John Peden

I’ve just exported the posts/comments xml. No trace of anything remotely malicious in there. Searched for <iframe, display:, and <noscript. Iframes all check out (a handful of video embeds). Display: all check out, all inline styles for images. <noscript was not found.

The file is still about 20000 lines long, so there is no way I’m going through it line-by-line.

Anything else that could be malicious? I know I’m taking a risk here but surely everything has been ruled out?

I’ve been looking at the XML export file though. Would the best way to handle this to go through it line-by-line or just copy and paste 240 post and 300 comments?

Did you figure this out Scott? I’m using NomNom theme and want it to default to one of the non-Twenty Eleven schemes.

So, ‘Awaiting Moderation’ is a link that simply returns to the dashboard when clicked.

From the dashboard, admins are told that there are a number of blogs ready for activation and can click on then name of a site to activate it but the whole process seems a little confusing.

Ideally, I’d like the user to be able to activate/deactivate sites like they would a plugin from the Sites menu and this doesn’t seem possible.

Assuming that the plugin isn’t operating quite right, I might just modify some of the existing code to try and make it a little more obvious for my users.

That would seem like the obvious thing to do but for some reason, awaiting moderation is not a link and clicking it does nothing. Let me check the markup to see if the plugin is generating a link but my server (which cannot make outbound HTTP requests) is not loading it properly. This has been an issue elsewhere on the same server so could be the root cause of this prob.

This worked a treat! You sir, are an adel mensch!

1. Not sure exactly which domains are being requested. Would I be able to find out by using something like Firebug?
2. Surely by setting these domains to localhost, they will just return null?

The hostname is a single (albeit hypenated) word.

Weirdly I’m running an identical setup on the same server that doesn’t throw up the same error. The only difference is the installation folder:

%hostname%/virtual-doc/ = error
%hostname%/abroad/ = no error

FPD is full path disclosure which I’m trying to avoid if possible as it gives a potential hacker an idea of your file structure and services your might be running. In this case, so long as the user is logged out I’ve setup the site to display a ‘members-only’ page which does the job.

As you say, hopefully it won’t happen once we migrate to the live sub-domain.

Hi Donncha,

The sites are still in development and the server is inaccessible to the World at the moment so I don’t want to turn of PHP errors just yet.

Additionally, I’d read that turning them off just hides them so anyone who was interested would still be able to see the FPD (in this case). Your thoughts?

The complete URL of the site is https://%linux_server_hostname%/virtual-doc/ so as you’re saying it does seem odd that $blogcacheid is reportedly too short. With that in mind, I think the real error lies a few lines earlier where $blogcacheid is defined.

Aha! I had tried this:
This did not work

if (!is_object($bp->database_version)) {
    $bp->database_version = new stdClass;
}
if ( !$bp->database_version = get_site_option( 'bp-db-version' ) ) {

This fixed everything!

if (!is_object($bp)) {
	$bp = new stdClass;
}
if ( !$bp->database_version = get_site_option( 'bp-db-version' ) ) {

Thanks dude!

Nope. No luck. The line that seems to be causing the problem is line 71 on bp-loader.php:

if ( !$bp->database_version = get_site_option( 'bp-db-version' ) ) {

Thanks for the reply, I’m just about to try it.

I can’t run PHP 5.3 as I’m also running a Moodle installation on this server (the latest version of) which requires 5.4.

Thinking about it Takayuki,

I could create a generic form and call if on each event page. Then using the markup you suggested, I can load in the event (as it will by the post name).

Brilliant!

Thanks for the reply, that is certainly a start! Would it be possible to do something like this:

Event page -> Training registration page

With the slug of the event page being passed into the training registration page?

Been a member for over a year.

I’ve tried to add a new plugin to the database but have no idea of its status (I think it might have been rejected) but due to my email not being updated I’ve not recieved any news as to why it might have been.

I’ll try logging in and out.