images.tags=prod, sort=random"); if($sub_image_page->id) { $sub_image = $sub_image_page->product_images->find('tags=prod')->getRandom(); if($sub_image) { echo "<img src='<?=$sub_image->width(300)->url?>' />"; } else { echo "<p>No prod tagged images</p>"; } } else { echo "<p>no pages</p>"; }
  17. $sub_image = $pages->get("has_parent.id=$sub->id,template=product, sort=random")->product_images->findTag('prod')->getRandom(); That returned a non-object error when I tried to access the variable next line, Macrura?
  18. Yes I did Macrura... I want to pick a random page in a category, then pick a random image from the product_images field of that random page that is tagged with 'prod'
  19. Hope it is OK to follow on from an old thread? This form of solution works great for me... but if I want also want to identify the image by tag how I would I do that? $sub_image = $pages->get("has_parent.id=$sub->id,template=product, sort=random")->product_images->getTag('prod')->getRandom(); does not work... bit flummoxed. Reason for wanting to do this is that there are different types of images in this field only some that are appropriate.
  20. Thank you for all your replies. I had checked for the image and its settings. So as I stated in my post, it was for a single image, but I should have been more explicit instead of just saying that when I removed width() everything was 'fine'. What I should have said was that the image appeared in original unchanged form. This was why I was baffled because the image appeared unless the width() or size() parameter was added to the code. However... when I added macrura's check, the width() parameter worked. I removed the check and it still worked and no problem since. I know something must have changed but I have not got a clue why. Suffice to say that everything now works as I would expect. So rather than waste everyone's time any more, I consider it solved Once again. Thank you. PS, You are right Soma the body field is in fact Markup and should not be wrapped in <p>
  21. Anyone have any idea why I am getting a call to a non-object width(), size() on this image: foreach ($pages->get("template=case-studies")->children() as $child) { $logo = $child->logo->width(250); echo "<img class='floatleft' src='" . $logo->url . "' />"; echo "<h2>" . $child->title . "</h2>"; echo "<p>" . $child->body . "</p>"; } the logo field is an image field for one image only. If I remove the width or size parameter all works fine. Surely $child->logo is still referring to an object? Or am I misunderstanding things?
  22. Thanks for that Arjen, I was mistakenly using a messed up reference style. However, the Hanna Code problem happened because I was testing a new textarea and forgot to include the Hanna Code Text Formatter. So, stupid me.
  23. I am just starting to work with Markdown and am trying to use inline images. Previously I used Hanna Code. I read a post that suggested it was possible to use it in Markdown. But this, ![[[Post_Image]]][image] Does not work. Any help would be great. Not sure whether I am messing up the Markdown or the combination of them both.
  24. OK thanks Horst. I did start to use it this way, but was unsure about the other aspects and if more was included. I don't have a problem with the validation/sanitising routines per se. So thank you.
  25. Thanks Kongondo. By the way, page 1 doesn't answer this question (unless I am being a complete dunce!)
×
×
  • Create New...