Support community for TTG plugins and products.
NOTICE
The Turning Gate's Community has moved to a new home, at https://discourse.theturninggate.net.
This forum is now closed, and exists here as a read-only archive.
You are not logged in.
Sorry for the delay in getting back to you on this Ben... The following report is from the Site Lock security scan. It is showing 3 XSS Vulnerability Issues.... The vulnerability issues are listed at the bottom of the report. I am guessing that the issues are summarized in the "a c m p1 and p2" codes. I have not had a chance to explore what these issues are. I am hoping that you can let me know what can be done.
Thanks
Kevin
Summary
Site Name pkgphoto.ca
Scan Type xss
Pages Scanned 77 page(s)
Pages Vulnerable 3 page(s)
Details
Page URL Vulnerable Description
http://www.pkgphoto.ca no
http://www.pkgphoto.ca/backlight/publis … /scripts/1 no
http://www.pkgphoto.ca/backlight/publis … /scripts/6 no
http://www.pkgphoto.ca/backlight/publis … et/style/1 no
http://www.pkgphoto.ca/backlight/publis … et/style/6 no
http://www.pkgphoto.ca/contact/ no
http://www.pkgphoto.ca/galleries/ no
http://www.pkgphoto.ca/th1s_1s_a_4o4.html no
https://pkgphoto.ca/feed/ no
https://pkgphoto.ca/galleries/abdi/ no
https://pkgphoto.ca/galleries/conestoga-college/ no
https://pkgphoto.ca/galleries/conestoga … nvocation/ no
https://pkgphoto.ca/galleries/conestoga … nvocation/ no
https://pkgphoto.ca/galleries/conestoga … nvocation/ no
https://pkgphoto.ca/galleries/contactportraits/ no
https://pkgphoto.ca/galleries/contactpo … -portrait/ no
https://pkgphoto.ca/galleries/ginas-col … ir-design/ no
https://pkgphoto.ca/galleries/ginas-col … pril-2019/ no
https://pkgphoto.ca/galleries/ginas-col … mber-2017/ no
https://pkgphoto.ca/galleries/ginas-col … mber-2019/ no
https://pkgphoto.ca/galleries/ginas-col … gust-2018/ no
https://pkgphoto.ca/galleries/hike-for-hospice-2017/ no
https://pkgphoto.ca/galleries/iio-conestoga-chapter/ no
https://pkgphoto.ca/galleries/iio-cones … heon-2019/ no
https://pkgphoto.ca/galleries/iio-cones … heon-2020/ no
https://pkgphoto.ca/galleries/iio-cones … heon-2018/ no
https://pkgphoto.ca/galleries/jeff/ no
https://pkgphoto.ca/galleries/jeff/_PK36627-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36629-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36630-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36631-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36635-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36641-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36642-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36643-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36644-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36645-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36646-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36650-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36657-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36662-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36665-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36672-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36675-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36688-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36700-single.php no
https://pkgphoto.ca/galleries/jeff/_PK3 … single.php no
https://pkgphoto.ca/galleries/jeff/_PK36702-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36710-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36711-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36713-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36714-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36716-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36717-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36718-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36719-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36721-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36723-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36725-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36727-single.php no
https://pkgphoto.ca/galleries/jeff/_PK36728-single.php no
https://pkgphoto.ca/galleries/st-peters … firmation/ no
https://pkgphoto.ca/galleries/st-peters … ters-2019/ no
https://pkgphoto.ca/galleries/the-waterloo-award/ no
https://pkgphoto.ca/galleries/the-water … loo-award/ no
https://pkgphoto.ca/galleries/the-water … loo-award/ no
https://pkgphoto.ca/galleries/weddings/ no
https://pkgphoto.ca/galleries/weddings/ … -patricia/ no
https://pkgphoto.ca/galleries/weddings/ … sa-weiler/ no
https://pkgphoto.ca/galleries/yncu/ no
https://www.pkgphoto.ca no
https://www.pkgphoto.ca/contact/ no
https://www.pkgphoto.ca/galleries/ no
https://www.pkgphoto.ca/galleries/jeff/feed/ no
https://www.pkgphoto.ca/backlight/?m=de … image&p1=4 yes a c m p1
https://www.pkgphoto.ca/backlight/?m=pu … ripts&p2=3 yes a c m p1 p2
https://www.pkgphoto.ca/backlight/?m=pu … style&p2=3 yes a c m p1 p2
A couple of questions regarding SiteLock.
For those, you may not know what SiteLock is: SiteLock is "SITELOCK IS THE GLOBAL LEADER IN WEBSITE SECURITY. WE FOUNDED THE COMPANY IN 2008 WITH A PASSION TO MAKE CYBERSECURITY AND WEBSITE SECURITY SERVICES AFFORDABLE AND ACCESSIBLE TO SMALL BUSINESSES, A PREVIOUSLY UNDERSERVED MARKET. WE PROTECT OVER 12 MILLION SITES AROUND THE WORLD AND ARE ONE OF THE TOP CYBERSECURITY COMPANIES IN ARIZONA."
My site is hosted by Blue Host. Blue host as an add on feature that uses SiteLock security addon that scans my site and warns me of any security issues and vulnerabilities.
question one: Is the basic SiteLock Security option worth the $15.00 per year?... I know that this is really basic! SiteLock subscription can go up to in access of $50.00 per month (out of the question for me).
Question two: The biggest problem that I have with the weekly SiteLock security scan is the warnings that I receive. I have no F#%*#^G clue as to what they are telling me ... let alone who to speak to or how to deal with the problem. The lastest warning gave me a warning about 3 XSS vulnerabilities and 77 XSS nonvulnerable issues. I am more concerned about the Vulnerabilities, rather than the Nonvulnerabilies. The URLs that are being flagged are buried in the "backlight" folder, of course, they are. The first one looks like an image to me. The second is a script in the publisher and galleries module. The third has to do with the style sheet. I have a screengrab of the SiteLock dashboard if you need it, probably not prudent to publish it on this forum. Is this a problem that I should be addressing, if so, who should I be talking to?
as always,
Thanks in advance,
Kevin
So, I am new to Backlight 3... I have never managed galleries through Backlight before, I have always done this through the Lightroom plugin. It looks like it will be easier to assign Access Codes through Backlight admin rather than using the Backlight plugin. I looked at the database, but the codes look like they are encrypted, or perhaps I did not dig deep enough.
So far the upgrade to BL3 has been relatively seamless. I was able to pull it off in an afternoon.
Thanks for a great product and superior customer service.
Thanks Rod, for the quick response.
I did find the Master Access Code setting...
Kevin
I bit the bullet... I upgraded from Backlight 1 to Backlight 3. Not without some problems though.
1 I did not copy the .htaccess file over to the root... This broke the site... I resolved that one my self.
2 Needed to change the Publisher Lightroom Plugin ... the older plug was still using the Username and Password settings on the protected galleries. Found the solution somewhere in the documentation.
Now I am dealing with a couple of other issues...
First...As per the documentation...
"Admin users may navigate public, protected, and private albums freely while logged into Backlight's admin."
This is true only when I am using Internet Explorer. If using Chrome, I do not have unrestricted access to the protected galleries. I have not checked any private galleries yet.
Second... For the protected galleries that I do have. What has happened to the Usernames and Passwords... I know that I need to assign "Access Codes". Is there a faster way to do this rather than going through each individual gallery?
Third... Is there a way of assigning a "Master Access Code" that will allow entry into all galleries? And still, have individual access code for a gallery
Here's my problem:
I shoot an event where there is a number of awards given out, let say Five awards.
When I post the images for the event, I set up a number of galleries. Some of these galleries will be protected and some will be public.
I want each of the protected galleries to be unique, each having their own access code. The public galleries are open to all. I would normally give the event organizer the "Master Access Code" so that they would have unencumbered access to all the galleries, both protected and public. With Backlight 1, I do realize the Admin Username and Password gave full access to all the galleries across my entire site.
Thanks for your consideration,
Kevin
Hi Matt,
I see that you have created the client account and tested as I described.... I did recieve the feed back email as designed.
All is working as it should!
I had copied and pasted the feed back emails on to the bottom of the email that I sent that had the backlight log in creds. I dont have a copy of that email because I had sent it through one of your contact forms. There is no way to "cc" another email address from a contact form.... is there? I went back and looked at the feed back in Backlight, there was no duplication. I must thave been either on crack, having a senile moment, or imaging things, or all of the above. I was under the impression that the offending feedback numbers were #10 and #12. Any supporting evidence that I have would be in the email that had the backlight creds.
I was a little surprized that the selects were showing up in the in the feedback area without submitting.... this is actually a great feature.
Thankyou Matt, for taking the time to investigate. I am sorry if I wasted your time. I did learn something though!
Thanks,
Kevin
PS on your comments: River Of Light, taken in Iceland durning the summer of 2017. Tip was Point Pelee, Ontario, Canada. The most southern tip of Canada.
Thanks again,
Kevin
Yes, I understand that Rod. It just that the only the Selections are being reported back without having to be "submited" from the site!
Comments, Star Rateings and options are only reported back after "Submiting".
Thanks for your comments though.
So, it seems that the "Heart Selection" is visable in the Client Response>Feedback section of Backlight right away, submition is not required. Look at FeedBack number #000017.... This was not "sumbited" from the site! As well "Options" is list but not reported.
Again Matt, not really an issue with me, just some observations.
Thanks Matt It is not a really big deal for me at this stage. I mostly wanted to pass this behaviour along to you as feed back!
Kevin
So, The latest observation is;
I have had two "clients" submit their feed back, without email notification and without the CRG gallery being closed.
The feedback in these cases were just "selections", there were no comments, or the images were not rated.
Thanks
Kevin
I get it now! The email link appears only when I am signed in to the forum...
Hi Matt
Your email link is missing..... well it was missing a couple of minutes ago!!!! I see that it is there agian!
I sent the info out using the contact form on http://theturninggate.net/support/
I hope that you get it!
Kevin
Mat they are separate Logins
I have set up a Managed CRG with 46 images and Multiple Clients. I noticed that in the Client Respose>FeedBack section of Backlight One client's (Client A )comment was duplicated on the same picture for another client (client B). And, another comment from client A was missing from the feedback section of backlight but present in the email.
I found this when I was comparing the information in backlight to the info contained in the emails that that were sent after "submitting".
Comments Please!
Note : If the images in question were my images. I would share the site and log in info on the forum. As the images in question are not mine to share, I would prefer to share specific site and log in via email.
Thanks
Kevin
edit : I noticed also on another client, there is a small difference between the report in Backlight>Feedback and the email that was sent out.
Hi Rod... You nailed it again...
I replaced the backlight/client-response/ folder, actually, I just copied the index.php file over.
And you are right, the Template did get changed over to something else.
Its back up and running again...
BTW, Yes i did delete and replace the client response module at backlight/modules/module-client-response/ that was the first thing that i did!
Thanks again
For some reason My CRG has broke.... The initial problem was that when I signed into a CRG the gallery would open as a normal default Pangolin gallery. There would be no icons to select, comment or filter views. I thought that this was odd , so I double checked the settings both in the gallery and Backlight. Everything looked ok to me, but still no joy. I tried reinstalling the CRG module....still no joy. I set up a CRG on my test site and it works.
so!
My question is ... Can I, or is it possible to remove CRG from a working site, and reinstall? Or do I take the whole site down and start over, yet again?
Thanks in advance.
Kevin
Hey Ben It's called follow the Instructions as written....LOL
As I stated above... the initial error that i got was by having deleted the (213) pangolin-theater directory...and uploaded the 214 directoy ( as per the instructions). It wasn't until I reloaded the 213 folder that I started playing around with renaming...
FYI By renaming the 213 folder to pangolin-theater-old I did not experience any detectable problem. Although, I certainly did not test extensively. On getting the problem resolved I removed the .....pangolin-theater Old directory!
Thanks for your response Ben.... For some reason I had not seen previous post!
And now It Works
The folder pangolin-theater213 did exist I had renamed the folder pangolin-theater to pangolin-theater213.
The funny thing is ... on the initial install (and error) I had deleted pangolin-theater module as per the instructions...I thought...
It wasn't untill i had the failure that i reloaded and renamed the folder.
I changed the old folder name to pangolin-theater old and it works!!! I have since remove the old module.
Anyway, I'm up and running.
Thanks Rod and Charlie
Just switched over to Theater 214, and the other theater galleries do not work either!
I will leave 214 on and remove the theater gallery from my home page to allow the site to function!
With Theater 214 functioning I can not even edit the home page album.
Error dialog comes up saying :
Unable to perform action: get SetupForTemplate
Message: Unable to find file at
/backlight/modules/pangolin-theater213/PangolTheater213Engine.php
I changed the Home Page gallery to the default gallery so that you can get passed the home page.
http://www.pkgphoto.ca/galleries/contact-portrait/ is a Theater Gallery that will not work with 214.
I have Pangolin Theater 214 on line now!
Thanks again
Kevin
I could not get passed the Home Page !
I reloaded the Theater 213 to allow the page to function.
I will go back to Theater 214 and try the other Theater gallery that I have up!
Thanks for looking!
Yes, I did!
I also cleared the Browser Cashe
I have a Pangolin Theater gallery on my home page. After updating to Pangolin Theater 214 I get a error on loading the home page.
the error is.
Something went wrong
Unable to find file at /backlight/modules/pangolin-theater213/PangolinTheater213Engine.php.
Have you removed the pangolin-theater213 module? If so, either copy the module back, or change the template used by this album. in EngineFactory.php on line 330
What have i done wrong?
Thanks
Kevin
ps I have reloaded 213
Thank you Rod
Have you documented a complete backup procedure for both the Lightroom catalog and the necessary Backlight files.
There is both the Client and the Server side. Because of the co dependence I would assume there is no sense backing up one with out the other.
I guess another question would be ...How much of Backlight is in the Lightroom catalog?
You are right Rod. I did not assign the Album to you.
The problem was in the File Names of the two files. Some how, at some time the files got renamed to "File 'date, 'time'.jpeg". The strange thing is that it happened today. One file got renamed to "File 2017-07-28, 9 37 30 PM.jpeg".... It has me baffled".
Anyway.... Problem is solved. Thanks a bunch!
If you want to see the problem I have assigned the album to you. I will rename the files tomorrow.