Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.

Experiences with CSS and a table style

Whilst working on presenting a sample table style for our Issue Tracker component one particular colour combination was creating a few problems. The main problem was the colour of the links in the table header.  These would be used to sort the list and due to the choice of colour scheme the link colours were taking the settings from an earlier (in the tree)  DIV style.

This resulted in us temporarily shelving the table style until such time as we had to investigate further.  With the release of 1.3 of Issue Tracker we have now turned our attention back to the style sheet. The investigation was interesting and it is likely that others might benefit from our experiences hence the decision to make it a Blog post.

The resolution was to make use of the  !important declaration which been around since CSS1 but should still be used with caution.

Continue reading

Detected intrusion attempts

We have detected an unusual (for us) sudden spate of web attacks on our site by hackers which we thought we would share with the community.

These attacks have taken a different route to those we normally see. They have basically fallen into two separate categories:

Malicious User Agent:  
This attack vector describes where a hacker tries to access the site using a browser configured to send malicious PHP code in its user agent string (a small piece of text used to describe the browser to your server).  The idea behind it is that buggy log processing software will parse it and allow the hacker to gain control of the website.

Direct File Inclusion:
In this attack vector a hacker tries to trick vulnerable components into loading arbitrary files. Depending on the vulnerable component, the file will either be output verbatim or parsed as a PHP file. This allows attackers to disclose sensitive information about the site or to run malicious code uploaded to the site through another vulnerable vector, e.g. an unfiltered upload of executable PHP code.

Strange PHP error on live web site.

Noticed late yesterday a strange error occurring on our website when a specific article was accessed.

image

 

The error is :  DateTime::__construct(): Failed to parse time string (about 5 months ago) at position 0 (a): The timezone could not be found in the database

 

Nothing had been changed on the page for some time so I think this is some form of PHP bug.  [Currently running 5.4.11].

To resolve it I had to copy the offending article and then just point the menu items to the copy.  This indicates that it wasn’t anything specific about the article itself that was wrong.

Since the error is not specifically related to something that I/we have done, it is obviously something to report to the hosting company.

Not reproducible on any of our test instances, and of course it had to occur on the ‘live site’.  Isn’t that always the way. Smile

Tags:

Animated Gifs in banners stopped working

lg-1and1
Noticed a little while ago that the banner we use for our affiliate link to 1&1 Internet was not being displayed in our page footer.

Further inspection revealed that 1&1 Internet had changed their affiliate specification slightly (not that we were informed but there you are!).  Anyway they now provide animated GIFs to use so replaced our 'old' configuration with the suggested new details.

That was fine apart from the link still refused to display. So we had to investigate further. What didn't help was that we were unsure exactly when the link first exhibited problems, so were unsure whether this was caused by a change of ours, or just by 1&1.

To cut a long story short, we discovered that it was the animated GIFs that were causing the problem, since a static image displays fine. For our purposes a static GIF is fine, and until we have more time to see if the animated GIF problem is more widespread than just banners it will suffice.

Tags:

Documentation Formats and Joomla

Historically we used to create our documentation using ‘Word Perfect’ but changed to using Microsoft Word, soon after Adobe ‘took over’ Word Perfect.  This has served us well for many years, but unfortunately Word has not kept up with the changes in the Web and the need for short pages of documentation easily accessible by users.  Yes, Word can generate HTML documents but anyone who has every looked at the created output will be struck by the obvious bloated code and its use of strangely named variables making it almost unreadable in its raw form.  This necessitates a cleanup operation on the code before it can really be used.

So the search was on to see it there is anything ‘better’ out there.

The obvious candidate was something known as DocBook which is written in XML, which means that it can be created and edited by virtually any editor upon any platform.  However to ensure good structure that meets the requirements of the DTD, something more robust is required.  It also raises the question of how one retains the investment in existing documents and how one can convert them to the ‘new’ format.  One advantage of the XML format is that it is reasonably easy to use XSL transforms to convert it to PDF, HTML  or indeed many other formats.

Continue reading

Invoking window.onload multiple time.

Whilst developing our latest component ‘IP Mapper’ I encountered a problem that is possibly known to many but not previously to me.  For that reason decided to make this blog entry.

I was generating javascript code which made a call at the end to the ‘window.load event’.  The code worked perfectly when it was only present once.  However when present more than once only the last call actually worked.

Why did I need it more than once?  Well the code was generated for a specific module, and because the modules could each have very different parameters specified, I had to tailor the javascript for each specific module hence the slightly different code, but each has a different ‘window.onload event’ function call.

I discovered this post by Robert Hahn which describes a solution which I have implemented.

The solution:

function makeDoubleDelegate(function1, function2) {
    return function() {
        if (function1)
            function1();
        if (function2)
            function2();
    }
}
window.onload = makeDoubleDelegate(window.onload, myNewFunction );
Works a treat.

Website Anti-Spam


A recent comment requested some additional anti-spam option in our Issue Tracker component. That triggered much though on a topic that obviously impact all website and their components, be it blogs, commenting systems etc.

There are a number of different parts to preventing spam on a website and this is to expand upon our own particular take on the subject.

Spam is one of the many problem that face web sites today. It is basically the proverbial ‘pain in the neck’ and if not handled correctly can be very time consuming. How often have you viewed web sites where there are totally unrelated comments /registrations/ forums posts which has to make one think about the site’s reputation and credibility.

Our site is not immune to this problem and the source is not restricted to any specific country although there does seem to be a preponderance from locations such as Turkey, China, Russian Federation and more recently Ukraine and Brazil.

Continue reading

Joomla mailing templates and images

We have been testing out Joomla newsletter components and in particular looking at newsletter templates.  There are two main contenders a) AcyMailing and b) JNews.   Both seem competent in performed the required tasks, but a decision as to which we will use will not been made, until we have finished our testing.

The main points to date include:  

Loading of new newsletter templates is reasonably simple into AcyMailing.  All that is required is to create a zip file with a file named index.html containing the template html code, an image thumbnail of the newsletter itself, and a directory named images containing any images that are named by reference to the images folder with the index.html file.   Then the file is simply imported into the Joomla newsletter component.  JNews didn't find index.html in the zip file for some reason.

The handling of animated images is a little problematic.  It seems that animated PNG file support is limited and that it is better to stick with animated GIF files if animation is required.  This is complicated by the particular mail client being used as well, since it is suspected that Outlook 2003 cannot itself handle animated png files.

Support on the forums of both contenders seems very good, with AcyMailer being the busiest, which probably reflects the usage levels.

Initial costs are comparable, though it is noted that JNews is a one time payment where as AcyMailing uses an annual support cost.   

No show stoppers found yet, but testing is continuing.

 

PS.  Found this article on coding html templates very useful.

Joomla Development hints and tips

Whilst working on some Joomla component developments I encountered a few problems which, whilst I had encountered them, before didn’t stop me wasting time resolving them again.  So I have decided to post them to the blog in case others have the same sort of problems and it might save them some time.


1.  In a component item list view, the message ‘ Notice: Undefined property: stdClass::$editor in ~administrator/components/com_xxxxx/views/yyyylist/tmpl/default.php on line zzz’ was encountered.  This message was coming from the template file and related to the check of whether the item was checked out or not.   The item is returned directly from the database table but there was no ‘editor’ field in the table.  

What was required is a simple select over the table with the Joomla users table as follows.

        // Join over the users for the checked out user.
        $query->select('uc.name AS editor');
        $query->join('LEFT', '#__users AS uc ON uc.id=a.checked_out');

Where I was wasting time, was thinking that the ‘editor’ was the actual physical editor being used on the item, rather than the ‘person’ who was the ‘editor’ of the item.


2.  In an item view the JToolBarHelper buttons did not appear to be doing anything other than appending a ‘#’ to the end of the URL.    This one had me a little puzzled since the parameters to JToolBarHelper were perfectly correct.    The problem eventually turned out to be related to some coding in a java script incorporated in the default template.   The error was not generating any messages and it was only by a process of elimination that I tracked it down.

So the moral is to check for Javascript errors before assuming a php coding error !!


3.  The third opportunity was to discover why the use of an Editor (such as JCE) persisted in stripping out HTML code from the input.   I found an article on the JCE web site that explains about changing the text filtering options:

(Joomla! 2.5)

    In the Joomla! Global Configuration, click on the Text Filters tab.
    For the Super Users group, or any other trusted user group, set Filter Type to No Filtering. Make sure that you only set this option for user groups that can be trusted as setting the Filter Type to No Filtering will essentially allow the user to include any html in an article.

However checking my settings showed that I already had them set but I was still getting the HTML codes stripped out.

Investigation into the possible filters that can be applied to the editor field in the XML file for the object revealed a solution.    The possible filters that can be applied (which I discovered from code inspection) are as follows:

 

Filter Type Description
RULES A defined rules array
UNSET Do nothing.
RAW No Filter.
SAFEHTML Filter safe HTML
SERVER_UTC Convert a date to UTC based on the server timezone offset.
USER_UTC Convert a date to UTC based on the user timezone offset.
default Checks for a callback filter using either using the callback method or using the callback function.

 

        
   The solution I wanted was to set the filter to ‘RAW’.         

Invalid Logging Attempts

We saw a situation of a brute force login attack the other day and thought we would share it with our readers, although we are flattered that anyone thought our site sufficiently important enough to make the effort, their efforts were in vain as they did not get very far.   This particular attack is classed as one of the most common (and least subtle) attacks that can be conducted against Web applications.  The sole aim of a brute force attack is to gain access to user accounts by repeatedly trying to guess the password of a user or a group of users.   It is often carried out by automated tools -- readily available on the Internet – enabling submission of thousands of password attempts in a matter of seconds (or less), trying to make it easy for an attacker to beat a password-based authentication system.

Continue reading
Go To Top

The Macrotone Consulting Web site would like to use cookies to store information on your computer, to improve our website. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site.