alicewondermiscreations
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Privacy IssueOkay this seems to neuter it –
https://gist.github.com/AliceWonderMiscreations/b6acab93d03f73ba3b327aaebbf043e1
Forum: Fixing WordPress
In reply to: Privacy IssueIt was rather troubling to find this in the source:
$key = ‘community-events-‘ . md5( $location[‘ip’] );
Using an unsalted md5 as a key? Key for what, afraid to look (found that with a grep), but I will.
unsalted md5 is worthless.
In fact unsalted any hash algo is worthless for privacy. That’s why I hacked gravatar to salt it (yes, means custom images aren’t possible, but…)
- This reply was modified 6 years, 10 months ago by alicewondermiscreations.
- This reply was modified 6 years, 10 months ago by alicewondermiscreations.
Forum: Plugins
In reply to: [XML Sitemap & Google News] Incompatibility with zlib compressionThanks. And again I apologize for the attitude I initially took.
One thing to note for people using zlib, while the plugin now works with zlib.output_compression enabled – zlib.output_compression should still be disabled on sites that use TLS (SSL) because it potentially can be used to steal session cookie data with the BREACH attack.
For purely static content zlib is safe but that doesn’t need to go through PHP.
There are defenses against BREACH but the defenses involve turning it off dynamically when you aren’t positive the request isn’t a cross-origin attack, and I’m not sure that’s easy to do in WordPress, as that has to be done before a single byte is sent or it fails to turn it off. It’s better in my opinion to just have it always off even though some SEO website checkers will complain.
Forum: Plugins
In reply to: [Cache Enabler] zlib compressionIf you use TLS, no. And you should use TLS.
There are several different exploits that allow TLS communication to be deciphered when compression is used.
For many types of communication it does not matter, but it really is best practice to just not use compression for dynamic content.
For purely static content, compression is fine, but that’s not PHP.
Forum: Reviews
In reply to: [XML Sitemap & Google News] Does not workProblem solved – zlib compression was turned on and was to blame.
I didn’t realize I had it on, I usually disable it.
Forum: Requests and Feedback
In reply to: PSR-4 AutoloaderThis would work – I think, didn’t run it.
https://gist.github.com/AliceWonderMiscreations/4ba7209256f0e2b38d59a8787d164f63
I created a ticket
Forum: Requests and Feedback
In reply to: Future about embeds and emojisI guess what I’m saying is when the fallback scripts are only there for a minority of browsers that don’t have native emoji support, result in tracking cookies and additional http requests, and also incorrectly identifies systems that actually don’t need the fallback – KISS dictates the removal of the fallback scripts.
It’s kind of funny.
Twice I have recommended features that are not eye candy and needed in core – ability to build a webfont string that allows the sysadmin to specify the server, and a PSR-4 autoloader – and have been told that belong as plugins and not in core even though they really need to be in core because of script load issues.
But a purely eye candy feature like emoji fallback that would work just fine as a plugin, that’s in core.
I don’t understand.
- This reply was modified 6 years, 10 months ago by alicewondermiscreations.
Forum: Requests and Feedback
In reply to: Future about embeds and emojisFireFox isn’t broken on Linux, emojis work just fine in it.
Well there are other issues with FireFox, but the emojis work.
Forum: Reviews
In reply to: [XML Sitemap & Google News] Does not workOh and I apologize for the 1 star, I was absolutely wrong to rate the plugin before asking about was going wrong.
I’ve made a mental not not negative rate for at least 48 hours in the future to give myself time to rationally think about what I’m doing.
Forum: Reviews
In reply to: [XML Sitemap & Google News] Does not workfor php –
php-common-7.1.14-1.el7_4.awel.libre.0.x86_64
php-intl-7.1.14-1.el7_4.awel.libre.0.x86_64
php-pear-1.10.5-1.el7_4.awel.libre.1.noarch
php-tidy-7.1.14-1.el7_4.awel.libre.0.x86_64
php-cli-7.1.14-1.el7_4.awel.libre.0.x86_64
php-pecl-apcu-5.1.9-1.el7_4.awel.libre.x86_64
php-json-7.1.14-1.el7_4.awel.libre.0.x86_64
php-process-7.1.14-1.el7_4.awel.libre.0.x86_64
php-pgsql-7.1.14-1.el7_4.awel.libre.0.x86_64
php-gd-7.1.14-1.el7_4.awel.libre.0.x86_64
php-xml-7.1.14-1.el7_4.awel.libre.0.x86_64
php-pecl-imagick-3.4.3-1.el7_4.awel.libre.0.x86_64
php-mysqlnd-7.1.14-1.el7_4.awel.libre.0.x86_64
php-pdo-7.1.14-1.el7_4.awel.libre.0.x86_64
php-bcmath-7.1.14-1.el7_4.awel.libre.0.x86_64
php-7.1.14-1.el7_4.awel.libre.0.x86_64
php-mbstring-7.1.14-1.el7_4.awel.libre.0.x86_64
php-pecl-libsodium-2.0.10-1.el7_4.awel.libre.x86_64For WordPress plugins, not a lot.
Theme is gtl-multipurpose
Post Type Switcher (a feature WP really should have)
Open Graph
Disable Emojis
Contact Form 7Plus two I wrote –
https://github.com/AliceWonderMiscreations/FlossWoff2/blob/master/wordpress/AWMFontBuilder.php
That’s just a class, installed in mu-plugins – that lets me use my own font server instead of google fonts.
https://github.com/AliceWonderMiscreations/PluggableUnplugged
That one does replace some of the wp functions in pluggable.php – such as the horrid way WP generates CSRF tokens.
Forum: Reviews
In reply to: [XML Sitemap & Google News] Does not workEven with debug this is the only thing showing up in the error logs:
PHP Warning: unlink(/srv/notrackers.com/wordpress/sitemap.xml): Permission denied in /srv/notrackers.com/wordpress/wp-content/plugins/xml-sitemap-feed/includes/class-xmlsitemapfeed.php on line 1679, referer: https://notrackers.com/wp-admin/plugins.php
That’s where enabling the plugin tried to nuke my manually created sitemap.xml and it isn’t related as issue existed before I created it, but I can move it if needed.
Forum: Reviews
In reply to: [XML Sitemap & Google News] Does not workokay with the plugin actually turned on – it’s generating gibberish.
Forum: Reviews
In reply to: [XML Sitemap & Google News] Does not workIt seems to indicate it is not a valid feed.
Forum: Requests and Feedback
In reply to: PSR-4 AutoloaderNo, the problem is there is no way to guarantee a plugin runs before other plugins or classes that need a class loaded by PSR-4.
WordPress does not have a way to do that, other than putting the plugin in mu-plugins where it can’t be updated except manually – and then still isn’t available to other plugins in mu-plugins unless it is alphabetically before them.
Core needs a PSR-4 autoloader.
And it really should have one.
- This reply was modified 6 years, 10 months ago by alicewondermiscreations.
Forum: Requests and Feedback
In reply to: PSR-4 AutoloaderAlso PSR-4 is better than mu-plugins for class loading because PSR-4 loads as needed, not by alphabetical order, so if \foo\bar\AwesomeClass() makes use of \foo\bar\CrappyClass() – the latter will load on demand first even though C comes after A – which doesn’t happen in mu-plugins.