expertn00b

LOL!!! i hate to break this to you, but i am that guy.
you just couldnt hear my genius!

no but seriously, teach me the riffs ??

there should be a repair permissions script that checks and repairs your wordpress sheet. is there already ?

btw when i said penetration tester i meant male gigolo ??
joke, joke.

I might truly feel hurt by that sentiment, if I didn’t already think that you were probably the type of guy who isn’t afraid to say what-ever he wants to who-ever he wants, ignore who-ever isn’t relevant to your own interests, and only show respect to people who have earned it! But yeah… You’re just preachin’ to the choir, mate.

I’ve been jammin’ ‘ya all along. But no worries! It doesn’t mean I can’t learn something from you, or that I don’t respect your opinions!!

/me scratches head ??
really confused now. what does jamming mean ? having me on ?
seems youve been reading my other posts ??
yeah im not very polite when people arent polite to me and i couldnt give a monkeys uncle whether people like what i say or not. this is true ?? ive been thrown off of practically every forum ive ever been on for swearing. its great, im awesome!
thats much more of a decent permissions situation, people should take note, thanks.

I can honestly say I probably would have never guessed that.

not sure if thats sarcastic or not ??

How does that work? What’s the “recursive” thing mean?

chmod -R 777 [folder] – means make everything in this folder and in every folder below it permission 777. ie. legs open ??

You mean people could just download my photos and stuff that I have for sale without even paying for it!?

well a good test is trying the download link you send out without paying ?? dunno what cart you are using but i used the mess that is wp eommerce for about two weeks and chmodding the uploads folder would certainly do that.

heh, not really, its a never ending subject ?? i did work as a penetration tester once, but i was crap and they fired me, so that shows how good i am ??

directory listing doesnt stop the file being accessible if you know where it is though does it ? you could probably work that out from other clues on the site… still.. you still need a login or some way of writing to the file to be able to exploit the server or the wordpress install.

i couldnt figure out why wordpress allowed that whole folder to be accessible, but i guess its just got to be that way, not sure. the web server group has to be able to write to the folder to enable wp to upload i think, but still – i dont necessarily want everyone to be able to access those files.

the other thing that is a possible stumbling block is having wp ecommerce installed and then recursive chmodding the uploads folder, which would mean the wpsc folder would be open to having a look, which would mean your downloadable files which people are supposed to buy would be free, assuming you knew the file name… dunno what other can of worms that would open… ive seen a load of people on here going ‘oh my upload doesnt work’ – right then chmod -R 777 upload/ – DOH! ??

oar white ??

well 777 does this to your permissions:

rwxrwxrwx

which means the owner and the group and everyone else can all read, write and execute this file. if you then go and start recursively 777’ing everything it cant be good ?? if i can start writing to a directory on your server then that opens up possibilities. say privilege escalation, XSS stuff. gawd knows what. i think thats the worst thing you could possibly do, potentially.

also, in my experience shared server stuff is so crap, if you wanted to do malicious stuff – it would be quite easy. im on dreamhost (not because i want to be ?? and ive encountered quite a few interesting things. including being able to read how every user on the machine logs on, ftp, shell or whatever. whether they have mail accounts. what their login is, all the scripts in the root directory for backups and the backups themselves including database backups completely open etcetcetcetcetc. ?? heh once they left ‘root’ open and i could download other peoples database backups which i promptly did and sent to them for full embarrassment ??

‘Dunno about “contributing” back a modification that I paid for though.. ‘ – fully open to using free stuff and having other people spend money on your behalf but not the other way eh ?

well i got this working with yak in the end, which has a very nice downloadable section which wp ecommerce was lacking a bit. it had it, but boy was it rubbish and didnt work, flashy ajax though. anyway i had to hack yak-dl.php to send Xsend headers which shoved out the file for download because my files are rather large which isnt handled by a standard php openfile into memory command. Jason B says he is putting streaming code into the next version so this problem should be resolved shortly.

thanks, 777 should never be done under any circumstances cos that is like spreading your legs for the polish hackers.

well i persevered and actually, although basic, it works well and im going with it for now. cheers yakkers.

well, i got yak working and it seems ok now. it looks like a pile of doggy doo, doesnt have any flashy ajax updating n stuff but it works and looks a lot more organised support wise.

no its 55 for the basic version *dollar
then you need to add gateways at 25 each
im down to shopp and eshop right now
there may be others though….

behave now. look me up on krisweston.com and buy my album (in a year or two when the shop works) to support my crack habit ??

really must sleep.

im erring towards shopp right now, awaiting whether they can do what i want. that or possibly eshop. yak is good actually its open source and i like the dev from what ive read of him. it just doesnt look flashy enough for what i want. think the error it threw was some config thing about not setting up gateways first… i might buy shopp then hang myself with the packaging hehehe ??

yeah best thing is to start from scratch then slowly put in what you had before. well best thing is to use summat else i reckon ??
did you try disabling shipping as well ?

better go and lie down its way past yesterdays bedtime!

f(&*@￡kin CSS!

heres some review of wp ecommerce and notice all the people at the bottom ??

https://blogsessive.com/blogging-tools/wp-e-commerce-wordpress-plugin/