Xen Notices [Deleted]

Hi Chris,
My webhost is complaining about the script used by Gritter. I have disabled it for the time being. Could you please have a look?

Please have a look at your site code, I am getting a lot of logs that scripts are trying to execute malicious code. See the example below.
The script is /js/gritter/jquery.cookie.js
Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "1234123404"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"]
Click to expand...
 
tajhay said:
Hi Chris,
My webhost is complaining about the script used by Gritter. I have disabled it for the time being. Could you please have a look?
Click to expand...
I am sorry that I missed this.

What version are you running? I believe I removed the dependency on this file some time ago.

Also, the script really isn't that much of a big deal. It's just a jQuery plugin that can set and ready browser cookies. I don't see why this is considered a risk.
 
Chris I'm having some trouble with notifications coming back when users log in and out even though I've set Time to hide notification when close is clicked (days): 3. Any suggestions?
 
That is expected behaviour because logging out clears all of your XenForo cookies including those set by Notifications.
 
Chris Deeming said:
That is expected behaviour because logging out clears all of your XenForo cookies including those set by Notifications.
Click to expand...

Dammit, I had a feeling you were going to say that. Is there any way to set a notification to avoid, or work around, that? I don't want to pester the crap out of my members, but I'd like it to popup every few days or so as a gentle reminder.
 
How many people really log out?

I never use a public or shared PC so I never bother logging out. I thought most people would be the same. Of course if they're using multiple PCs then cookies only apply to the current PC anyway so if they use 3 machines they'll get continuously bothered about it anyway until they close it on each one.

There is one alternative.

Set the notification hide period to 0 (this just sets a cookie for the current session - so until the browser is restarted). But allow the Notification to be dismissible.

The idea of dismissing a notification is to permanently hide it. This is done at the database level so it will not be affected by logging off or moving to a different PC.

Each Notification has a "Reset Notification" button. This will reset the notification for anyone who has dismissed it. Meaning, it will come back until they dismiss it again.

Of course it requires some manual intervention from you every few days, but it may be more robust than relying on cookies.
 
Hello Chris

Is it possible to:
1. run the notification for x days
2. run the notification on date xx-xx-2013 for x days

That would be perfect for advertising campaigns
 
Yep, like Notices you can use the Date Criteria tab.

2StHsnR.png


The configuration in the screenshot above will display the notice from 00:00 UTC on the 9th May to 00:00 UTC on the 10th May.
 
The option: Time to hide notification when close is clicked (days)

when it is set to x days the notification will be hidden as required But when setting it back to 0 days the notification will not come back even if Reset Notification Botton is hit, the only way to bring the notification back it to clear the browser cookies, is that a bug?
 
Chris Deeming said:
How many people really log out?

I never use a public or shared PC so I never bother logging out. I thought most people would be the same. Of course if they're using multiple PCs then cookies only apply to the current PC anyway so if they use 3 machines they'll get continuously bothered about it anyway until they close it on each one.

There is one alternative.

Set the notification hide period to 0 (this just sets a cookie for the current session - so until the browser is restarted). But allow the Notification to be dismissible.

The idea of dismissing a notification is to permanently hide it. This is done at the database level so it will not be affected by logging off or moving to a different PC.

Each Notification has a "Reset Notification" button. This will reset the notification for anyone who has dismissed it. Meaning, it will come back until they dismiss it again.

Of course it requires some manual intervention from you every few days, but it may be more robust than relying on cookies.
Click to expand...

I think its more of an issue with members who clear their cookies constantly, or aren't checking the 'keep me logged in' box. I'll look into the alternative. Thanks.
 
xmlxp said:
The option: Time to hide notification when close is clicked (days)

when it is set to x days the notification will be hidden as required But when setting it back to 0 days the notification will not come back even if Reset Notification Botton is hit, the only way to bring the notification back it to clear the browser cookies, is that a bug?
Click to expand...
The Time to hide notification option is purely cookie based so the Reset Notification button will have no effect.

If it is set to 0 days then the notification should come back when the browser is closed and opened again. It sets a session cookie. You shouldn't need to clear the browser cookies.
 
Chris Deeming said:
If it is set to 0 days then the notification should come back when the browser is closed and opened again. It sets a session cookie. You shouldn't need to clear the browser cookies.
Click to expand...

I have tried it in IE10, firefox and Google chrome in localhost, setting the option Time to hide notification to x days then setting it back to 0 days does not show the notification any more unless i clear the browser cache, can you confirm you dont have this issue?
 
I don't have this issue.

I have just set up a test Notification on my site, http://xenmediagallery.com that only shows to guests.

Can you go there, close the notification and then see if you have the same issue?

For me, I close the notification and it re-appears after I close my browser and open it again.

And that is because of this, this is the cookie it sets:

9er36su.png


Notice the cookie is called xf_notification_2 and the Expires column says "Session"?

A session cookie is only valid until the browser is restarted.

It's definitely working correctly for me.
 
Chris, have you tried setting Time to hide notification to x days then setting it back to 0 days ?

Every thing is working perfectly for this great addon untill I touch Time to hide notification option
 
Yep that particular notification was at 3 days up until a few hours ago when I set it back to 0.
 
You must log in or register to reply here.

Similar threads

ThemeHouse
[TH] Notices Plus [Deleted]
Replies
7
Views
1K
Ozzy47
Ozzy47
RobinHood
  • Question Question
Can you use Xen syntax in notices?
Replies
2
Views
709
RobinHood
RobinHood
Steve F
Sign Up / Welcome Notice [Deleted]
3 4 5
Replies
97
Views
18K
Steve F
Steve F
Top Bottom