tombyrnes

Paul,

Addendum to ramble. Although I have already deleted it, when I checked the one IP address that was in the blacklist, it resolved to the website itself. Not the user who was accessing it.

Tom

Paul

Love the plugin. I would just like to add what info I have on the IP blacklist issue (You tripped the security plugin defenses a total of 5 times…). The site owner reported the problem to me. I went to check – I was locked out. Everyone was locked out. I did the forceOFF thing, left IP manager enabled but set the threshold down to zero (effectively disabling it). When I look at the blacklist, there is one IP address in it. Not mine, not the owners, but presumably an innocent user in Seattle. So e.g. my IP address is not in there but it reports me as being blacklisted. Seems that once anyone is blacklisted, then everybody is locked out. There is also a likely issue that the one person who was blacklisted should not have been. Sorry about the long story.

Cheers

Tom

Judy

I updated that longish reply of mine… maybe it will help?

Tom

Hi Judy

Thanks for getting back to me. I am probably at the end of the line with any help I can offer as I forked away from the main plugin a few years ago (i.e. I hacked it about for my own purposes – though this part is still as it was). When mine was not working, the gallery maintenance under admin was still working i.e. you could keep an image for each gallery entry. Is that so for you?

I’ll download the current plugin code and have a poke around – no promises. Also, the solution I offered is just a quick and dirty to get going again. The post above re using shortcode API rather than “rolling your own” is right on the money. That is the root of the problem and that is why we were getting back the video’s ID (just a number) but wrapped in single quotes, but the quotes were using that HTML (? or one of them) encoding which output them as & # 8127 ; etc etc. And the security patch thinks this may be someone being tricky and injecting something bad …. something like that.

Sorry, I get carried away.

Cheers

Tom

I checked out the latest code and the only other place that pops out is where it does something similar to show a gallery, rather than an individual video

function CVGVideo_Gallery($matches){
	  global $post, $wpdb;
	  $output = '';
	  preg_match_all('/([\.\w]*)=(.*?) /i', $matches[1], $attributes);
	$arguments = array();

	$arguments = CoolVideoGallery::splitargs($matches[1]);
	$gallery_id = $arguments['galleryId'];

If this is where you are having problems, then following that last line above insert 2 lines to do the str_replace as suggested but on $gallery_id i.e. add 2 lines that look like (with no spaces inside quotes):

$gallery_id = str_replace('& # 8217 ; ', '', $gallery_id);
  $gallery_id = str_replace('& # 8242 ; ', '', $gallery_id);

Hi Mark

Thanks for sticking at it! Now that change definitely did it for me. As I mentioned there are 2 further places in that php file where find_video is called. I suggest you search for find_video and replace those 2 lines as below, with the 4 lines of $numb code – but definitely no spaces inside the quotes.

$videoDetails = videoDB::find_video($arguments["videoId"]);

I note also that the author has used double quotes in these latter 2 cases for videoId – don’t believe that is significant in this case. (I can never remember which quote is which – one evaluates stuff inside it and one doesn’t).

So that code should end up like ( backticks didnt work for me), with xxx and yyy sub’ed as above.:

//original $video_details = videoDB::find_video($arguments['videoId']);
    $numb = $arguments['videoId'] ;
    $numb = str_replace('xxx', '', $numb);
    $numb = str_replace('yyy', '', $numb);
    $video_details = videoDB::find_video( $numb );

Cheers

I didn’t type in the & # 8217 ; as it got interpreted as a single quote character – which is what it is. (Maybe I should have used backticks?)

You did put the trailing semi-colon at the end of the string?

Your answer does not include it, and the fact that it hasn’t been converted to a single quote character implies that maybe this is the problem.

So the lines should look like this without any spaces inside the quotes:

$numb = str_replace(‘& # 8217 ;’, ”, $numb);
$numb = str_replace(‘& # 8242 ;’, ”, $numb);

There are also two other places below this where it uses similar logic. They didn’t need to be changed for me, but maybe yours do.

I’m using something I forked from CVG a while back but that part of the code is still the same it appears. Here is a quick and dirty solution that corrected the problem for me. YMMV.

Open the cool-video-gallery.php in the cool-video-gallery directory.

Find the line:
function CVGVideo_Render($matches){

Scroll down a few lines and replace this line:
$video_details = videoDB::find_video($arguments[‘videoId’]);

With these lines:
$numb = $arguments[‘videoId’] ;
$numb = str_replace(‘xxx’, ”, $numb);
$numb = str_replace(‘yyy’, ”, $numb);
$video_details = videoDB::find_video( $numb );

where xxx = the ampersand character(&), followed by the hash character(#), followed by 8217; (no spaces)

where yyy = the ampersand character(&), followed by the hash character(#), followed by 8242; (no spaces)

Good luck!
Tom B

see adjacent post from theresa95

Theresa95

Forgot to mention also that you should amend the function httpprefix, else any URLs with upper case in them won’t work. Replace that function with something like:
function httpprefix($httpurl) {
$httpurl_low = strtolower($httpurl);
if(substr($httpurl_low,0,4) == “http”) {
$fullurl = $httpurl;
} else {
$fullurl = “https://”.$httpurl;
}
return $fullurl;
}
Cheers
Tom

Theresa95

Had same problem.

Replace this code (line 793 approx):
if(isset($event[‘event_loc’]) && isset($event[‘event_loc_url’])) {

with this:
if(isset($event[‘event_loc’]) && trim($event[‘event_loc_url’]) != ” ) {

Cheers
Tom

Ravan

Taking out that coolclock fixed the first time/JS problem on both XP/IE8 machines, and also corrected the rendering problem on Win7 64bit / IE9 32 bit. So all looks good and stable with embeds.

Cheers

Tom

Hi Ravan

Basically it worked quite well. I could re-open the same PDF under IE repeatedly with no problems. It worked across my 4 PCs under IE9 and Ie8, FF, Chrome and Safari. (Win 7 64-bit, Win 7 32-bit and 2 XP SP3 machines, one of which has acrobat 9 installed and the other acrobat XI – the Win 7 machines have XI installed). The display of the page was “off-centre” in Chrome but that just seems to be Chrome.

I also noticed that the rendering of the page was faulty on IE9 32-bit on the Win 7 64-bit PC – I’ve emailed you an image – basically some letters were just missing from the Todd Moore title – weird.

(I have experienced similar wirdness with IE9 on win7 64-bit when playing youtube videos using the fancybox 2.1.3 – the video is hidden behind the white background of the popup. With some extra CSS applied to that skin it then works OK).

The other minor – and repeatable – problem I had was on the 2 XP machines. If one opened IE and plugged in that address, the first time it would take you to a full acrobat page – ie no popup. If you cleared the cache and closed and reopened IE the same thing would happen. Subsequent clicks of method 1 worked fine. And when it pulled the page down the very first time (or after clearing the cache), it would show a JS error on line 33 char 1623 in coolclock.min.js. Thereafter error disappeared and it worked fine. But if that error came up (as it did on iniial load), then popup would not fire.

Trust this is helpful.

Cheers

Tom

Hi Ravan

Sorry I probably destroyed that test page link due to other changes I was making. (I thought you were in a way different time zone and wouldn’t get to it so soon). It’s now looking better – but you seemed to have worked it out.

Yes, I found that going from object to embed was the big difference. I’ll check out sandbox link, and report back. (I did try downloading the development version about a week or so back and couldn’t get it to fire the popup – kept opening up the PDF in the same page or another tab. Usually this seems to mean that there is some syntactic problem with the embedded javascript. Anyway, it’s probably changed.)

I’ll report back.

Hi Ravan

Firstly thanks for replying. I was tearing my hair out with this.
Secondly, I did click on your donate link but it was all in French and I freaked out. But I’d be happy to kick some money in – your plugin has been most helpful. Let me know if you have an easier donate link.

On the PDF front, I look the liberty of adapting your plugin – well butchering it more likely – and I was able to finally get it working in a stable manner across IE, FF, Safari and Chrome in a number of OS environments. See the page from a test site below. I went to Fanybox 2.1.3 to do this. I think the code will show everything you need to know. (I didn’t use your option structure yet as it was necessarily complex and my needs were quite specific).

https://modedion.cairohouse.net/my-back-pages/

I did try using Google Docs to get around acrobat but found it unsatisfactory as it essentially converts the PDF into an image which rather defeats the whole purpose. And acrobat seems, so far, to not be an issue with this approach.

Thanks again.

A possibly even easier way is cool video gallery – this uses fancybox as well. But you just plug in the ID of the video and the CVG plugin retrieves the still image for you (and the description of the clip which it puts into the link’s title atribute). I have a test example here (I did modify the CVG plugin slightly to output that youtube description as text rather than insert in the title)

https://modedion.cairohouse.net/makeup-university/video-gallery/