Hello! I see this plugin has been temporarily removed from the repository pending a review. I assume y’all have been informed of this publicly disclosed security vulnerability, but since I don’t see a topic for it, I figured I’d start one, just in case:

The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

WPScan

A fix would be most welcome!

Please when are going to check the newest Strava plugins on WP version 6.5.5. ? Because that′s my WP version? I can not install them yet. Please could you assist me with this ?

I have problems with the installation of this plugins on my WP 6.5.5. personal blog. Please could you help?

No updates in 2 years, is the plugin development completely dead?

Hi, we are building a portal for our client where we are using buddyboss to build a community within the website where users can buy subscription and do activities similar to facebook.

This is a website related to marathon runners so most of the users use starva and we want to display each user feeds in the website but it seems configuring the starva credentials is a hectic process.

In current process admin have to manually add the client id and other info in backend and then create a page to display the feeds.

Is there a way we can simplify it maybe use a front end method which users can use to put their starva credentials and plugin automatically create a page for the user for the feeds? or is it something in future updates?

• This topic was modified 1 year, 3 months ago by aftabhaseeb.

Hi, I have a blog page with about 30 posts, each containing one Strava activity. I’ve noticed that there is a 1s delay to load each activity, resulting in the page taking about 30 seconds to load. The results will be cached for 1 hour maximum. I’ll need to move away from wp-strava, unless I’m missing something.

Thank you!

This plugin accepts option parameters and they’re listed hut it doesn’t say how to apply these. A syntax example would be useful.

Thank you.

hello,
is there a option in plugin to store the data in a wordpress mysql database so i can show more stats on website?

Im in the process of trying to set-up this plug-in on my blog and finding that after filling in the fields when I click “save changes” the redirect to Strava Oauth fails with the message "{"message":"Bad Request","errors":[{"resource":"Application","field":"redirect_uri","code":"invalid"}]}" from the URL https://www.strava.com/oauth/authorize?response_type=code&client_id=REDACTED&redirect_uri=https%3A%2F%2Finspired-rides.nz%2Fwp-admin%2Foptions-general.php%3Fpage%3Dwp-strava-options&approval_prompt=auto&scope=read,activity:read

Ive tried different browsers and both map providers and it still fails.

The Strava API application appears to be set-up correctly per the instructions.

Not sure what to do?

• This topic was modified 2 years ago by Yui.
• This topic was modified 2 years ago by Yui. Reason: formatting

Hello,

First of all: great plugin!
The problem on iOS (iPad/iPhone) that broke the table view. On macOS in Safari it’s all ok, only in iOS is broken. Have you an ccs-?hack“ to fix this for iOS oder mobile in general? I have only iOS, so I can’t see if Android is affected, too.

Here is a sample screenshot from the iPad: Screenshot iPad

Thanks, Alex

Hi

I’m using the shortecode activities strava_club_id = xxxx] and missing the space “oredislivello” must be “ore dislivello”
can I fix it ?

Hi,

Is there a way to display the current segment leaderboard with this plugin?

Thanks

Duncan

Please help, I’m new to wordpress. This error seems to show when I try to add a route on my wp page. Is it because I use a version on which the plugin has not yet been tested(eg the latest version 5.9.2)? I saw the same error on other wordpress sites…thanks for your support!

Hey Team,

When you add a Strava activity to a page using a Shortcode, the styling it uses for narrow screen widths, which forces the table to behave responsively (pretty clever!). Messes with any other tables on that page.

Check out this video.

I’m getting the following error when I use any additional parameters other than “id”

WP Strava ERROR 401 Unauthorized - See full error by adding
define( 'WPSTRAVA_DEBUG', true );
to wp-config.php

[route id="2908937405867085842" client_id="nnnnn" image_only="true" markers="true"]

I’ve added setup the API for the user who published the route and used their client id in the shortcode (instead of nnnnn), as well as adding them to the WP-Strava Settings.

Does anyone have any suggestions please?

Hi there,

I’ve setup a Google Cloud billing account, created the API key and enabled the Static Maps API. But it’s warning me that I need to setup the OAuth consent screen.

I have a choice between Internal & External user types, but both descriptions give me the impression this method won’t be supported by your plugin.

Should I leave the OAuth consent screen unconfigured?

Hi!

Thank you very much for this plugin!

Can you please provide me with a code example to write my own shortcode renderer? I want to use your class WPStrava_ActivityRenderer to create my own layout with some activities without messing with your code in the plugin folder ??

I am looking forward to get any help from you.

Thank you very much in advance
Theo

Hello!
In the description it is mentioned

Paste in the full activity URL from Strava, such as https://www.strava.com/activities/1793155844 and click ?Embed“ (pasting a link directly into the editor also works). A preview map will be shown in the editor,

.

Which editor is used? I tried the classic editor, WPBakery (Front and Backend, Gutenberg). Nothing happened …

Can you support?

Btw: wich shortcode can I use to show segments?

Helmut

Chrome developer tools show that the GoogleMaps API isn’t being told any geographic location to load. This to me would point to some problem with the query to Strava to get the segment geographic location / LAT-LONG, but I can’t spot the source of the error.

I went back to the WP-Strava settings and re-entered my Strava Client ID and Client Secret, but it was no help. I even put the same information again in the additional athlete fields for same and I got the happy message that a new Strava Token was successfully retrieved.

• This topic was modified 3 years, 2 months ago by aetherscythe.

When I try to embed a leaderboard link like this:
https://www.strava.com/segments/15519133/leaderboard?filter=overall

I get an error, the error can be seen at:
https://attivo.co.za/strava

This was working just fine, and at some point just stopped working It is fine if it is for a user but doesn’t work when i add a club. The club I am trying to use is https://www.strava.com/clubs/TrueSapienRC (ID: 608149) which has a steday stream of activities.

I have checked the settings and reset the module but nothing seems to work. Any idea?

Kind reagrds,

John

Hi. I’m hosting WordPress on my NAS. It’s running behing a docker linuxserver/swag reverse proxy.

I’ve just installed wp-strava, I’ve hooked it up to a test Strava account that has one run activity visible by everyone. The wp-strava setting page says that my Strava account is properly connected.

When I paste any Strava URL into the content editor, it says: “Sorry, this content could not be embedded.”

I have set up a cron job every hour as suggested by the doc, by having a cronjob on my NAS (well I hope this is the way):
0 * * * * wget --delete-after https://<sanitised>/wp-cron.php

WordPress’ log for the error is:
wordpress | <sanitised> - - [02/Jun/2021:22:06:08 +0000] "GET /wp-json/oembed/1.0/proxy?url=https%3A%2F%2Fwww.strava.com%2Factivities%2F<sanitised>&_locale=user HTTP/1.1" 404 705 "https://<sanitised>/wp-admin/post.php?post=513&action=edit" "Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0"

I’m quite new to WordPress and I don’t really know where to look.

Would you be so kind to help me with this, please?

Thanks a lot.

I have had to deactivate the Strava Plugin due to in crashing our site. The plugin was causing an error titled Exception Thrown: DateTime::__construct(): Failed to parse time string (@) at position 0 (@): Unexpected character. I would love to reactivate the plugin however this issue will need to be resolved first.

Hi,

I’m able to connect to the Strava API.
New Strava token retrieved. Successfully authenticated.

But the site does not seem to save the settings correct.

WP Strava ERROR Array
(
[headers] => Requests_Utility_CaseInsensitiveDictionary Object
(
[data:protected] => Array
(
[date] => Wed, 28 Apr 2021 18:34:25 GMT
[content-type] => application/json; charset=utf-8
[cache-control] => no-cache
[via] => 1.1 linkerd
[x-download-options] => noopen
[status] => 401 Unauthorized
[x-request-id] => 339b4364-2c79-4299-92b5-bd9b05dd275d
[referrer-policy] => strict-origin-when-cross-origin
[x-frame-options] => DENY
[x-permitted-cross-domain-policies] => none
[x-content-type-options] => nosniff
[vary] => Origin
[x-xss-protection] => 1; mode=block
[content-encoding] => gzip
)

)

[body] => {“message”:”Authorization Error”,”errors”:[{“resource”:”Application”,”field”:””,”code”:”invalid”}]}
[response] => Array
(
[code] => 401
[message] => Unauthorized
)

[cookies] => Array
(
)

[filename] =>
[http_response] => WP_HTTP_Requests_Response Object
(
[response:protected] => Requests_Response Object
(
[body] => {"message":"Authorization Error","errors":[{"resource":"Application","field":"","code":"invalid"}]}
[raw] => HTTP/1.1 401 Unauthorized
Date: Wed, 28 Apr 2021 18:34:25 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache
Via: 1.1 linkerd
X-Download-Options: noopen
Status: 401 Unauthorized
X-Request-Id: 339b4364-2c79-4299-92b5-bd9b05dd275d
Referrer-Policy: strict-origin-when-cross-origin
X-FRAME-OPTIONS: DENY
X-Permitted-Cross-Domain-Policies: none
X-Content-Type-Options: nosniff
Vary: Origin
X-XSS-Protection: 1; mode=block
content-encoding: gzip

{"message":"Authorization Error","errors":[{"resource":"Application","field":"","code":"invalid"}]}
[headers] => Requests_Response_Headers Object
(
[data:protected] => Array
(
[date] => Array
(
[0] => Wed, 28 Apr 2021 18:34:25 GMT
)

[content-type] => Array
(
[0] => application/json; charset=utf-8
)

[cache-control] => Array
(
[0] => no-cache
)

[via] => Array
(
[0] => 1.1 linkerd
)

[x-download-options] => Array
(
[0] => noopen
)

[status] => Array
(
[0] => 401 Unauthorized
)

[x-request-id] => Array
(
[0] => 339b4364-2c79-4299-92b5-bd9b05dd275d
)

[referrer-policy] => Array
(
[0] => strict-origin-when-cross-origin
)

[x-frame-options] => Array
(
[0] => DENY
)

[x-permitted-cross-domain-policies] => Array
(
[0] => none
)

[x-content-type-options] => Array
(
[0] => nosniff
)

[vary] => Array
(
[0] => Origin
)

[x-xss-protection] => Array
(
[0] => 1; mode=block
)

[content-encoding] => Array
(
[0] => gzip
)

)

)

[status_code] => 401
[protocol_version] => 1.1
[success] =>
[redirects] => 0
[url] => https://www.strava.com/api/v3/activities/5197996184?&timeout=30
[history] => Array
(
)

[cookies] => Requests_Cookie_Jar Object
(
[cookies:protected] => Array
(
)

)

)

[filename:protected] =>
[data] =>
[headers] =>
[status] =>
)

)`

Any id on this?

WP host = bluehost
WP version 5.6.3
php version 7.4

The plugin displays the total elapsed time of an activity, and isn’t it more practical to display the moving time instead?

When out for a walk or ride, one might take a break, so the elapsed time won’t reflect the actual time of the activity. Hope that makes sense.

Thanks!

Is it possible to display calories burned using a shortcode?

Hi dear;
Thanks for your effort on this plugin, great features included. <3

As google maps API is not free to use, is there any chance that you can add better free alternatives like “OpenLayers” instead of google maps API?

Thanks in advance

Hi,

Is it possible to show a segment?
That would be really nice.

Is there any possibility of displaying the athlete’s ID in the List Club Activities and not just user firstname and lastname as there may be cases of homonymy?

What I would like to be able to do is to associate within the club, the activity to a given athlete.

i didn’t find any solutions yet.

Hi!

Would you be able to explain how to set us on a wordpress page a leader board from the link below, in order to allow it to update daily, or direct me to where I can find such guidance.

Thank you in advance!
Peter

https://www.strava.com/clubs/233254/leaderboard

Hello,

I’m displaying recent activities of a running group using a shortcode within the template files of my site.

How often does the plugin poll for new information? It seems to take many hours between refreshes. Is there a way to decrease the time to perhaps every 15 minutes? There are hundreds of runners in the group and I would like to display more up-to-date information.

I have found that clearing the cache from the admin area does refresh the data but this is obviously a manual process.

Any help would be appreciated.
Thanks