justmattb

Yes, and when I do, the bookmarklet works.

Yeah, that was because I just uploaded the zip file that I downloaded directly from Git. I went ahead and renamed it to argo-links and reactivated it to clean it up. It appears to work in the latest version of WordPress. I am able to do everything with it, with the exception of using the bookmarklet with BPS. I have even gone so far as to remove most of the code from the .htaccess file:

# BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
# Add or remove user agents temporarily or permanently from the first User Agent filter below.
# If you want a list of bad bots / User Agents to block then scroll to the end of this file.

RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

But still get the same result.

Really, really, REALLY appreciate you looking at this. I have tried removing huge sections of the .htaccess file trying to identify what is causing this and am still scratching my head. Will keep plugging away at it.

Still not working; this is what it looks like:

root .htaccess:

# TimThumb Forbid RFI By Host Name But Allow Internal Requests
#RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
#RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
#RewriteRule .* index.php [F,L]
RewriteCond %{REQUEST_URI} (argo-this\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteCond %{HTTP_REFERER} ^.*mysite.com.*
RewriteRule . - [S=1]

wp-admin .htaccess:

# Allow wp-admin files that are called by plugins
# Fix for WP Press This
RewriteCond %{REQUEST_URI} (admin-ajax\.php|press-this\.php) [NC]
RewriteRule . - [S=1]

I disabled the wp-admin .htaccess file and that didn’t help, so I imagine there is something in the main .htaccess file that is preventing access. Without BPS enabled, it works, but I certainly don’t want to use that as mu solution! ??

Hmmm… I know I tried this before, but got different results. Could have been mistaken… Anyways, if I take out the argo-this\.php| from the REQUEST_URI section, I am NOT able to use the bookmarklet from within my own site. When I add it back in, I am. So I guess now my question would be, how would I block everything else already being blocked, but allow access to this specific REQUEST_URI from any URL? Is there a way to do that?

In other words, have a separate section for:

RewriteCond %{REQUEST_URI} (argo-this\.php) [NC]
RewriteCond %{HTTP_REFERER} ^.*.*.* (not sure how to allow all)
RewriteRule . - [S=2]

Thanks for looking; I commented out all of those and still have the issue. I even removed the whole # BPSQSE BPS QUERY STRING EXPLOITS section and still got the same 403 error from BPS.

If you want to look at the code for the argo-this.php file, you can see it here:

https://github.com/argoproject/argo-links/blob/master/argo-this.php

Thanks; tried the admin piece, but that doesn’t work. I imagine that is because it is not actually calling it from wp-admin, but from within the plugin folder itself.

That didn’t seem to help. With or without that entry, I can click the bookmarklet when browsing my own site and it works fine. Even with that entry, when I am browsing another site, clicking the bookmarklet (to capture the URL and title of page I am on), still brings up the 403 error.

I also tried this to see if it was a problem with the referrer, but this didn’t seem to fix it (when browsing from songsterr.com).

# TimThumb Forbid RFI By Host Name But Allow Internal Requests
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F,L]
RewriteCond %{REQUEST_URI} (argo-this\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteCond %{HTTP_REFERER} ^.*mysite.com.* [OR]
RewriteCond %{HTTP_REFERER} ^.*songsterr.com.*
RewriteRule . - [S=1]

If that did fix it, it wouldn’t really help, since the bookmarklet is there to be used when browsing any URL I want to capture (which would then be the value of HTTP_REFERER:)

You need to go in through ftp/ssh/whatever to your webserver and rename the buddymobile folder to something else (like buddymobile.old). Once you do that, the plugin will be disabled and you’ll be able to access your site again.

Looks like that’s it; just looked up the Amazon S3 php sdk that this plugin includes and found this mentioned in the Readme:

Minimum requirements
PHP 5.3.3+ compiled with the cURL extension
A recent version of cURL 7.16.2+ compiled with OpenSSL and zlib

Actually, when I looked at backwpup.php, I saw this line:

if ( function_exists( 'curl_exec' ) && version_compare( '5.3.3', PHP_VERSION, '<=' ) && class_exists( 'BackWPup_Destination_S3' ) )

So it looks like in order to continue to use S3, you have to be at version 5.3.3 or higher. Am I reading that correctly?

I fixed those lines, but still don’t see S3 anywhere. The server I’m on is running PHP version 5.2.17, so I should be good there. Any other ideas?

Forget it; noticed the other thread you pointed to. Thanks!