by axew3 » Sun Dec 22, 2019 9:47 am
NOTE: SINCE 2.0.1 > if done via plugin admin option, (released few hours after the date of this post).
If you proceed manually editing/patching the page-forum.php (or whatever you named it) as explained here below, you can apply this patch immediately also into any previous version, since this patch affect/applied only the page-forum.php.
The template WordPress
page-forum.php (or whatever you named it) that embed phpBB iframe has been patched to fix a security issue (even it in true never affected anyone that i know).
To fix this, after plugin's update to 2.0.1, you can rebuild
page-forum.php (or whatever you named it) into plugin's admin option:
Create or rebuild WordPress forum page template
OR if are using a modified custom version, and you want manually update to fix this, or by the way you'll like to do it manually, open with text editor the file
page-forum.php (or whatever you named it) into your active template folder, and search for this line:
Code: Select all
} else {
$document_domain = 'localhost';
}
Code: Select all
// seem that http://www.mysite.com or http://mysite.com isn't recognized as same, so add both into array
$w3all_orig = strpos($w3all_url_to_cms,'https') !== false ? 'https://'. $document_domain : 'http://' . $document_domain;
$w3all_orig_www = strpos($w3all_url_to_cms,'https') !== false ? 'https://www.'. $document_domain : 'http://www.' . $document_domain;
then search for this line:
immediately BEFORE add the follow:
Code: Select all
// array() of allowed domains
var w3all_orig_domains = ['".$w3all_orig."','".$w3all_orig_www."','https://localhost','http://localhost'];
Code: Select all
iFrameResize({
log : false,
inPageLinks : true,
targetOrigin: '".$w3all_url_to_cms."',
checkOrigin : '".$document_domain."', // if js error: 'Failed to execute 'postMessage' on 'DOMWindow': The target origin provided does not match the recipient window's origin. Need to fit YOUR domain, ex: mydomain.com
// heightCalculationMethod: 'documentElementOffset', // If iframe not resize correctly, un-comment (or change with one of others available resize methods)
// see: https://github.com/davidjbradshaw/iframe-resizer#heightcalculationmethod
Code: Select all
iFrameResize({
log : false,
inPageLinks : true,
targetOrigin: '".home_url()."',
checkOrigin : w3all_orig_domains,
// heightCalculationMethod: 'documentElementOffset', // If iframe not resize correctly, un-comment (or change with one of others available resize methods)
// see: https://github.com/davidjbradshaw/iframe-resizer#heightcalculationmethod
Done.
[size=120]NOTE: SINCE 2.0.1 >[/size] if done via plugin admin option, (released few hours after the date of this post).
[size=120]If you proceed [b]manually editing/patching[/b] the [i]page-forum.php[/i] (or whatever you named it) as explained here below, [b]you can apply this patch immediately also into any previous version, since this patch affect/applied only the [i]page-forum.php[/i].[/b] [/size]
The template WordPress [i][b]page-forum.php[/b][/i] (or whatever you named it) that embed phpBB iframe has been patched to fix a security issue (even it in true never affected anyone that i know).
To fix this, after plugin's update to 2.0.1, you can rebuild [b][i]page-forum.php[/i][/b] (or whatever you named it) into plugin's admin option:
[b][i]Create or rebuild WordPress forum page template[/i][/b]
OR if are using a modified custom version, and you want manually update to fix this, or by the way you'll like to do it manually, open with text editor the file [b][i]page-forum.php[/i][/b] (or whatever you named it) into your active template folder, and search for this line:
[code]} else {
$document_domain = 'localhost';
}[/code]
[b]just AFTER, add the follow:[/b]
[code]// seem that http://www.mysite.com or http://mysite.com isn't recognized as same, so add both into array
$w3all_orig = strpos($w3all_url_to_cms,'https') !== false ? 'https://'. $document_domain : 'http://' . $document_domain;
$w3all_orig_www = strpos($w3all_url_to_cms,'https') !== false ? 'https://www.'. $document_domain : 'http://www.' . $document_domain;[/code]
then search for this line:
[code]iFrameResize({[/code]
[b]immediately BEFORE add the follow:[/b]
[code] // array() of allowed domains
var w3all_orig_domains = ['".$w3all_orig."','".$w3all_orig_www."','https://localhost','http://localhost'];[/code]
[b]then look for the code:[/b]
[code] iFrameResize({
log : false,
inPageLinks : true,
targetOrigin: '".$w3all_url_to_cms."',
checkOrigin : '".$document_domain."', // if js error: 'Failed to execute 'postMessage' on 'DOMWindow': The target origin provided does not match the recipient window's origin. Need to fit YOUR domain, ex: mydomain.com
// heightCalculationMethod: 'documentElementOffset', // If iframe not resize correctly, un-comment (or change with one of others available resize methods)
// see: https://github.com/davidjbradshaw/iframe-resizer#heightcalculationmethod
[/code]
[b]change with this code:[/b]
[code] iFrameResize({
log : false,
inPageLinks : true,
targetOrigin: '".home_url()."',
checkOrigin : w3all_orig_domains,
// heightCalculationMethod: 'documentElementOffset', // If iframe not resize correctly, un-comment (or change with one of others available resize methods)
// see: https://github.com/davidjbradshaw/iframe-resizer#heightcalculationmethod
[/code]
Done.