Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Permissions problem w/plugin
#1
So I have a small problem, specifically with Chris' GS Socialize plugin, in the way that the socialize icons won't show up. When I check the Activity window, it tells me that the reason I'm not seeing the icons is that they're "forbidden". Or the folder is. I guess there's something wrong with my setup but I can't really tell what it is.

First try, I simply dropped the GS Socialize folder in the Plugins folder. Plugin wasn't recognized at all in the plugins list.
Second try, moved the contents of the GS Socialize folder out of it to the parent (plugins) folder. Now the plugin gets recognized and things show up on the page, but no icons, just the "missing image" image.

Permissions for the plugins folder is 755. Same for the socialize icons folder. I've tested with changing permissions on both folders to 777 but that makes no difference.

GS version is 2.01, plugin version should be the latest one (it was downloaded like, yesterday). Server is local, MAMP, on Mac OS X 10.6.2

Help? Thank ye'.

PS. I've had permissions issues before, with the data/uploads/ folder but that's workaroundable so I haven't given it much thought before now.
There's nothing more foolish than a man chasing his hat.
Reply
#2
My guess.. is that you are running into a problem that must plugins are suffering since the introduction of an .htaccess file in the plugins directory. Delete/Rename this file as a temporary solution, and I'm pretty sure this will fix your problem.

I mentioned this yesterday. The .htaccess file should whitelist CSS, JS, and images files, instead of denying all.
- Julian

My GetSimple Plugins: Simple Image Gallery | TweetMeme reTweet Button
Reply
#3
Thanks Julian, fixing the .htaccess took care of it. I agree that the .htaccess -at least in some folders- should be more finely tuned, or not be present at all (what's it doing in the plugins folder anyway? security reasons I suppose).
There's nothing more foolish than a man chasing his hat.
Reply
#4
It’s in the plugin folder as the first plugins that were developed did not come with any extra files—just a PHP file. As this PHP file should never be loaded directly, but always read and included by the core, it was logical to throw a Deny All in the folder.

I agree that with the plugins as they’re currently developed this is already outdated. Do keep in mind though that the plugin structure is still very new so everything is open for debate and change. Let’s think about what files we should allow then:
  • .png
  • .jpg
  • .gif
  • .css
  • .js
Anything else?
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#5
@FredK - No problem, glad I was able to help!

@Zegnåt - Yes I understand why it was in place, and as we develop new plugins and find new clever ways to make them better we need to improve and voice our suggestions so that they can be included in future iterations. Thanks to you guys, GetSimple already kicks ass, and I hope to contribute in any way possible.

As far as what files should be allowed your list looks fine, I would also add:
- .jpeg

can't think of anything else as of now..
- Julian

My GetSimple Plugins: Simple Image Gallery | TweetMeme reTweet Button
Reply
#6
What about php files in subdirs of the plugins folder?
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply
#7
Those should not be affected, unless you are trying to call it directly (from a link) and executing it as a standalone script. If that is the case then we can allow all file types inside sub directories in the plugins folder. no>?

internet54 Wrote:What about php files in subdirs of the plugins folder?
- Julian

My GetSimple Plugins: Simple Image Gallery | TweetMeme reTweet Button
Reply
#8
I actually think you should try not to point people directly at PHP files in the plugin folder. First of all, the URL of the file will look of to them (it breaks out of all your other nicer URLs) and it potentially shows the structure of your plugin folders. The latter shouldn’t be any real concern, but still I have trouble seeing a good reason for this.

Or am I missing some vital reason for needing access to HTML/PHP files in the plugin directory?
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#9
I don't see an immediate reason.. you can always php include your html/php files.

Like you mentioned, pointing users directly to PHP/HTML files will cause miss interpretation to the user and will in most cases break the flow of design, unless you hard include your template or the Admin section template elements, wich doesnt sound right. So I agree with you, I don't see the need for them.

Zegnåt Wrote:I actually think you should try not to point people directly at PHP files in the plugin folder. First of all, the URL of the file will look of to them (it breaks out of all your other nicer URLs) and it potentially shows the structure of your plugin folders. The latter shouldn’t be any real concern, but still I have trouble seeing a good reason for this.

Or am I missing some vital reason for needing access to HTML/PHP files in the plugin directory?
- Julian

My GetSimple Plugins: Simple Image Gallery | TweetMeme reTweet Button
Reply
#10
OK, then if we have myplugin.php and /myplugin/ as a folder, then why shouldn't we keep all our plugins files in that folder?
I've already seen other plugins that create directories here and there. That's all fine and dandy, but if GS is supposed to be simple, then why would the uninstall of a particular plugin involve more than 2 steps?

I don't want to have a gallery plugin that installs a folder in /data/uploads/ and then also have to change my template and then remove the folder in the plugins dir. It doesn't make sense. I don't see why I would need to move a php file that directly relates to my plugin out of the plugins specific folder.

Eventually people will have 10 plugins installed and it will make a huge mess for GS upgrades and plugin removals.
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply
#11
Just speaking for myself, I agree with God's view here Wink - the idea that plugins put stuff in other places outside of the plugins folder (or even outside of their own parent folder) seems awkward. It's all about housekeeping really. To keep it simple, a plugin and all its companion files should be found in the plugins folder. If a plugin requires more than one file to function properly, then the plugin ought to be contained within its own folder (plugins/the-plugin/the-plugin-contents). Similar to Mint's Peppers, which generally are contained in a folder of their own (mint/peppers/me/my-pepper/my-pepper-files).
But as I said, that's just my take on it. 8)
There's nothing more foolish than a man chasing his hat.
Reply
#12
I fully agree. I just wonder where PHP files come in to play, as I feel like these should always be included somewhere within the actual GetSimple site and never viewed by themselves. You should have them in your own plugin folder, but you should not have to link to them as I think best practise would be including these files in other GS pages. Or am I completely in the dark here?
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#13
I agree with Internet54 in the sense that plugins files should be contained in a plugin folder. But I also agree with Zegnåt, in that I don't see why would you need to execute directly PHP/HTML files in your plugin directory. We are talking about the .htaccess file and what that really does, it is blocking outside users from calling the files directly. But you can definitely contain all your php includes, settings files, uploaded images, css, js files in your own plugin folder, this way uninstalling means you only need to remove the plugin file and it's folder.

That being said, I'm responsible for creating setting files for my plugins in other places, but now that we are having this discussion, I will go back and try to fix this ASAP, since it makes perfect sense!! This should be a standard in all plugins.

Also I think we should start thinking in ways that we can install/uninstall plugins from the admin side, also the ability of activate/deactivate plugins.
- Julian

My GetSimple Plugins: Simple Image Gallery | TweetMeme reTweet Button
Reply
#14
Example: Link Clicking script.

Maybe I want to install link clicking script that counts how many times a link has been clicked, and then redirect the user to the appropriate page. I would make all my links point to plugins/pluginname/clicked.php so that it would process the click and redirect.

Also, maybe I want to provide client view access to the clicks. I create plugins/pluginname/login.php so the user can see the clicks, keeping it completely separate from the admin panel since I don't want to give access to that.

Yes, we can create plugins all day that create new files whereever we want, but when it's time to clean up I don't want to follow a set of uninstall instructions that complicate the removal process.

I personally don't see the security risk of the plugins folder when you can code the plugin to deny non localhost access.
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply
#15
Wait… wouldn’t you be able to allow certain files in your plugin folders by overwriting the .htaccess? (Yeah, this just hit me.)
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#16
Zegnåt Wrote:Wait… wouldn’t you be able to allow certain files in your plugin folders by overwriting the .htaccess? (Yeah, this just hit me.)

HAHA.. that is true!!!! Why didn't I think of that. You can include your own .htaccess in the plugin subfolder!
Zegnåt you are a genius.. Tongue

I think something really good came out of this discussion. Smile
- Julian

My GetSimple Plugins: Simple Image Gallery | TweetMeme reTweet Button
Reply
#17
Still, I think we could whitelist certain extensions like CSS and JS files as I can see the need of those. PHP files should be allowed on a per file basis I think. This is just my opinion, most actual decisions left to Chris.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply




Users browsing this thread: 1 Guest(s)