rolandog

For reference, this is being addressed as a GitHub issue.

@clorith , do you think an exception could be made for UTC (as it isn’t a manual offset)?

Hello.

Could a case be made to exempt UTC from being categorized as a ‘manual offset’? After all, WordPress does have a ‘UTC+0’ manual offset, independent of the ‘UTC’ entry in the drop-down list:

• This reply was modified 4 years, 11 months ago by rolandog.

Hey everyone, I created an issue on GitHub so that this gets updated upstream.

• This reply was modified 5 years ago by rolandog.

Those links seem very useful! Again, thanks for the support and advice, and sorry for the trouble!

Thank you for your prompt response!

From this question, I’m not sure you understand what SRI is designed to do, or perhaps you simply misunderstand one of its foundational concepts.

It very well may be that I don’t fully understand SRI (although I’ve been reading specifications and developer documentations whenever I bump into any problems, and honestly trying to grok before asking questions).

SRI does not apply to inline scripts because it makes no sense to do so; the inline script was delivered as part of the same HTTP resource as the HTML, after all.

You’re totally right. I was confused with the example that was presented in the MDN entry for CSP’s script-src.

Thanks again for the answer! I think I may need to scrape inline scripts and generate a nonce attribute that is also added as a value to the Content Security Policy. At least, that’s what may be recommended by CSP2.

Hello Meitar!

Your plugin seems really great!

I’m starting to try it out, but ran into @fxdesca78’s problem as well: I’m trying to use the most restrictive CSP possible, but — even if I get everything right on the theme’s side (I’m actually trying NOT to use any JS) — I’m running into issues on the WP-Admin side: without white-listing ‘unsafe-inline’ and ‘unsafe-eval’, some pages (like post the post editor, or plug-ins like Akismet) simply don’t work.

Do you think it could be possible to parse inline scripts?

I haven’t seen recent activity, and there are some issues with deprecated policies still in place. Have you found comparable alternatives?

I wish I could travel faster-than light, go through some sort of wormhole and slap myself real hard on the face, in order to avoid this epic FFUUUUU.

Thanks for your help sheried and esmi.

Sorry for the confusion.

Ok, forget about the Y2K10 bug… the date of the page was 2005/11, so the files were uploaded to 2005/11.

Getting back to the topic at hand, if I link to resume-rolando-garza-en.pdf, you’ll get a 404. But if you go to wp-content/uploads/ and click ‘resume-rolando-garza-en.pdf’, you can download the file.

Indeed. As I said in the previous explanation, I also tried uploading through WP.

I also found out a weird Y2K10 bug for WP, since the files were uploaded to my /uploads/2005/11 directory at first. I then chose to not use folders so they were uploaded to my /uploads the third time I tried.

I also tried using and disabling the Full URL Path to files option.

Thanks for your reply escapist. That solved my problem.

No problem. =) But, a small note: you have to set a custom field of wpautop to false so that the plugin works. I changed it so that it seemed more logical.

Ok, third time’s the charm. The other versions didn’t output valid XHTML. I reviewed the code and it seems it was all about adding the filter with a different priority.

<?php
/*
Plugin Name: rm_wpautop
Plugin URI: https://rolandog.com/archives/2008/11/12/wp-plugin-rm-wpautop/
Description: This plugin allows you to set a 'rm_wpautop' custom field in your pages or posts and allow for WordPress not to add automatically paragraph elements.
Author: Rolando Garza
Author URI: https://rolandog.com/
Version: 0.3
*/
function rm_wpautop($content) {
    global $post;
    // Get the keys and values of the custom fields:
    $rmwpautop = get_post_meta($post->ID, 'wpautop', true);
    // Remove the filter
    remove_filter('the_content', 'wpautop');
    if ('false' === $rmwpautop) {
    } else {
        add_filter('the_content', 'wpautop');
    }
    return $content;
}
// Hook into the Plugin API
add_filter('the_content', 'rm_wpautop', 9);
?>

Sorry, I had a small bug, fixed it now. It seem it was best to call this to the_content, and I also changed the key to rm_wpautop.

<?php
/*
Plugin Name: rm_wpautop
Plugin URI: https://rolandog.com/archives/2008/11/12/wp-plugin-rm-wpautop/
Description: This plugin allows you to set a 'rm_wpautop' custom field in your pages or posts and allow for WordPress not to add automatically paragraph elements.
Author: Rolando Garza
Author URI: https://rolandog.com/
Version: 0.2
*/

function rm_wpautop() {
    global $posts;
    // get the posts
    foreach ($posts as $post) {
        // Get the keys and values of the custom fields:
        $id = $post->ID;
        $rmwpautop = get_post_meta($id, 'rm_wpautop', false);

        // Remove the filter
        if (count($rmwpautop)) {
            remove_filter('the_content', 'wpautop');
        } else {
            remove_filter('the_content', 'wpautop');
            add_filter('the_content', 'wpautop');
        }
    }
}

// Hook into the Plugin API
add_action('the_content', 'rm_wpautop');

?>