Thanks to vpiwigo, new maintainer, new release

Thanks to update the plugin.
I just do the update but on a new page, when I want to select a picture, I get the list of albums but no pictures are displayed when i click on “Get more”

Piwigo 2.7.1
Piwigo : https://www.gouyet.org/piwigo/
Wordpress 4.0
Theme : Twenty Fourteen

Hi Condorman,

interesting … do you use Firefox? Can you open the Developer Tools and the Javascript Console?

I tried with http, https, and local, and in all cases it did load properly.

Also, that you could load the list of albums, but *not* photos is strange …

Indeed, doesn’t work .. strange … I will try to debug it with your piwigo installation.

Oookkaay,

did this work with 2.23??? I didn’t get it to work with 2.23, neither.
I have an idea what might be the problem, but that is nastily connected to the way how piwigopress calls the ws.php script on your piwigopress installation.

Please try previous versions of the plugin, too, and let me know the outcome!

Thanks

Norbert

Hi Norbert,
Thanks to help me.

The first query with ws.php returns values.
https://www.gouyet.org/piwigo/ws.php?format=json&method=pwg.categories.getList&recursive=true

The seconde one like :
GET ../wp-content/plugins/piwigopress/thumbnails_reloader.php?&url=https://www.gouyet.org/piwigo/&category=2

gives no values.

It was not working with the previous version.
And I get no categories with the previous version.

Yeah, this is what I supposed. The download of the category is done via Ajax, something I have written and added in 2.24. The loading of the photos in thumbnails_reloader.php is old, I have only touched it slightly.

I am debugging it right now, I see that there is a problem with the download method, but I have *no* idea why. If I type the same stuff into the browser it works, but if I use the php code with fsockopen then it gives me “Access denied” (from your as well as my server).

So I need to dig deeper ??

Please have patience.

There is a simple solution – have both the blog and the photos on the same domain. But I *hope* to get this fixed soon.

Norbert

In my case, they are on the same domain.
But for the moment, wordpress site URL in not at the final place.
I will change it soon when i finish to migrate from joomla (actual site) to wordpress.

In my case: this url is not working :
https://www.gouyet.org/piwigo/&category=2

but this one is OK :
https://www.gouyet.org/piwigo/index.php?/category/2

And I have modrewrite activated with wordpress…

Condorman,

something is really fishy on your side. I tried both the piwigo demo site as well as my own site from a third computer, and I can load the images in both cases.

I compared the responses from the piwigo site and your site, and they are slightly different, in particular your site sends the full answer in response body, what is different on the piwigo site.

Unfortunately I don’t understand enough about this problem. Is your server somehow specially set up, something unusual?

——–

Concerning the loading of categories – this is a protection that has been built into most browsers to prohibit cross site scripting. https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
TO overcome this one would need to send (from the server) specific headers allowing to get these information.

I will investigate whether there is a way to do the same with jsonp or similar, I faintly remember having heard something in this direction.

All the best

Hi Condorman,

ok, more data points … you are doing some interesting checks on your server … I can get the list of recent photos via my browser (firefox) by requesting:

https://www.gouyet.org/piwigo/ws.php?method=pwg.categories.getImages&recursive=true&format=php&per_page=5&order=id%20desc&page=0

(what the piwigopress code is sending), but doing the same on the command line with wget I get errors:

HTTP/1.1 403 Forbidden
  Set-Cookie: startBAK=R3415777513; path=/; expires=Fri, 21-Nov-2014 03:47:19 GMT
  Content-Type: text/html; charset=iso-8859-1
  Set-Cookie: start=R1548267892; path=/; expires=Fri, 21-Nov-2014 03:57:31 GMT
  Server: Apache
  Vary: Accept-Encoding
  Transfer-Encoding: chunked
  Date: Fri, 21 Nov 2014 02:46:27 GMT
  Connection: keep-alive
  X-Geo: varn10.rbx5
  X-Geo-Port: 1014
  X-Cacheable: Not cacheable: not http 200
2014-11-21 11:46:28 ERROR 403: Forbidden.

So I guess the problems are on your server side, I cannot help there much.

Hi Norbert,

In fact, with your message, I understand where the issue could come from.
My web hosting provider use modsecurity. Then I found in the log many messages :

[Fri Nov 21 02:57:57 2014] [error] [client 150.65.150.103] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file “/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf”] [line “65”] [id “960009”] [rev “2.1.1”] [msg “Request Missing a User Agent Header”] [severity “NOTICE”] [tag “PROTOCOL_VIOLATION/MISSING_HEADER_UA”] [tag “WASCTC/WASC-21”] [tag “OWASP_TOP_10/A7”] [tag “PCI/6.5.10”] [hostname “www.gouyet.org”] [uri “/piwigo/ws.php”] [unique_id “VG6cJQoAdhEAAHN7zwIAAACw”]

When you query from a browser, you have headers in the HTTP query.
When you query with wget, you probably don’t add header and modsecurity block the query.
I temporary disable modsecurity and now I can see and select the pictures.
Please can you check if you can add headers and I will set again modsecurity to test.
Thanks a lot.

Ok, will try that, shouldn’t be too hard.

Ok, I was too optimistic.
jquery/javascript uses XMLHttpRequest which is *not* allowed to alter the user agent header. As well as many other headers, out of security (as far as I understand). Hmmm…. no idea how to proceed, though.