Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

There is a small bug in the vanilla plugin for wordpress.

I am using vanilla and wordpress for my site and so far it works as expected but I think I found a bug. When I enable the recent active users which shows a small photo of the recently active users on my footer, the images are pointing to a non existant jpg file. It seems like there is indeed a small photo in where the plugin is looking at, but its looking for the wrong name. Specifically its missing the letter "n" from the jpg file name in the begining. So for example the plugin is trying to load the photo in /forum/uploads/userpics/801/N0L9X51Q00H2.jpg when the actuall photo is named nN0L9X51Q00H2.jpg. So its missing an "n" in the beggining in every photo. I looked around the wordpress plugin and found the widgets php code, but I have no idea how to fix this as I have no idea how the plugin talks to the vanilla forum.

Is there any small modification I could make to make this widget work?

Thanks!

Comments

  • When I look at my forum/uploads/userpics/foldernumber/image name.jpg

    I do see the n in front of the file name, there is also some that have a p in front of the file name or number. I think there might be something that is stripping that from the name.

    It is hard to trouble shoot something that is embedded . Do the images work well in the stand alone forum ?

  • Images work as expected on the forum. Yes I also have some with a p in the front but most of them are just with the n.
    In the widget it shows a dead jpg that, by clicking right click and open image, it link to the non n photo. If I add the letter "n" in the photo name on the link, it loads perfectly. So it looks like the plugin is expecting to find a filename without the letter n, while the forum only generates a jpg with it.

  • edited July 2016

    I am looking at the files that come with the Vanilla For WP plugin I downloaded from the WP site, I assume it's the same you have.

    I looked in the files where the n might be for any reason. I found this in the functions.php

    function vf_user_photo($User, $Url, $CssClass = '') {
        if ($User->Photo == '')
            $User->Photo = vf_combine_paths(array($Url, 'applications/dashboard/design/images/usericon.gif'), '/');
    
        $CssClass = $CssClass == '' ? '' : ' class="'.$CssClass.'"';
        $IsFullPath = strtolower(substr($User->Photo, 0, 7)) == 'http://' || strtolower(substr($User->Photo, 0, 8)) == 'https://';
        $PhotoUrl = ($IsFullPath) ? $User->Photo : vf_combine_paths(array($Url, 'uploads/'.vf_change_basename($User->Photo, 'n%s')), '/'); //this is where the n is stripped I believe
        return '<a href="'.vf_combine_paths(array($Url, '/profile/'.$User->UserID.'/'.urlencode($User->Name)), '/').'"'.$CssClass.' style="display: inline-block; margin: 0 2px 2px 0">'
            .'<img src="'.$PhotoUrl.'" alt="'.urlencode($User->Name).'" style="width: '.$User->IconWidth.'px; height: '.$User->IconWidth.'px; overflow: hidden; display: inline-block;" />'
            .'</a>';
    }
    

    and this

    /** Change the basename part of a filename for a given path.
     *
     * @param string $Path The path to alter.
     * @param string $NewBasename The new basename. A %s will be replaced by the old basename.
     * @return string
     */
    function vf_change_basename($Path, $NewBasename) {
        $NewBasename = str_replace('%s', '$2', $NewBasename);
        $Result = preg_replace('/^(.*\/)?(.*?)(\.[^.]+)$/', '$1'.$NewBasename.'$3', $Path);
        return $Result;
    }
    

    Which to me means that this is where the url gets tampered with , but it is only a guess… I know you are not the first to mention this.

  • Yeah. This is how far I got also. I have no idea how the plugin feches that link to the profile image. I will start messing a bit and trying things. If I get anywhere, I will update.

  • LincLinc Admin

    If you have enough info to instruct someone how to hack their install, you probably have enough info to report the issue on the open source repo.

  • RiverRiver MVP
    edited July 2016

    @Linc said:
    If you have enough info to instruct someone how to hack their install, you probably have enough info to report the issue on the open source repo.

    possibly, but I choose to help out here on this forum, where the question was asked for the following reasons. By doing this the vanilla staff might be more mindful of reading the discussions HERE and perhaps answering questions here, if they choose to. Although this may differ from your mindset and others mindsets, I hope you respect my decision to help people here without being told to post in other places.

    this is a forum to discuss open source issues and perhaps solve user problems and provide answers to help questions. vanillaforums.org.

    Regarding github, it looks like issues on github from 2015
    https://github.com/vanilla/wordpress-vanilla/issues
    are still not resolved and this is a forum question.

    So I figured I would provide help on the forum where the user requested help. Respectfully, feel free to report issue if you desire to and anyone can also do the same anywhere they like. I choose to answer questions here to provide an immediate code change to test out. If any one gleans any information from this discussion, they can do what they choose, whether it be provide a different answer, post a response on wordpress forum, write a review on word press, file a github request, fork a repository, or post to whatever web site they please. I choose to answer questions FROM this forum ON this forum if I feel I have something to say about a question and provide the questioner the most immediate and timely help.

    @Andrew4848 said:
    Is there any small modification I could make to make this widget work?

    I hope I provided a reasonable answer to test.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

  • LincLinc Admin
    edited July 2016

    I frequently get responses from people who tell me about issues that have been around "years" because someone talked about it on the forum and never actually raised it up for the developers to look at formally.

    Suggesting hacks to individuals means the next person who has the problem has to search for a solution, find it here, then hack their install. And rinse and repeat forever and ever.

    One of the most valuable ways you can contribute is to break this cycle by formally reporting an issue with a detailed report on our bug tracker.

    @River said:
    Regarding github, it looks like issues on github from 2015
    https://github.com/vanilla/wordpress-vanilla/issues
    are still not resolved and this is a forum question.

    Here is an open issue from 2013: https://github.com/vanilla/vanilla/issues/1686

    Here is a closed issue from 2 weeks ago: https://github.com/vanilla/vanilla/issues/4144

    So what's the point here? :confounded: We have to finish what's on our plate before you'll report new ones? That's not how anything works.

  • @River I for one am thankful someone so capable is helping out on this forum. It is not often we get people that can impart so much and in such an understandable meticulous way.

    @Linc , it would be really helpful if you added the link to file issues into your signature. It could help those people get filing issues faster. It won't help me , I have not been able to do it correctly :(

  • LincLinc Admin

    @vrijvlinder said:
    It won't help me , I have not been able to do it correctly :(

    https://help.github.com/articles/creating-an-issue/

    There are links to our repo from:

    • The Vanilla download page
    • The sidebar of EVERY page in the Addons section
    • The sidebar of EVERY forum page on this site
    • The Contributing docs section
    • The README that comes with Vanilla

    If someone can't find the link after all that, I don't think my signature is gonna be the thing to fix it.

  • LincLinc Admin

    @Andrew4848 I apologize for the digressions. I've filed an issue to resolve the problem in the WordPress plugin. I hope to have a new version released in late August. The suggestions above won't hurt in the meantime if you cannot wait that long.

Sign In or Register to comment.