jave.web

@vichilino no plugin update will ever clean an existing malware … You have to do it yourself, or use a plugin to do it for you. One of the most popular security plugin with scanning in a free version is Wordfence Security – https://www.ads-software.com/plugins/wordfence/ it also provides autorepair and autodelete (so not just finding the malware but also cleaning the malware), first solve the security issue, than scan for malware and remove it – I recommend to repeat the scan&remove untill there is no dangerous code ??

Thank you for your work.

@chrisdaswiss & @endurox : thank you for your suggestions

Both codes work as expected

1. @endurox code is targeted on turning off the php completely – which is probably the most flexible solution
2. @chrisdaswiss code denies calling files with specific extensions -NOTE! if you copy code from here – rewrite the double quotes with the “code” double quotes!

You can combine both solutions to be extra-sure ??

@stefahn true, and it’s already a week with no fix or reply – I’ve contacted WP plugin team – I hope they will speed up the isssue fixing ??

What is the current status ? ?? Pretty please? O:-)

To be honest I don’t remember the previous version precisely, but most probably yes. The line in notice uses approach when you rely on PHP’s documented evaluation of non-boolean to boolean. However this does not check for existance, therefore the notice.

Maybe approach with

if( !empty($args['something']) ){ ... }

would be better?

Also after updating (but not migrating yet) there were parts in breadcrumbs path missing.

@contact-banker
This plugin is called Captcha Bank, one would thought main focus is the captcha ?? There could easily be an option to track “just” by the IP (+ maybe some other imprints). As I said earlier, external service like yours can be a good feature but also unwanted feature.

You can lower the chance, but you can NEVER make enaugh to be 100% sure it won’t happen again, especially these days.

So please, at least put a short timeout on the call with some fallback.

@contact-banker

I do understand all of that, but you didn’t quite get the message. You are not doing anything illegal, however in some countries the website has to ask the people when it anyhow tracks user geolocation, behavior etc…

The main problem is that external API calls do not have any decent timeout – few-12 hours may seem as a short time for you, but on a site with 15-40k visits even on Sunday, waiting for more than 5seconds for page load means thousands, if not ten-thousands, of angry people who do not have understanding for issues like this ??

The following bigger problem is that service is requested even when Live Traffic and Visitors Logs monitoring is disabled and seemed that everytime (not just on login).

These are bugs/problems that should be fixed anyway.

On top of that, there should surely be an option to turn such service off – sometimes its needed and a very good tool, however, sometimes its just unnecessary or even duplicating an existing functionality.

Thank you for fixing at least the main issues.

Conclusion:
This is not a plugin’s fault, but fault of loading another jQuery AFTER jQuery UI is loaded…

…RESOLVED

Plugin calls
.position(reposition).trigger('popmakeAfterReposition'); in site(.min).js

But position() does not return an object with trigger method… HOTFIX
Change

            $container
                .addClass('custom-position')
                .position(reposition)
                .trigger('popmakeAfterReposition');

to

            $container
                .addClass('custom-position')
                .position(reposition);
                
            $container.trigger('popmakeAfterReposition');

… documentation: https://api.jquery.com/position/ says Returns an object containing the properties top and left. , so it really can’t have a trigger method…

HOWEVER this is caused, because plugin in presuming jQuery UI which OVERRIDES jQuery, so if you load (another) jQuery after that – it gets overriden back again …

• This reply was modified 7 years, 4 months ago by jave.web.

It seems like a Javascript error – console:

site.min.js?defer&ver=1.6.4:1 Uncaught TypeError: n.addClass(...).position(...).trigger is not a function
    at r.fn.init.reposition (site.min.js?defer&ver=1.6.4:1)
    at r.fn.init.e.fn.popmake (site.min.js?defer&ver=1.6.4:1)
    at r.fn.init.open (site.min.js?defer&ver=1.6.4:1)
    at r.fn.init.e.fn.popmake (site.min.js?defer&ver=1.6.4:1)
    at site.min.js?defer&ver=1.6.4:2
reposition @ site.min.js?defer&ver=1.6.4:1
e.fn.popmake @ site.min.js?defer&ver=1.6.4:1
open @ site.min.js?defer&ver=1.6.4:1
e.fn.popmake @ site.min.js?defer&ver=1.6.4:1
(anonymous) @ site.min.js?defer&ver=1.6.4:2

@vipii
@peruzzo is asking for SOURCE MAPS, special files (not .scss not .css) that allows you to see where in SCSS certain style was defined.

Currently, this plugin only generates .css from .scss, so when you inspect elements, you actually see something in generated CSS mashup, not the real source of definiton.

Dear author @connectthink, could you add source maps too please?

(I would appreciate it too! ?? )

There is a second jQuery (3) ?? thanks.

@alexfbonilla that is a different error, so you should probably start a new topic about that, however these I my core jQuery things I am loading:

• jquery.js?ver=1.12.4 (head)
• jquery-migrate.min.js?ver=1.4.1 (head)
• ui/core.min.js?ver=1.11.4 (footer)
• ui/position.min.js?ver=1.11.4 (footer)

Anyway, in your topic try to provide some more code context – more code, and files & relative paths from WP root where they are coming from…
But from the selector #forgotPasswordForm I am guessing this is not related to this plugin?

@tkama

Your option is “Log data & take visitor IP into consideration”
The description of this option is:

Saves data into Data Base. Forbids to vote several times from a single IP or to same WordPress user. If a user is logged in, then his voting is checked by WP account. If a user is not logged in, then checks the IP address. The negative side of IP checks is that a site may be visited from an enterprise network (with a common IP), so all users from this network are allowed to vote only once. If this option is disabled the voting is checked by Cookies only. Default enabled.

…see I do NOT want to restrict votes per IP ! ?? But I DO want to log the vote info … do you get it now ? ?? You are conditioning vote logging with IP restriction ! ??

…CSS class, let’s say you have a nice box wrapper with some cool shadow under class “panel” – you would have to add selector to CSS defining it, however you might not be able to because it is some external CSS framework…
Still “democracy” is too generic word, it should be something a bit more specific.

Also I said that main target is to add option to ADD ANOTHER class – which is really easy (your CSS & JS would remain intact).