Page 1 of 1

Manually or auto fix page-forum.php

Posted: Sun Dec 22, 2019 9:47 am
by axew3
NOTE: SINCE 2.0.1 > if done via plugin admin option, (released few hours after the date of this post).

If you proceed manually editing/patching the page-forum.php (or whatever you named it) as explained here below, you can apply this patch immediately also into any previous version, since this patch affect/applied only the page-forum.php.

The template WordPress page-forum.php (or whatever you named it) that embed phpBB iframe has been patched to fix a security issue (even it in true never affected anyone that i know).

To fix this, after plugin's update to 2.0.1, you can rebuild page-forum.php (or whatever you named it) into plugin's admin option:
Create or rebuild WordPress forum page template

OR if are using a modified custom version, and you want manually update to fix this, or by the way you'll like to do it manually, open with text editor the file page-forum.php (or whatever you named it) into your active template folder, and search for this line:

Code: Select all

} else {
	$document_domain = 'localhost';
}
just AFTER, add the follow:

Code: Select all

// seem that http://www.mysite.com or http://mysite.com isn't recognized as same, so add both into array
$w3all_orig = strpos($w3all_url_to_cms,'https') !== false ? 'https://'. $document_domain : 'http://' . $document_domain;
$w3all_orig_www = strpos($w3all_url_to_cms,'https') !== false ? 'https://www.'. $document_domain : 'http://www.' . $document_domain;
then search for this line:

Code: Select all

iFrameResize({
immediately BEFORE add the follow:

Code: Select all

  // array() of allowed domains
    var w3all_orig_domains = ['".$w3all_orig."','".$w3all_orig_www."','https://localhost','http://localhost'];

then look for the code:

Code: Select all

   iFrameResize({
				log                     : false,
				inPageLinks             : true,
        targetOrigin: '".$w3all_url_to_cms."', 
        checkOrigin : '".$document_domain."', // if js error: 'Failed to execute 'postMessage' on 'DOMWindow': The target origin provided does not match the recipient window's origin. Need to fit YOUR domain, ex: mydomain.com
     // heightCalculationMethod: 'documentElementOffset', // If iframe not resize correctly, un-comment (or change with one of others available resize methods) 
     // see: https://github.com/davidjbradshaw/iframe-resizer#heightcalculationmethod
change with this code:

Code: Select all

    iFrameResize({
				log         : false,
				inPageLinks : true,
        targetOrigin: '".home_url()."', 
        checkOrigin : w3all_orig_domains, 
     // heightCalculationMethod: 'documentElementOffset', // If iframe not resize correctly, un-comment (or change with one of others available resize methods) 
     // see: https://github.com/davidjbradshaw/iframe-resizer#heightcalculationmethod
       
Done.