tmuikku
Forum Replies Created
-
Forum: Plugins
In reply to: [WooCommerce Weight Based Shipping] Suggestions to improve the pluginHi,
thanks for quick reply.
You are correct regarding using @ -operator! I should check my error handler.
https://php.net/manual/en/language.operators.errorcontrol.phpSecurity comment was based on general WP guideliness. Too many plugins neglect security concerns and first red flag is handling input data without the simple security facilities WP offers one to use.
I’ll revisit the plugin and report if there is any problems.
Alright, with SSO there is two stages when NextADI want’s to get the plugin settings profile.
Both of which check against the user suffix.Now, the suffix is not present if logging in with down level login like TEST\klammer.
This was fixed by the last patch, user could authenticate.But, still the plugin failed the login because post login processing in the NextADInt_Adi_Authentication_SingleSignOn_Service couldn’t find user data from AD because the user now had a suffix from the authentication.
This can be fixed by adding
NextADInt_Adi_Authentication_SingleSignOn_Service::getProfilesWithoutSuffixSet() method filter closure a check to the option $profile[NextADInt_Adi_Configuration_Options::ALLOW_DOWN_LEVEL_LOGON_NAME]/** * Get all profiles that have no account suffix specified. * * @param $profiles * * @return array */ protected function getProfilesWithoutSuffixSet($profiles) { return NextADInt_Core_Util_ArrayUtil::filter(function($profile) { return $profile[NextADInt_Adi_Configuration_Options::ALLOW_DOWN_LEVEL_LOGON_NAME] || NextADInt_Core_Util_StringUtil::isEmptyOrWhitespace($profile[NextADInt_Adi_Configuration_Options::ACCOUNT_SUFFIX]); }, $profiles); }Also, need to add NextADInt_Adi_Configuration_Options::ALLOW_DOWN_LEVEL_LOGON_NAME into the argument array in NextADInt_Adi_Authentication_SingleSignOn_Service::findSsoEnabledProfiles() ;
/** * Find all profiles with the necessary roles. * * @return array */ protected function findSsoEnabledProfiles() { // find all profiles with the given options and add them to our $profiles array $profiles = $this->getConfiguration()->findAllProfiles(array( NextADInt_Adi_Configuration_Options::ACCOUNT_SUFFIX, NextADInt_Adi_Configuration_Options::SSO_ENABLED, NextADInt_Adi_Configuration_Options::SSO_USER, NextADInt_Adi_Configuration_Options::SSO_PASSWORD, NextADInt_Adi_Configuration_Options::DOMAIN_CONTROLLERS, NextADInt_Adi_Configuration_Options::PORT, NextADInt_Adi_Configuration_Options::ENCRYPTION, NextADInt_Adi_Configuration_Options::NETWORK_TIMEOUT, NextADInt_Adi_Configuration_Options::BASE_DN, NextADInt_Adi_Configuration_Options::SSO_USER, NextADInt_Adi_Configuration_Options::SSO_PASSWORD, NextADInt_Adi_Configuration_Options::ALLOW_DOWN_LEVEL_LOGON_NAME )); ......Hope this helps ??
- This reply was modified 8 years, 5 months ago by tmuikku.
Forum: Plugins
In reply to: [WP Advanced PDF] Multiple suggestionsCool!
There was another important one I forgot to add. The email popup HTML is echoed to html <head> section with wp_head action hook. This is bad, please change the action hook to wp_footer.
Thanks.Hi, you have to check a checkbox from the plugin settings to allow low level authentication.
We still had error with the suffix setting though.We still couldn’t login since the SSO authentication procedure didn’t find the Next ADI profile.
They’ve fixed the code to allow authentication but missed to allow find Settings profile with the low level log on enabled in SSO Service class.
This can be fixed with additional condition check in SSO Service class where it tries to recognize profile by empty suffix.I’ll post more details after a week, I’m having a holiday now ??
Yes, thats pretty much the problemo ?? Just somehow allow the REMOTE_USER parameter used in SSO authentication process to be without suffix and still have suffixes set up for the actual login.
That should do it, thanks!
Forum: Plugins
In reply to: [APCu Object Cache Backend] Caching on cronHi,
put the if clause (everything up until and including the opening bracket { ) at the beginning of the file, after the php open tag <?php. And then the ending bracket } to the end of the file (before php ending tag ?> if there is one).Basically all the code in the file should be in place of the three dots in my example.
Forum: Plugins
In reply to: [Contact Form 7] [Plugin: Contact Form 7] Spam getting throughYello!
I get spam as well. Text fields are filled with random [a-z][A-Z] and text area has some site related mumbo jumbo. Radio buttons are still in [tag] form in the email, so I believe there is a security breach in the WPCF7. Have to investigate how it is possible to send email without filling out the form ??
Forum: Hacks
In reply to: wp_editor media uploadto jrav001 question and Kaileys challenge:
just tap to the filter in get_upload_iframe_src() function like soadd_filter('_upload_iframe_src', 'filter_media_upload_iframe_src'); function filter_media_upload_iframe_src($src) { $id = $post_id_im_editing_with_the_wp_editor_in_frontend; return add_query_arg(array("post_id" => $id), $src); }The global $post_ID doesn’t get set in the frontend which is normally the source for post_id argument in the upload_iframe_src link ??