Zenphoto
The simpler media website CMS
ZenphotoThe simpler media website CMS
Forum search only. You might also want to search on the main site's user guide.
Your support helps pay for this server, and helps development of zenphoto. Thank you!
Visit the donations page
Comments
The plugin really could use a rework as it uses a lot of db queries to get stuff that most likely don't take care of the proper publish or protection states. I am really not able to really take this over for maintenance but maybe it is a quick fix for now.
Nevermind, maybe I downgrade zenphoto to old version at this moment, until you or plugin developer have time to fix it.
Thanks again for your effort.
Things will get much easier with these plans so it might not even be worth the work and time:
https://github.com/zenphoto/zenphoto/issues/340
https://github.com/zenphoto/zenphoto/issues/341
I don't want to switch to other photo gallery just for better WordPress integration.
Can't you try some RSS shortcode plugins (I am sure something like that exits, everything does) to use the rss feed for a workaround maybe?
Of course zenphotopress could be rewritten but that is a major task. Given that I am for example not familiar with it at all that would take quite some time I am not willing to invest right now.
Once we have the plugins the tickets are linked outside plugins like zenphotopress should be easier and saver to do. Still someone has to do them.
I understand the thinking behind the "security guard" but if links are coming in from the same domain, don't you think they should bypass the security checks?
I like Zenphoto for managing photos, but prefer to use Wordpress for the cms portion of the site.
Furthermore, I see that if I include the check code but provide a w the image fails to cache. It only works with s.
Edit: I can help rewrite zenphotopress (or provide a link to a modified one, I'm not the dev for zenphotopress) if needed, but I still think that same domain requests should bypass the checks.
Find line 159 in i.php
`
if ($forbidden) {
imageError('403 Forbidden', gettext("Forbidden(2)"));
}
`
and comment it out.
`
/*if ($forbidden) {
imageError('403 Forbidden', gettext("Forbidden(2)"));
}*/
`
Wouldn't it have been easier to just disable the security option?
It was changed on Zenphoto's end because you technically could have flooeded a Zenphoto site with especially image processor requests otherwise. That could block a server completely and if you are on shared hosting (what most of our users probably are) you get some trouble for others and with your host as well.
You probably should open a ticket for this dicussion. Generally the coming 1.4.6 release is in feature freeze. So our chief developer would have to decide any change.
You can and should now use the various RSS feeds to access Zenphoto things from the outside. RSS feeds have some parameters as well. 1.4.6 will also have a special feed plugin named externalFeed that can "register" sites and is sometime probably to be extended to a kind of API. You can preview that on the 1.4.6 branch on GitHub.
Zenphotopress' developer somewhere mentioned on http://www.zenphoto.org/support/topic.php?id=37589 that he has no time to work on it anymore so he probably would welcome someone taking over. So best try to contact him to make that officially.
Surely you do not believe everything a browser tells you. Domains (and ip addresses) are easily forged. If someone whats to target your site these will be minor inconveniences to get around. Besides which, it is not the domain of your WP site that gets passed, it is the visitor's credentials.
The 1.4.6 release has a new plugin for just such a situation. It allows other sites to request Zenphoto objects. Of course it will take some coding. Surely you do not think the code is so simplistic that it does not consider the request but would work on anything. What then would prevent the attacker from just including that code on his huge image requests?
I tried the security option, but for some reason it still didn't work? Maybe I didn't refresh enough.
Anyways, when I tried to insert an image tonight using Zenphotopress, something was still awry, so I'm posting my fix here for anyone who cares.
zenphoto_bridge.php
Line 68 or thereabouts. Change the if/else statement to this:
`
// Fallback for old configuration file
if (file_exists($zp_data_path.'/zp-config.php')) {
require_once($zp_data_path.'/zp-config.php');
} else if (file_exists($zp_data_path.'/zenphoto.cfg')) {
eval(file_get_contents($zp_data_path.'/zenphoto.cfg'));
} else if (file_exists($zp_data_path.'/zenphoto.cfg.php')) {
require_once($zp_data_path.'/zenphoto.cfg.php');
} else {
ZenphotoBridge::error('Cannot read Zenphoto configuration file ' . $zp_data_path);
return;
}
`
This part is the added code to work with the new zenphoto configuration file name.
`
else if (file_exists($zp_data_path.'/zenphoto.cfg.php')) {
require_once($zp_data_path.'/zenphoto.cfg.php');
`
I'm sorry if I offended you. The code obviously isn't simplistic. I was hoping for a simple workaround without thinking through the logic (I'm sick so my brain is a little foggy right now).
I appreciate your tool, and I have been using it for at least 7 years. Thank you for a great product.
No worries, no offence taken. I just tried to explain why we have no priorities on having ZP working with other CMS. As volunteers we just need to set priorities as there is sadly not endless time for all. If I had endless time there would be a lot I would like ZP to be able to :-) For example a shortcode plugin using the rss feeds to embed images or albums is one idea. But well…
I would suggest to contact simbul and maybe indeed take this over (on GitHub or elsewhere). It is always good if somene does who actually uses/needs it himself.