Posts tagged with php

Pagination not working in Wordpress blog with WP-PageNavi

Apr 14, 2013 in wordpress, php | blog

TupiLabs website uses Wordpress as backing CMS and blog, and here we have a modified Roots theme with bunch of plug-ins and settings. The pagination of the posts is done with WP-Pagenavi plug-in. When we received a message from José saying that the pagination was broken, we thought it had something to do with WPML, a translation plug-in, used to maintain both languages (en and pt_BR) in the site.

Later we figured out what was causing this error. The error happened only in pages that list categories (blog, news and ideas). In these pages, the function query_posts was being used, and after googling a while we found out that there was an extra argument for pagination.

query_posts(array('category_name' => 'blog'));

Changing the line above to:

query_posts(array('category_name' => 'blog', 'paged' => get_query_var('page')));

Fixed the issue. We also use plug-ins for cache, so we had to purge the pages from the cache in order to see the results. Hope that helps you, in case you have similar problem. Cheers.

TupiLabs Report: 10 Mar, 16 Mar

Mar 17, 2013 in banco-de-talentos, big-data, biouno, codeigniter, data-management, dmc-latam, garagem-vaga, open-source, php, portal-do-software-publico, prospect, prototype, speak-like-a-brazilian, tap, tap-plug-in | news

Here’s the list of the cool things that happened at TupiLabs since last Sunday.

We are working for you

Have a great week and Happy St. Patrick’s Day!! :D

Fixing "XMLHttpRequest Origin is not allowed by Access-Control-Allow-Origin" in PHP and CodeIgniter

Mar 16, 2013 in blog, csrf, javascript, php, speak-like-a-brazilian | blog

Since it has been released, Speak Like A Brazilian had a bug when users voted, but had accessed the site via speaklikeabrazilian.com, and not www.speaklikeabrazilian.com (the latter is the base_url in application/config/config.php).

Looking at the developer console in Chrome, you could see that XMLHttpRequest was having trouble by, what looked in principle, like a security bug. Maybe a cross-domain issue.

After searching the Internet, we’ve found what was causing this issue. Unfortunately I lost the link, but in a StackOverFlow discussion, one user said it had something to do with the CSRF check.

A quick test, where we disabled the CSRF token verification, showed that he was right. But we couldn’t simply disable CSRF everywhere. So if you are facing similar issue, here’s the trick: Create a hook that disables CSRF verification only for a certain URL.

It’s not a very nice approach, but as in Speak Like A Brazilian the votes are linked by IP, there’s no need to keep the CSRF token. Here’s the solution that worked for us.

<?php if (!defined('BASEPATH')) exit('No direct script access allowed');

/**
* Security Class
*
* @package hooks
* @description Disables CSRF token for certain pages.
*/

class DisableCSRF
{

function disable_if_callback()
{
if(stripos($_SERVER["REQUEST_URI"],'/rating/expression') !== FALSE)
{
$CFG =& load_class('Config', 'core');
$CFG->set_item('csrf_protection', FALSE);
}
}

}

And as a side note, we are still in honey moon with CodeIgniter. We have just finished another project with it, and so far we haven’t been let down by this amazing framework. Hope it helps you, in case you have similar error.

Happy St. Patricks Day! And happy coding!