Forum Replies Created
-
AuthorPosts
-
ZedCryout Creations mastermind
Hi,
That happens due to excessive sanitization of input data in the current plugin release, for which we already have a fix prepared which should become available soon.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi and sorry about that.
Mr. Kay was so anxious to add a new personality/child theme to Bravada that he integrated some cloning directly in the theme.
Today’s 1.1.3.1 update should take care of (some of) those pesky clones.
The Plus is neither affected by the issue nor does it include the fix since we haven’t yet synchronized it with the free edition.I just checked the changelogs and we did sync and release Bravada Plus 1.1.3 which created the duplication issue. Sorry about the confusion, we’ll have this sorted out as soon as possible with a new Plus update.If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.September 13th, 2024 at 16:54 in reply to: Split: XSS vulnerability reported by WordFence/Jetpack #148903ZedCryout Creations mastermindHi everyone and sorry about the delay with a clarification.
As the warning message displayed by the security plugin itself reads,
this makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pagesDue to sub-optimal/missing sanitization to the get_the_author() calls used by the theme, this issue can affect (larger) websites if rogue registered users (contributor/editor levels and above are needed) decide to insert unwanted content in their user name fields.
Personally, I find it weird that it’s the theme’s responsibility for sanitizing this data since it’s a core WordPress function returning database-stored content. If that field is not expected to store advanced HTML markup then WordPress should perform the proper level of sanitization/filtering on save.
To be clear, the theme does not handle any saving or input processing for this data, it only displays whatever WordPress already has saved in the database for the user name field, which has passed WordPress existing sanitization rules when that data was saved through the dashboard by users with sufficient permissions on the site.
This code has been in our themes in the same or very similar form since their launch (starting with Mantra back in 2009) and we have yet to have any kind of reports about XSS exploits through this route – frankly, if a rogue registered user with sufficient access decides to embed bad content on the site, the user name field is the least of your worries (and most likely not the first target).
This is only now popping up now because a security tester bulk reported the insufficient sanitization to patchstack.com (a large vulnerabilities testing/disclosing database which also offers paid security services), and several security plugins are taking inspiration for their lists of things to monitor from there.
Regardless of circumstances, we’ll be hardening the sanitization around the several get_the_author() function calls used in our themes, but since this issue is considered low severity/priority even by the patchstack.com report, we’ll be addressing it in the
regular1 theme updates cycleas we get to them1 – for example, the correction is already present in the Bravada 1.1.3 update released yesterday.1 Mr. Kay had a different plan so you may already notice updates out there addressing this.
PS: I’ve split this topic from the original post as that one was about mixed http/https content in the page, which is a different matter.
- This reply was modified 2 weeks ago by Zed. Reason: updated for updates status
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
We are aware of that issue and we’ll correct it as soon as possible with a theme update. WordPress 6.3 changed how a core hook we filter in the theme is used.
In the meantime you can hide the erroneous text by disabling the comment count visibility through the theme options.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Please apply the following CSS to resolve the error messages getting cropped at the edge of the content:
body article.hentry { overflow: visible; }
The theme does not employ z-index on its sidebars. The overlapping happens simply because of the order of elements in the markup.
#main { z-index: 1; }
This wouldn’t be a problem if the form had a limited width within the content.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.April 29th, 2023 at 00:10 in reply to: Change sticky header logo image when sticky header activated #138755ZedCryout Creations mastermindHi,
That functionality is not available in either of the theme’s editions, but should be achievable with CSS.
Can you include a link to your site and the URL for the alternative logo?If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
If you use enter in the visual editor, that’s encoded to specific markup which WordPress then stores on save and uses on the frontend. If you enter spaces in the source/code editor, those are filtered out on the frontend. In the source/code editor you need to manually enter <br> line breaks.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Both the site title and page (section) titles have their individual configurable typography controls in the theme’s options:
https://www.cryoutcreations.eu/docs/themes/options/typography/header/?theme=bravada#site-title
https://www.cryoutcreations.eu/docs/themes/options/typography/content/?theme=bravada#header-titlesIf you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Could you include a link to your site for me to see what you’re trying to achieve?
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
We always test with latest WordPress versions and I was unable to observe any issues between our Serious Settings plugin (current version 0.5.14) and WordPress 6.2.
Do you have any specific error messages with 0.5.14?
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
The theme’s layout is configurable in the settings page. This layout applies throughout the site (except the presentation page feature, when that is used).
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
That’s caused by the sensei-lms plugin applying its styling to broadly and overlapping the theme. Try using the following CSS to correct it:
#nav-below .nav-previous, #nav-below .nav-next { width: 50% !important; }
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.April 28th, 2023 at 23:49 in reply to: How can I create a zooming effect on images when hovering? #138737ZedCryout Creations mastermindHi,
That effect is usually obtained with JavaScript libraries that have expanded on one another and share similar names: fancybox, lightbox, colorbox. There are multiple WordPress plugins that implement them for WordPress sites.
Animation happen when triggered (on click/hover, other user interaction) so the animations/popup themselves add no extra drag on the performance of the site. However, the scripts/resources needed to add the effects need to be loaded on the site, and depending on the solution chosen they may be lighter or heavier on the site.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermind@deKay, your issue is different and looks to be caused by the theme failing to retrieve in-content images to use a featured images from your posts.
This happens because the function checking for such images is told by WordPress that the posts have images attached (inserted in) to them when in fact they don’t appear to (maybe they had them in the past?).We’ll add some extra logic checks in the next update to not trust WordPress’ returned data blindly and to avoid this condition.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermind@Draky, there are no lines 36 or 299 in Tempera’s functions.php file, so you must have edited it.
The Warning: Trying to access array offset on value of type bool ... error will hopefully get fixed in a future theme update, making Tempera usable with WP CLI.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.April 28th, 2023 at 23:22 in reply to: White space before page content, right after top menu #138712ZedCryout Creations mastermindHi,
The theme’s presentation page sections are designed to be used with different background colors (in which case the extra spacing makes sense).
With a uniform background, these spaces add up. To reduce them, try the following styling:
#front-text1, #front-text2, #front-text5 { padding-bottom: 0px; } #pp-texttop, #pp-textmiddle, #pp-textbottom, #front-columns-box, .presentation-page #content { padding-top: 25px; padding-bottom: 15px; }
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Mantra and WooCommerce is a combination we haven’t really ever thoroughly tested or looked into.
Customizing appearance to make things fit/match will most likely need some amount of custom styling.
A link to your site would be very useful to look at current state and test the necessary tweaks.If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Try the following custom styling:
#content .woocommerce-loop-product__title { font-size: 1.2em; line-height: 1.2em; }
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Our slider plugin uses the standard posts editor screen to manage slides. To publish (activate) slides at a specific date/time simply enter the desired options in the publishing panel:
WordPress doesn’t also have an unpublish feature, so such a thing is not available for slides either.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Check if your posts use post formats as those are always displayed in full regardless of excerpt length options.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.April 28th, 2023 at 22:54 in reply to: Remove Line with Social media Buttons in header completely #138703ZedCryout Creations mastermindHi,
The bar holding the socials is configurable in the theme’s options. The socials’ visibility is also separately configurable.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindTesting out the site with just WordPress and the theme, without any active plugins, with all caching cleared (and browser force refreshed) is the standard course of action after any major change such as updating PHP (or moving the site, or even updating WordPress) if malfunctions occur.
If the bare site doesn’t work, reverting to one of the default Twenty themes would be a good additional step.
If that still fails, next would be digging through the server error logs to identify where the fault lies.When a functional state is eventually reached, then extra extensions and functionality can be gradually re-enabled until something fails again or everything is restored.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.April 28th, 2023 at 22:46 in reply to: changing height (or removing altogether) of hero header area #138701ZedCryout Creations mastermindHello again,
The menu has no background color options when it’s in over header image mode. Tweaks to its appearance can then only be done with CSS.
Also, any options indicating they apply to the main navigation will in fact apply to the menu displayed when using the toggler/hamburger icon as that is Bravada’s main menu.
The menu always visible in the header is the supplementary header navigation (which has fewer control options). The header navigation inherits the general typography options. Tweaking it will also require custom styling.If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Try making your CSS more specific, for example by adding body in front of the rules that don’t apply.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.April 28th, 2023 at 22:35 in reply to: two blog template pages but populated with different content #138696ZedCryout Creations mastermindHi,
In WordPress, the “blog” special section is designed to display latest posts regardless of other attributes (categories, metas, authors). There are no built-in filtering options for this section, but there are plugin that can add such filters.
Concerning journal posts, it depends on how those are created. If those are just regular posts, then simply creating a category page would limit the list to posts belonging to the specific journal category. If those are a separate custom post type, than those would need their separate frontend code (dedicated templates) to handle their display.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi Linda,
I’m only seeing a specific screen size range on which the caption overflows the screen. Try applying the following CSS and check if that improves things:
body .lp-staticslider img { min-height: 540px; }
Yes, our priority support service includes timely responses. The support provided in the forum, while I try my best to keep periodic, does sometimes happen to lag behind.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
The customize screen (and the media selection/cropping functionality) are core WordPress functionality and they should simply just work.
When they don’t, it’s usually due to something interfering (like plugins or even browser issues).If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
In Bravada, the header/menu social icons are displayed in the toggle-able menu overlay as that is the main navigation – see the theme demo example.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
The settings plugin works fine even with the current WordPress 6.2.
We avoid triggering unnecessary updates on all the sites using it just to bump the version information so that usually falls behind between actual plugin updates.If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic.ZedCryout Creations mastermindHi,
Even as theme authors we don’t have the permissions to approve translations simply because we most likely lack the language knowledge to ascertain the quality of a translation.
The approval process is handled by (global) language editors that can check the quality of a translation before approving the editor or the submitted translation.
If you like our creations, help us share by rating them on WordPress.org.
Please check the available documentation and search the forums before starting a topic. -
AuthorPosts