INDEX | RULES & INFORMATION | SUPPORT FORUM | DOCUMENTATION | SEARCH | MEMBERS | TWITTER | TERMS


Profile
Personal Photo

No Photo

Options
Custom Title
All your cheese are belong to us
Personal Info
Location: No Information
Born: 25 March 1990
Website: No Information
Interests
No Information
Other Information
Gender: Male
Graphics Gallery: No Information
Skinning Gallery: No Information
Coding Gallery: No Information
Writing Gallery: No Information
Awards Collection: No Information
Statistics
Joined: 09/29/2013
Status: (Offline)
Last Seen: Jul 11 2016, 05:49 PM
Local Time: Dec 17 2017, 11:20 PM
185 posts (0.1 per day)
( 0.90% of total forum posts )
Contact Information
AIM No Information
Yahoo No Information
GTalk No Information
MSN No Information
SKYPE No Information
Unread Message Message: Click here
Unread Message Email: Private
Signature
View Signature

Chakka

Member

Topics
Posts
Comments
Friends
My Content
Apr 1 2014, 05:50 AM
Okay, so currently running up against a minor setback with a project I'm involved with at work and was wondering if anyone here could illuminate why?

Basically, I manage the online presence for several companies, one of which is a new acquisition and already has a significant user base. As such, I've been left in the less-than-ideal scenario of having a website that I'm in charge of maintaining, hosted by another company. By and large, that company is far more competent than our in-house team and generally I'm happy with staying with them (not that I have a choice tongue.gif) but their director has denied my request to be able to use the Wordpress Template Editor.

To be clear, the website uses Wordpress as it's CMS and I'm allowed admin access in order to update most other parts. However, the brand is going in a new direction and we really need flexibility on the front page right now, which the current theme is not great with. Anyway, point is it would everyone's lives easier if I could, but they're worried about security risks of doing so.

Now, I'm aware that people could inject malicious content onto the site from the Template Editor, but as far as I can see the root admin account has that access (it isn't blocked across the board) so allowing me the same access doesn't significantly increase the risk of a blunt-force login hack.

I'm also aware that, certainly in the past, it has been possible to inadvertently break files from incorrect PHP statements that would require the website dev team to fix my mess using FTP (which I won't get, ever, and that's fine) and I can understand trepidation of allowing an unknown third party access.

My question, or tl;dr, is: could I directly compromise their server and other hosted sites by using malicious database queries (or something) from the Template Editor AND could I not as easily infect their network by using the HTML editors on Post edit pages or even injection with an image? Or does the Template Editor pose a significant risk to them and should I concede that they know better tongue.gif

Cheers for any help!
Feb 11 2014, 07:47 PM
Not sure if this is happening on my end or what but whenever I try to go to the following topic it causes the board DOM to collapse and forces everything below the header to disappear tongue.gif

Topic: http://resource.jcink.com/index.php?showtopic=2140
Jan 25 2014, 02:39 PM
Hey, I was wondering if anyone could help me with a tech issue tongue.gif

Basically, I have an old server I used to run a Wordpress based blog/site off of with some friends. The servers been offline for years, due to a licensing issue with the software and then compounded with hardware issues... but I've just managed to get back onto the hard drive so I can pull the files. That's all well and good, however, I can't work out how to actually get the article text (all I really care about) back off the server. Naively, I had assumed that I would just need to copy and paste out the MySQL database into a new version of WordPress or something... but no tongue.gif

So yeah, does anyone have any ideas how to do this? The server cannot go online due to hardware problems so I can't simply open the website and copy and paste them from there. I would like to remove all the files that made the blog and just rehost them somewhere else, ideally, but when I try to do that locally I've found the code has deprecated quite a lot :S And I can't find a way to get WAMP/EasyPHP that has the older version of PHP/Apache etc. for me to test that...

Even if someone knows a way to get a wordpress database to work on a new install, that would be fine wink.gif

Any help here would be greatly appreciated happy.gif

EDIT: Would still like any suggestions on getting the site itself back/viewable on a local host basis but currently have worked out how to re-group all the MySQL stuff into a new database and am going through exporting the useful information tongue.gif
Jan 23 2014, 09:30 AM
So my "Index only Shoutbox" code has had to be rewritten after it was brought to my attention that it no longer worked. The problem is, it does still work, but only on certain skins. Which makes no sense to me laugh.gif

Here's the code (as it was):
CODE
<script>
/* Shoutbox only on Index */

var disc = document.getElementById("navstrip");
var dune = disc.innerHTML.match("<{F_NAV_SEP}>");
var kaboodle = document.getElementsByTagName("div");

if(dune){
for (i=0;i<kaboodle.length;i++)
if(kaboodle[i].className == "tableborder" && kaboodle[i].innerHTML.match(/latest shouts in the shoutbox/i)){
kaboodle[i].style.display="none";

}
}
</script>


The problem with the code seems to be in the variable dune; it can find the navstrip element and understands the Macro placeholder however depending on which special characters comprise the Nav Separator it cannot correctly match the element. So, on my test board, the navstrip is separated by ->, which works fine. On the official Jcink skin, however, the separator is , which does not.
Even more weirdly, the code still correctly fetches , but then doesn't convert it to the HTML &rarr; before displaying (I'm using Chrome), whereas the JS automatically converts it back to raw HTML, seemingly causing the match to return false.

Now it turns out that method was overly complicated and used outdated methods of traversing the forum architecture, so the new code is superior, however the fact this happened at all bugs me and I was wondering if anyone else had any insight as to why different special characters were being treated differently by the JS and the browser, and at what point that occurs? Is it server-side, browser rendering or just a difference in JS and HTML?
Jan 21 2014, 09:50 PM
So as the coding binge continues I've resurrected an old project of mine: collapsible quotes. The code, by default, will collapse all "quote" boxes on your forum and display just the Quote title text (plus date etc. if in time) and then a Show Content button which will cause the actual quoted text to appear as it would now.

It's something boards I used to go to had and it was incredibly useful for nested quotes (you could simply only expand the latest quote, rather than all of them, and not get lost whilst reading tongue.gif) and just keeping discussions neat if quoting became the bulk of a topic smile.gif

That said, I don't quite remember the functionality and I can't find any "live" boards that use it. What I currently have has all the features I've mentioned so far, but the "show content" is not togglable (so once shown you cannot hide again). I'm not sure which way would be better, may just end up including both.

Basically, the point of this topic is: what else should I do with the code? Would it's functionality as it stands be sufficient, should I try and add other features, what would people want? Trying to get some inspiration here tongue.gif

Oh, and I definitely plan on trying to edit the "look" of quotes with this code as default, a little like some codes already on here, just make them a bit more pleasant to look at and easier to skin wink.gif Trying to do that without any more javascript though tongue.gif
Last Visitors


Nov 12 2017, 05:59 PM




Nov 3 2017, 06:22 PM




Oct 12 2017, 02:13 PM



Comments
No comments posted.
Add Comment


Latest Shouts In The Shoutbox -- View The Shoutbox · Rules -