Home Forums Weaver Xtreme Theme Weaver Xtreme Theme Support Update

Viewing 14 posts - 17 through 30 (of 30 total)
  • Author
    Posts
  • #72022
    Ned
    Participant

    I have installed 6.2.5 and verified the fix.

    Thank you, @weaver, @scrambler, @hkp for your quick, detailed and helpful responses.

     

    #72033
    Gillian
    Moderator

    I am having a problem with the [box] shortcode and the [tab] shortcode on my sites.  This is an example page showing both issues:

    Community Information Sessions

     

    #72035
    User
    Moderator

    @Gillian

    I believe the issue has now been fixed.

    Please update to the latest version of the Xtreme Theme support plugin (6.2.5)

    If not, please kindly provide of a sample of the problem code.

    #72044
    Gillian
    Moderator

    @user

    Thanks for your answer.  I’m already running 6.2.5 (checked that before I posted).  The page I linked to in my earlier post contains samples of the problems.

    #72045
    scrambler
    Moderator

    Can you give us the exact syntax you are using.


    @weaver
    may have overlooked some of the issue he had identified on these specific shortcodes

    #72046
    Gillian
    Moderator

    @scrambler

    Thanks for your reply.

    The box syntax is:

    [box background='rgb(23, 13, 117)' align=center border=true border_radius=10 color=#fff margin=1 padding=1 shadow=1 width=80]TEXT[/box]

    and the tab_group syntax is:

    [tab_group border_color=black tab_bg=#0039A6 tab_selected_color=#FF6600]TWO TABS DEFINED[/tab_group]

    Hope this helps.

    #72048
    scrambler
    Moderator

    The bug that @weaver though he fixed for all shortcodes affects option filtering.

    In the case of the box shortcode, it appears to stumble on the color code as if I replace the rgb(x,x,x) by the hex code, it works

    [box background=#8a8075 align=center border=true border_radius=10 color=#fff margin=1 padding=1 shadow=1 width=80]TEXT [/box]

    For the Tab shortcode, there is no fix except removing all the options until @weaver has a go at it

    #72049
    Gillian
    Moderator

    Many thanks, @scrambler 🙂

    The box shortcode is now working.

    I’ve removed the tab shortcode options pending further advice.

    I have a seemingly related issue on the linked page, on the second tab (Completed Community Information Sessions).  I say seemingly because although the script that is showing doesn’t mention weaver, this section didn’t have an issue before the recent Theme Support upgrade.  Perhaps a fix to the tab shortcode will also resolve this issue,

     

    #72050
    scrambler
    Moderator

    It looks like you have javascript in the content on the second Tab below

    Community Information Sessions – Polio Australia


    @weaver
    will have to confirm, but that may no longer be possible

    #72051
    Gillian
    Moderator

    Ooh, that’s a bummer if so 🙁

    #72052
    Weaver
    Keymaster

    I won’t be available to look into this until about the 15th.

    Unfortunately, the WP guys have indicated it is necessary to validate the option content, and some flexibility may be lost. We’ll see.

    #72118
    Gillian
    Moderator

    @weaver

    Just wondering if you have had a chance to look at the [grouptab] issue yet.

    I seem to have two (related?) issues.  On this page, for example:

    Donations and Bequests

    the tabs work, but the weaver CSS to style the tabs is displayed on the page, resulting in some incorrect colours (eg background of the non-active tab).

    On this second page:

    Community Information Sessions

    the CSS isn’t displayed on the page, but the inactive tab background colour is nevertheless incorrect.

    On the “Completed …” tab on this page, the javascript is displayed (this is what I alerted you to in my earlier post).

     

    #72161
    Gillian
    Moderator

    Many thanks for the fix/es @weaver – all good now.

    #72162
    Weaver
    Keymaster

    This has been a challenge. Apparently WordPress has a new-ish group scanning many (if not most) plugins for undetected security issues, and they found some issues with Weaver Xtreme Support. Turns out implementing shortcodes is not overly easy to make secure since users can fairly easily add what are called XSS payloads. These should all be secure now. Fortunately, these security holes apply only to site users who can add content – such as Contributors.

    I probably should make it impossible for Contributors to actually use any of the shortcodes supported by the theme support plugin, but for now I’m trying to get the final release of Weaver Xtreme 6.2 out.

Viewing 14 posts - 17 through 30 (of 30 total)
  • You must be logged in to reply to this topic.