Send private message

You must be logged in to send a private message.

Friends

No friends yet.

Group membership

Activity

  • rikmye replied on the discussion topic CKEditor - deactivated/hidden as default setting
    Thanks, unfortunately this a blanket disable for all mobile devices. I rather wanted longtext as default and the option to switch to rich text if required.   This change works for me now.   line 44 in... view reply
  • Thanks iionly, I'm played around with the RewriteCond and this seems to have sorted it out. I will need to watch it for while to see if has any knock effect to other plugins. The first line covers my homepage where there are some... view reply
  • well I can use the following which does stop access to these extensions, but i'm still a little uneasy about anyone having access to directories like .../elgg-config/   .htaccess <FilesMatch "\.(rst|MD|txt)$">... view reply
  • some additions.... apache2.conf <Directory /var/www/html/xxxxxxx/>                 Options FollowSymLinks                 AllowOverride All    ... view reply
  • Could someone please guide me with some basic security settings. I have installed a test website using version 2.3.13 on Apache2/php55, and it's working fine, but I don't understand why I can access all the files in my Elgg directories from...
    • well I can use the following which does stop access to these extensions, but i'm still a little uneasy about anyone having access to directories like

      .../elgg-config/

       

      .htaccess

      <FilesMatch "\.(rst|MD|txt)$"> #deny these from url access
       Require all denied
      </FilesMatch>

       

      thanks

    • The only important point is that you don't set write permission for the files/folders of the install folder of Elgg and its subfolders. The only exception might be during the installation where it would be necessary temporarily to allow for the Elgg installer creating settings.php and .htaccess. Afterwards the write permission should no longer be necessary at all as the webserver would only have to read the files and read/access the folders but not write into them.

      The files you are so worried about are freely downloadable here from the site (within the zip archive) and everyone can view them also at the Elgg github repository. There's no secret in them so no harm in anyone seeing their content (which would still require knowing the full path).

    • Thanks iionly,

      I'm played around with the RewriteCond and this seems to have sorted it out. I will need to watch it for while to see if has any knock effect to other plugins. The first line covers my homepage where there are some direct links to jpg,css files etc etc, then everything else is forced through the Elgg route.

       

      RewriteCond %{REQUEST_URI} !^/mod/homepage_elgg/(.*)$
      RewriteCond %{REQUEST_FILENAME} -f [OR]
      RewriteCond %{REQUEST_FILENAME} !-f
      #RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule ^(.*)$ index.php?__elgg_uri=$1 [L,QSA]

       

  • rikmye replied on the discussion topic how to remove the preview text in the Blog list.
    Amazing is not the word, the support here is fantastic!!! Many thanks it works perfect. Enjoy your weekend Rich view reply
  • rikmye added a new discussion topic how to remove the preview text in the Blog list. in the group General Discussion
    Could anyone help me please with an easy way to stop the short preview text appearing under each blog titel on the blog page. I know here is the function: ../mod/blog/lib/blog.php and here is the call for that list:...
  • rikmye replied on the discussion topic Show spinner during login waiting time
    Many thanks for the help but is this not part a JS script rather than a call from within PHP?  Not wanting to get into a discussion about changing the core.... I was hoping to be able to call the spinner at the point which the PHP code... view reply