Blue Lotus Works

Was unplugged for a few days. I emailed a link to a limited quantity demo variable product typical of many of our products on 3/21.

Thanks for trying. Still getting the same result.

RE: For our purposes, the message sent is sufficient, but I won’t presume other users feel the same way.

Meant to say:

For our purposes, this isn’t urgent as the message sent is sufficient, but I won’t presume other users feel the same way.

Hi James, it’s been a couple years since we “talked”. Thanks for continuing development on cart stock reducer and the continuing props in the readme file (although my feelings wouldn’t be hurt if removed).

This is an issue we’re seeing too. Pending Order Text, Append Expiration Time to Pending Order Text and Append Included Items to Pending Order Text are not functioning as expected. Instead of being triggered, we’re seeing the fallback message of “Item is no longer available”. The easiest way to demo that is to open chrome and firefox to the same url and add the same single item variation to a cart. The second one done will produce the fallback message. Let me know if you want me to email you a demo URL.

For our purposes, the message sent is sufficient, but I won’t presume other users feel the same way.

Warmest regards,
Bob

See the solution posted by nicolesmithweb at the end of the following support topic: https://www.ads-software.com/support/topic/variations-losing-dependency-after-more-than-30-variations-are-added

Change “return 250;” to accommodate all your variants (e.g., return 500;).

So you don’t have to jump to the link, code is:

function custom_wc_ajax_variation_threshold( $qty, $product ) {
	return 250;
}

add_filter( 'woocommerce_ajax_variation_threshold', 'custom_wc_ajax_variation_threshold', 10, 2 );

Place the code in the functions.php file for your theme, a custom plugin or use the Code Snippets plugin

Original source is https://gist.github.com/claudiosmweb/6f91ad228c2176b986b2

Thanks Eero, but that doesn’t resolve the issue as that’s the setting we’re using. At robertredus.com, pages and events are activated and Home, News, and Events pages are included. All other pages are excluded. The News page is the blog page. Box activates on the Home and Events page, but not the News page.

Issue resolved in version 0.7.4. Thanks!

Thanks for confirming Calvin. Fix noted was for those that don’t want to mess with code. We commented the row out as follows

/* COMMENT OUT BAD ENQUEUE BEGIN
    wp_enqueue_script( 'my-script-handle', plugins_url('my-script.js', __FILE__ ), array( 'wp-color-picker' ), false, true );
   COMMENT OUT BAD ENQUEUE END */

Keeping the thread open as the issue is not resolved until corrected by a theme release.

Well, we got things to work, but would say the plugin is a bit buggy and missing at least one valuable feature.

When using the plugin to create a poll, if you use the anchor (a) or image (img) tag, when you save it looks like the tags didn’t get saved…they’re gone. However, if you check the poll at Polldaddy, the tags are there and the poll functions properly when embedded in a page or post.

Knowing that, until the bug is resolved, we’ll build our polls at Polldaddy and only use the plugin for poll inventory purposes since the polls listed in the plugin don’t have a link to edit them anyway, only embed and preview.

Thanks Donncha. We tried that per https://support.polldaddy.com/adding-html-to-poll-questions-and-answer-options/, but when we used the img tag the image we tested didn’t render. Perhaps something we missed in our code? We’ll try again later today and mark this resolved if we fix it. Either way, we’ll post a followup comment.

P.S. Although limited, another TimThumb vulnerability is unfortunate considering it was rewritten from the ground up after 2011’s exploit.

Thanks for confirming removal of timthumb.php has no affect when Events > Settings > General > Performance Optimization > Use WordPress thumbnails is set to “Yes”. We have verified that (and file rename also works) and marked this topic resolved.

Again, we encourage the plugin author to remove TimThumb from the plugin.

Thanks Jan for trying to help clarify, but…

Events manager is packaged with timthumb.php. In the current version, it’s located at includes/thumbnails/timthumb.php

And no, that doesn’t sum up the question. The questions were accurate as originally stated and were:

1. It appears Events Manager is not vulnerable to it as webshot capability is deactivated wherever the option’s activation code appears in Events Manager’s code (i.e., define (‘WEBSHOT_ENABLED’, false);). Will a plugin author please confirm?
2. Also, is there a recommended way to deactivate all TimThumb capability, including code/file removal in the plugin?

We understand Events Manager may continue to use TimThumb for backward compatibility. But, considering TimThumb has a history of vulnerability and most, if not all, of its capabilities has a native WordPress equivalent that’s more efficient, we hope the plugin authors reconsider continuing to use it. Perhaps consider forcing everyone to use WP generated thumbnails in the next plugin release (e.g., 5.5.3.2) followed up by removing TimThumb in the following release (e.g., 5.5.3.3)?

Yes please. Again, the vulnerability is associated with TimThumb, not Events Manager. There’s the potential to trigger it by a direct call to the timthumb.php file.

Thanks for responding. For us, we do that at install, but the info may be helpful for others. However, we don’t think the response answers the questions. The vulnerability is triggered by a direct call to the timthumb.php file. See the report at https://seclists.org/fulldisclosure/2014/Jun/117