- Posts: 2
- Thank you received: 1
Kunena 6.3.0 released
The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3
This category contains miscellaneous, uncategorised user contributions, (templates, modules, plugins and hacks) relating to older versions of Kunena that are no longer supported.
The topics in this category are for historical interest only. Owing to the structural changes that occurred in K 2.0, many of the ideas in these topics will not work with later versions and, for that reason, the topics are locked.
The topics in this category are for historical interest only. Owing to the structural changes that occurred in K 2.0, many of the ideas in these topics will not work with later versions and, for that reason, the topics are locked.
Idea Kunena 2.0.4, Joomla 2.5.10, .htaccess and preview button
- Lightning88
- Topic Author
- Offline
- New Member
Less
More
10 years 11 months ago #1
by Lightning88
Hello everybody,
Excuse-me for my english, i'm french. I post here, because i had a problem with preview button, when you click on this button, nothing appears.
This problem come on my data of htaccess 's files.
With this htaccess:
You can see that i redirected www.e-infinity.fr/index.php to www.e-infinity.fr/ . This is for delete the duplicate content.
With Kunena, this is a problem. Because, when you click on preview button, the url ajax has this form:
www.e-infinity.fr/forum/reglement-du-for...yout=edit&format=raw
And return a 301 status code.
To work around this problem, this is a hack code:
In file : "/components/com_kunena/lib/kunena.bbcode.js.php" change line 27:
to:
And now, the url ajax has this form : www.e-infinity.fr/?option=com_kunena&vie...yout=edit&format=raw
I have changed index.php? to /?
And the preview button works perfectly without changed the htaccess file.
In the hope that it will help many people.
Geoffrey
Excuse-me for my english, i'm french. I post here, because i had a problem with preview button, when you click on this button, nothing appears.
This problem come on my data of htaccess 's files.
With this htaccess:
Warning: Spoiler!
Code:
##
# EmpĂȘche le serveur de trop causer lors des erreurs 404 et 500
##
ServerSignature Off
##
# @package Joomla
# @copyright Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
##
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
## Mod_rewrite in use.
RewriteEngine On
##
# Redirection du site sans www. vers www.
##
RewriteCond %{HTTP_HOST} !^www.e-infinity.fr$ [NC]
RewriteRule ^(.*)$ http://www.e-infinity.fr/$1 [R=301,L]
##
# Redirection des lien ovh vers le site
##
RewriteCond %{HTTP_HOST} ^einfinit.cluster015.ovh.net$ [NC]
RewriteRule ^(.*)$http://www.e-infinity.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^cluster015.ovh.net/~einfinit/$ [NC]
RewriteRule ^(.*)$http://www.e-infinity.fr/$1 [R=301,L]
RewriteCond ^https://ssl15.ovh.net/~einfinit/$ [NC]
RewriteRule $http://www.e-infinity.fr/$1 [R=301,L]
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
##
# Redirection de la page index.php seule vers le root
##
RewriteCond %{REQUEST_URI} ^/index.(htm|html|php|asp)$
RewriteCond %{THE_REQUEST} /index.(htm|html|php|asp)
RewriteRule ^(.*)index.(htm|html|php|asp)$ /$1 [R=301,L]
You can see that i redirected www.e-infinity.fr/index.php to www.e-infinity.fr/ . This is for delete the duplicate content.
With Kunena, this is a problem. Because, when you click on preview button, the url ajax has this form:
www.e-infinity.fr/forum/reglement-du-for...yout=edit&format=raw
And return a 301 status code.
To work around this problem, this is a hack code:
In file : "/components/com_kunena/lib/kunena.bbcode.js.php" change line 27:
Code:
previewRequest = new Request.JSON({secure: false, url: <?php echo json_encode('index.php?option=com_kunena&view=topic&layout=edit&format=raw');?>,
to:
Code:
previewRequest = new Request.JSON({secure: false, url: <?php echo json_encode('/?option=com_kunena&view=topic&layout=edit&format=raw');?>,
And now, the url ajax has this form : www.e-infinity.fr/?option=com_kunena&vie...yout=edit&format=raw
I have changed index.php? to /?
And the preview button works perfectly without changed the htaccess file.
In the hope that it will help many people.
Geoffrey
The following user(s) said Thank You: Matias
Please Log in or Create an account to join the conversation.
10 years 11 months ago #2
by Matias
Replied by Matias on topic Kunena 2.0.4, Joomla 2.5.10, .htaccess and preview button
Good hint, but unfortunately we cannot take that into the official version as it breaks more sites than it fixes.
Please Log in or Create an account to join the conversation.
- Lightning88
- Topic Author
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 1
10 years 11 months ago #3
by Lightning88
Thanks for your response, Matias.
This is a another solution:
In file : "/components/com_kunena/lib/kunena.bbcode.js.php" change line 27:
to
The method JURI::ROOT() return the root of URL. Here : www.e-infinity.fr/ and concat the rest of url. Because the url without this change has a this form:
www.e-infinity.fr/forum/reglement-du-for...yout=edit&format=raw
and not:
www.e-infinity.fr/index.php?option=com_k...yout=edit&format=raw
And i have changed the htaccess file:
to
Just one condition which test if request method is POST is has adding:
Replied by Lightning88 on topic Kunena 2.0.4, Joomla 2.5.10, .htaccess and preview button
Matias wrote: Good hint, but unfortunately we cannot take that into the official version as it breaks more sites than it fixes.
Thanks for your response, Matias.
This is a another solution:
In file : "/components/com_kunena/lib/kunena.bbcode.js.php" change line 27:
Code:
previewRequest = new Request.JSON({secure: false, url: <?php echo json_encode('index.php?option=com_kunena&view=topic&layout=edit&format=raw');?>,
to
Code:
previewRequest = new Request.JSON({secure: false, url: <?php echo json_encode(JURI::ROOT().'index.php?option=com_kunena&view=topic&layout=edit&format=raw');?>,
The method JURI::ROOT() return the root of URL. Here : www.e-infinity.fr/ and concat the rest of url. Because the url without this change has a this form:
www.e-infinity.fr/forum/reglement-du-for...yout=edit&format=raw
and not:
www.e-infinity.fr/index.php?option=com_k...yout=edit&format=raw
And i have changed the htaccess file:
Code:
RewriteCond %{REQUEST_URI} ^/index.(htm|html|php|asp)$
RewriteCond %{THE_REQUEST} /index.(htm|html|php|asp)
RewriteRule ^(.*)index.(htm|html|php|asp)$ /$1 [R=301,L]
to
Code:
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{REQUEST_URI} ^/index.(htm|html|php|asp)$
RewriteCond %{THE_REQUEST} /index.(htm|html|php|asp)
RewriteRule ^(.*)index.(htm|html|php|asp)$ /$1 [R=301,L]
Just one condition which test if request method is POST is has adding:
Code:
RewriteCond %{REQUEST_METHOD} !=POST
Please Log in or Create an account to join the conversation.
10 years 11 months ago #4
by Matias
Replied by Matias on topic Kunena 2.0.4, Joomla 2.5.10, .htaccess and preview button
Well, we are generally using SEF URLs for all our POST requests, so you need to remove your rewrite condition in order to keep Kunena working.
In Kunena 3.0 we have gone even further: we are starting to enforce SEF URLs more and more and prevent all the requests coming to direct component URLs that are usually used by spam bots. We're not quite yet in there and the feature has been disabled by default, but there are many reasons not to expose those URLs to the attackers.
One of the best reasons is that if the component (or some part of it) has been "disabled" by administrator, I wouldn't want to give attackers a way to access the feature. For example if you disable login from your site, everyone can still access a known location of the login page.
The question is: why don't you want to use SEF on POST? People do not care about the URLs, so the only party who has a benefit are the attackers, who like to use known URLs for their attacks.
In Kunena 3.0 we have gone even further: we are starting to enforce SEF URLs more and more and prevent all the requests coming to direct component URLs that are usually used by spam bots. We're not quite yet in there and the feature has been disabled by default, but there are many reasons not to expose those URLs to the attackers.
One of the best reasons is that if the component (or some part of it) has been "disabled" by administrator, I wouldn't want to give attackers a way to access the feature. For example if you disable login from your site, everyone can still access a known location of the login page.
The question is: why don't you want to use SEF on POST? People do not care about the URLs, so the only party who has a benefit are the attackers, who like to use known URLs for their attacks.
Please Log in or Create an account to join the conversation.
Time to create page: 0.331 seconds