flymike

The nginx config below works – once MV is completely activated. But I can’t figure out what nginx config is needed to pass the MV test which enables the complete activation. I fooled MV into complete activation by running on Apache – then I switched to nginx.

If the author would fully describe the tests that are used to fully enable, then I will try to create the nginx config that satisfies them.

# Media Vault Rewrite Rules

# RewriteRule ^wp-content/uploads(/_mediavault/.*\.\w+)$ index.php?mgjp_mv_file=$1 [QSA,L]
rewrite ^/wp-content/uploads(/_mediavault/.*\.\w+)$ /index.php?mgjp_mv_file=$1 last;

# RewriteCond %{QUERY_STRING} ^(?:.*&)?mgjp_mv_download=safeforce(?:&.*)?$
# RewriteRule ^wp-content/uploads(/.*\.\w+)$ index.php?mgjp_mv_file=$1 [QSA,L]
if ($args ~* "^(?:.*&)?mgjp_mv_download=safeforce(?:&.*)?$")
 {
	rewrite ^/wp-content/uploads(/.*\.\w+)$ /index.php/?mgjp_mv_file=$1 last;
 }
# Media Vault Rewrite Rules End

Thanks for that. I confirmed that the database backup includes wp_options.
So I wrote a quick plugin to dump the unserialize of get_option(‘simplyexclude_v2’) and found the version on the target was smaller than the source (presumaby my recently added settings were missing).
Then I noticed that the old version key ‘simplyexclude’ was also in wp_options, so I deleted (actually renamed) that key. Repeated the backup and restore sequence, and… ALL IS WELL!
I can’t explain this – but I would like to leave the old version key deleted. Is there any dependency on it in 2.0.6.1?

form#registerform>p:first-child

will select a child of the identified form which is a paragraph and is also the first child.
It’s not perfect, but it will accomplish your goal and is certainly more selective that just p:first-child. And, most importantly, it will fix my problem ??

I did not say it was all over the site. The primary problem is the registration page, where my other plugins are inserting paragraphs, and some of those paragraphs are being hidden because they are first-children of other elements.
It is your css selector which is too broad. It will hide every paragraph on the registration page which is the first child of another element. Is that really what you intended?
Yes, I’m using v2.5.3.

This intrusion has recurred – this time on the current version, 3.1.1.
The hacker logs in (validly) as subscriber, creates a post – which should have gone into Pending Review state – then immediately updates the post as Administrator to Published state. The access log is below. Both of the logins were with the Subscriber username (my site records all logins with username and IP).
I can’t figure out how this hacker is getting Administrator privilege.

83.28.5.21 - - [25/Apr/2011:09:26:57 -0700] "POST /wp-login.php HTTP/1.1" 302 969 "https://sarasotasailingsquadron.org/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
83.28.5.21 - - [25/Apr/2011:09:26:59 -0700] "GET /wp-admin/post-new.php HTTP/1.1" 200 38080 "https://sarasotasailingsquadron.org/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
83.28.5.21 - - [25/Apr/2011:09:27:03 -0700] "POST /wp-admin/post.php? HTTP/1.1" 403 1639 "https://sarasotasailingsquadron.org/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
83.28.5.21 - - [25/Apr/2011:09:27:07 -0700] "POST /wp-login.php HTTP/1.0" 302 1094 "-" "Snoopy v1.2.4"
83.28.5.21 - - [25/Apr/2011:09:27:09 -0700] "POST //wp-admin/ HTTP/1.0" 200 30707 "-" "Snoopy v1.2.4"
83.28.5.21 - - [25/Apr/2011:09:27:12 -0700] "GET //wp-admin/press-this.php HTTP/1.0" 200 31442 "-" "Snoopy v1.2.4"
83.28.5.21 - - [25/Apr/2011:09:27:14 -0700] "POST //wp-admin/press-this.php?action=post HTTP/1.0" 200 31671 "-" "Snoopy v1.2.4"
83.28.5.21 - - [25/Apr/2011:09:27:23 -0700] "GET / HTTP/1.0" 200 69061 "-" "-"

my mistake; 3.04 on Jan 4, not 3.05

DBC Backup v1.1 was working perfectly on WP 2.9.1 until 3 weeks ago. Then it stopped doing daily backups.
Reading the code on dbcbackup-options.php, I don’t understand how it ever worked. I’m hoping someone can explain it:

dbcbackup-options.php calls wp_schedule_event with the 2nd parameter = ‘dbc_backup’. But wp_schedule_event requires the 2nd parameter be how often the event should occur, and the value be one of ‘hourly’, ‘twicedaily’ or ‘daily’.

How did this plugin ever work?

it transpires that the php-xml RPM had to be installed on the (Fedora) server.