Opacity Issue in Montezuma Theme After Installing BPS Pro

Home Forums BulletProof Security Pro Opacity Issue in Montezuma Theme After Installing BPS Pro

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #10809
    Bill Justesen
    Participant

    Hello,

    I just got BPS up and running on the following site, fillmoreutahchamber.com, and now the opacity has changed to zero (0) so the whole site is hidden. It has something to do with the content.css file which includes this information:

    body {
    	margin: 					0;
    	padding: 				0;
    	font-family: 			"Segoe UI", "Lucida Grande", "Helvetica Neue", sans-serif;
    	font-size: 				15px;
    	opacity: 				0; /* will be turned on ( = set to '1' ) with jQuery after google fonts, if any, have loaded and masonry layout, if any, was applied */

    If I change that opacity value to 1, then the site appears, but the images are still hidden and the fonts are messed up. I suspect there may be a conflict between jQuery and BPS.

    I started a thread on the montezuma theme on WordPress.org and you can follow it here wordpress.org/support/topic/entire-site-blank-but-html-is-there.

    #10812
    AITpro Admin
    Keymaster

    The only things I can think of that would have any effect on the front-side of the site would be JTC Anti-Spam / Anti-hacker.  It does load jQuery on the front end and does have a snippet of inline CSS.  Try turning off JTC Anti-Spam and let me know what happens.  BPS Pro does not load or have any other CSS or js scripts that load on the front end of websites.

    The other possibility is the Plugin Firewall is blocking a plugin script that is bundled with this Theme that is now not loading on the front end of the site, but this is doubtful if you are seeing this when you are logged into your site since your IP is whitelisted.

    To eliminate or confirm that BPS Pro has anything to do with this issue you would do the troubleshooting steps in the link below.  A JTC Anti-Spam troubleshooting step needs to be added to this Forum link below.  The step would be to turn Off JTC Anti-Spam.

    http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    #10821
    Bill Justesen
    Participant

    In digging through it, there is an error loading the /wp-content/uploads/montezuma/javascript.js?ver=3.7.1 file as noted in the log file. Is this something that would be blocked by BPS? The contents of the file are below.

    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - October 30, 2013 - 9:23 PM <<<<<<<<<<<
    REMOTE_ADDR: 24.32.xxx
    Host Name: doc-24-32-xxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: unknown
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.fillmoreutahchamber.com/
    REQUEST_URI: /wp-content/uploads/montezuma/javascript.js?ver=3.7.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
    
    <span style="text-decoration: underline;">javascript.js</span>
    var ua = jQuery.browser;
    /*******************************
    * Equal Height Columns Function
    ******************************/
    function bfa_equal_columns() {
    jQuery('.ehc').each( function() {
    var row = jQuery(this);
    if ( ua.msie && parseInt( ua.version, 10 ) < 8 ) {
    var height = row.outerHeight(); // outerheight for IE < 8
    } else {
    // var height = row.height();
    var height = row.outerHeight();
    }
    row.find('> div').each( function() {
    jQuery(this).height( height );
    });
    });
    }
    
    function bfa_video_resize() {
    jQuery('.row > div, .row5 > div, .lw').each( function() {
    
    var col = jQuery(this),
    p = col.find('.post').first(),
    bc = p.find('.post-bodycopy'),
    maxWidth = col.width()
    - ( p.outerWidth() - p.width() )
    - ( bc.outerWidth() - bc.width() );
    
    col.find('embed, iframe').each( function() {
    var video = jQuery(this),
    videoWidth = video.attr('width');
    if( videoWidth > maxWidth ) {
    videoHeight = video.attr('height'),
    videoMaxHeight = ( maxWidth / videoWidth * videoHeight );
    video.attr({ width: maxWidth, height: videoMaxHeight });
    }
    });
    });
    }
    
    function bfa_img_grayscale() {
    jQuery('.post-thumb img').each(function(){
    var el = jQuery(this);
    el.css({'position':'absolute'})
    .wrap("<div class='img_wrapper' style='display:block'>")
    .clone().addClass('img_grayscale')
    .css({'position':'absolute','z-index':'998','opacity':'1.0'})
    .insertBefore(el)
    .queue(function(){
    var el = jQuery(this);
    el.parent().css({'width':this.offsetWidth,'height':this.offsetHeight });
    el.dequeue();
    });
    });
    }
    
    /*******************************
    * Grayscale post thumbs
    ******************************/
    jQuery(window).load(function() {
    if( jQuery(window).width() > 959 ) {
    bfa_img_grayscale();
    }
    });
    
    /*******************************
    * Run on resize
    ******************************/
    jQuery(window).resize(function() {
    bfa_video_resize();
    bfa_equal_columns();
    });
    WebFontConfig = {
    // google: { families: [ 'Yanone Kaffeesatz:400,300,200,700', 'Gruppo', 'Droid Sans:normal,bold' ] },
    google: { families: ["Yanone+Kaffeesatz:400,200"] },
    fontactive: function(fontFamily, fontDescription) {
    // Avoids 'FOUC' - Flash of unstyled content in Firefox, Set 'body { opacity: 0 }' in CSS stylesheet
    jQuery('body').css('opacity', 1);
    bfa_equal_columns();
    }
    };
    (function() {
    var wf = document.createElement('script');
    wf.src = ('https:' == document.location.protocol ? 'https' : 'http') +
    '://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js';
    wf.type = 'text/javascript';
    wf.async = 'true';
    var s = document.getElementsByTagName('script')[0];
    s.parentNode.insertBefore(wf, s);
    })();
    jQuery(document).ready(function($) {
    
    if( $('body').css('opacity') == 0 ) {
    $('body').css('opacity', 1);
    }
    
    // A class for zebra-striped table rows
    $('.hentry table tr:nth-child(even), .comment-text table tr:nth-child(even)').addClass('alternate');
    if( jQuery().colorbox ) {
    $('.gallery figure a span').colorbox({rel: 'gal', slideshow: true, slideshowSpeed: 3500, opacity: 0.7, href: function(){
    var src = $(this).prev('img').attr('src').replace( /-\d+x\d+./, '.' ); // full src = remove '-150x150' from thumb src
    return src;
    }});
    }
    
    bfa_video_resize();
    
    // Fade image
    if( $(window).width() > 959 ) {
    $('.hentry').hover(
    function(){ $(this).find('.img_grayscale').stop().animate({opacity:0}, 1000).next().stop().animate({opacity:1}, 700); },
    function(){ $(this).find('.img_grayscale').stop().animate({opacity:1}, 1000).next().stop().animate({opacity:0}, 700); }
    );
    } else {
    $('.hentry .post-thumb img').css('opacity', 1);
    }
    
    /**
    * jQuery Mobile Menu
    * Turn unordered list menu into dropdown select menu
    * version 1.0(31-OCT-2011)
    *
    * Built on top of the jQuery library
    * http://jquery.com
    *
    * Documentation
    * http://github.com/mambows/mobilemenu
    */
    (function($){
    $.fn.mobileMenu = function(options) {
    
    var defaults = {
    defaultText: 'Navigate to...',
    className: 'select-menu',
    subMenuClass: 'sub-menu',
    subMenuDash: '–'
    },
    settings = $.extend( defaults, options ),
    el = $(this);
    
    this.each(function(){
    // ad class to submenu list
    el.find('ul').addClass(settings.subMenuClass);
    
    // Create base menu
    $('<select />',{ 'class' : settings.className }).insertAfter( el );
    
    // Create default option
    $('<option />', {
    'value' : '#',
    'text' : settings.defaultText
    }).appendTo( '.' + settings.className );
    
    // Create select option from menu
    el.find('a').each(function(){
    var $this = $(this),
    optText = ' ' + $this.text(),
    optSub = $this.parents( '.' + settings.subMenuClass ),
    len = optSub.length,
    dash;
    
    // if menu has sub menu
    if( $this.parents('ul').hasClass( settings.subMenuClass ) ) {
    dash = Array( len+1 ).join( settings.subMenuDash );
    optText = dash + optText;
    }
    
    // Now build menu and append it
    $('<option />', {
    'value' : this.href,
    'html' : optText,
    'selected' : (this.href == window.location.href)
    }).appendTo( '.' + settings.className );
    
    }); // End el.find('a').each
    
    // Change event on select element
    $('.' + settings.className).change(function(){
    var locations = $(this).val();
    if( locations !== '#' ) {
    window.location.href = $(this).val();
    };
    });
    
    }); // End this.each
    return this;
    };
    })(jQuery);
    
    $('#menu1').mobileMenu({
    defaultText: 'Navigate to...',
    className: 'menu1-mobile',
    subMenuDash: '  —   '
    });
    
    /*******************************
    * SPLIT TITLES
    ******************************/
    /* Split titles: 2-color titles for site-, post- and widget titles */
    $('#sitetitle a, .hentry h2 a[rel=bookmark], .hentry h1 a[rel=bookmark], .image-attachment h1, .widget h3 span').each( function() {
    var str = $(this).text();
    if( str.indexOf(' ') > 0 ) { var space = ' '; }
    else { var space = ''; }
    var strArray = str.split(space),
    fullLength = strArray.length,
    halfLength = Math.ceil( fullLength / 2 ),
    restLength = fullLength - halfLength,
    newstr = '<span class="firstpart">';
    for( var i = 0; i < halfLength; i++ ) {
    newstr += strArray[i] + space;
    }
    newstr += '</span>' + space;
    for( var i = halfLength; i < fullLength; i++ ) {
    newstr += strArray[i] + space;
    }
    $(this).html( newstr );
    });
    
    /*******************************
    * ADD SOME MENU CLASSES
    ******************************/
    // Add class to menu list items with children
    $('ul.children, ul.sub-menu').parent('li').addClass('has-sub-menu');
    // wp_list_categories does not provide 'ancestor' classes like wp_list_pages and wp_nav_menu:
    $('ul.menu li.active').parents('li:not(.ancestor)').addClass('ancestor');
    
    /*******************************
    * INSERT <I> for CSS SPRITE ICONS
    ******************************/
    $('.widget ul li, .widget h3, .breadcrumbs ol li, .hentry ul li, .comment-text ul li, li.has-sub-menu a, .menu > li > a, .post-tags, .post-categories').prepend('<i></i>');
    /*******************************
    * SMOOTH MENU
    ******************************/
    $('#menu1 > li').smoothMenu({
    zIndex: 10,
    duration: 700,
    easing: 'easeOutExpo',
    dockId: 'menu1-smooth'
    });
    });
    #10822
    Bill Justesen
    Participant

    I tried to whitelist that file in the Plugins Script/File Whitelist Text Area but got the following message:

    Error: One or more of your Whitelist rules contain these invalid paths: /themes/ or /plugins/ or /wp-content/ or /wp-includes/ or /uploads/

    EDIT: At this point I’ve removed the .js directive in the /wp-content/uploads/.htaccess file. If you would kindly tell me how to add the javascript.js file to my whitelist it would be greatly appreciated.

    Thanks for the awesome plugin!

    #10829
    AITpro Admin
    Keymaster

    The Security Log entry indicates that the js script is blocked by UAEG and does not have anything to do with the Plugin Firewall, which you already figured out.

    Does removing the .js file extension from the uploads .htaccess file solve the problem?  If so, then a better method to only allow the js scripts in the /montezuma/ folder would be to add a RewriteEngine Off .htaccess file in that folder:  http://forum.ait-pro.com/forums/topic/rewriteengine-off-htaccess-file/

    REQUEST_URI: /wp-content/uploads/montezuma/javascript.js?ver=3.7.1
    #10842
    Bill Justesen
    Participant

    Removing the js scripts in the .htaccess file of the /wp-content/uploads/montezuma folder did the trick. When I re-add the js directive, and then add an .htaccess file with the content of

    RewriteEngine Off

    in the /wp-content/uploads/montezuma folder and a blank index.php file pulled from the /wp-content/ folder, the opacity issue crops up again and my site is blank.

    EDIT: I’ve had to remove the js directive again to get the site working at the moment.

    #10844
    AITpro Admin
    Keymaster

    Hmm odd.  I am not sure if doing this below would work when the Order is set to Order Deny,Allow instead of Order Allow,Deny.  Do not change the Order directive – it MUST be Order Deny,Allow for UAEG to work correctly.  Give this a try and let me know what happens.

    SetEnvIf Request_URI "/wp-content/uploads/montezuma/(.*).js$" whitelist
    
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z|zip)$">
    Order Deny,Allow
    Allow from env=whitelist
    Deny from all
    #Allow from example.com
    </FilesMatch>
    #10849
    Bill Justesen
    Participant

    Thank you kindly. That did the trick.

    Also noticed you now include zip files as part of the FilesMatch regex. Good to see.

    #10850
    Bill Justesen
    Participant

    And right now I made the request URI only point to that single .js file since that is the only one in the folder. If there are more in future theme updates then I’ll change it; I just don’t want someone to get the idea that they can attempt to upload any javascript file to that folder and have a heyday with it.

    Thanks again!

    #10851
    AITpro Admin
    Keymaster

    Great!  Thanks for confirming the whitelist rule works.

    Glad you’re happy about zip files being included.  Most folks do not like that.  Oh well what can you do right – can’t make everybody happy all of the time – that is just not possible.  😉

Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.