I am rebuilding this site (click to read more)
Jump to content

Articles

wdfw w ff wdf sfsfd sfdwdfsdfwerw r werw erwe rwe rwer werwer werw erwer we r we rwerewrwe rwe rwer wer werwer werwe

My Articles
Community Articles
Guest Blogging Information

My Articles

Show all categories

Critical Wordpress plugin bug compromise hosting accounts for thousands of users

A critical bug in the popular Wordpress plugin wpDiscuz allow users to upload and execute code remotely. This is because of a bug in the file mime type detection that allowed any file type to be uploaded. This open up the server to remote code execution (RCE) that could result in the entire server being compromised. 
The vulnerability was reported to wpDiscuz's developers by Wordfence's Threat Intelligence team on June 19 and was fully patched with the release of version 7.0.5 on July 23. Since then 25.000 users have downloaded this update, leaving at least 45.000 sites still vulnerable from this bug.
According to Wordfence threat analyst Chloe Chamberland, the security flaw is rated as critical severity with a CVSS base score of 10/10.
Disclosure Timeline
June 18, 2020 – Initial discovery of vulnerability. We verify the Wordfence firewall provides protection against exploit attempts and we make our initial contact attempt with the plugin’s team.
June 19, 2020 – Plugin team confirms inbox for handling disclosure. We send full disclosure details.
June 20, 2020 – The plugin’s team let us know that a patch will be released in version 7.0.4.
July 6, 2020 – Follow-up as no patch has been released.
July 10, 2020 – They respond to let us know a patch is coming in 1-2 days.
July 13, 2020 – Follow-up as no patch has been released.
July 15, 2020 – They respond saying a patch will be released by the end of week.
July 20, 2020 – A patch has been released. We check the patch and see that vulnerability is still exploitable and inform them.
July 23, 2020 – A sufficient patch has been released in version 7.0.5
 
If you are using wpDiscuz you should upgrade emediately to avoid having your server compromised.
Jimi Wikman
💫 Jimi Wikman

JWSE Year 2 - moving forward yet another year

Today is my birthday. It is also the first birthday of this website after I converted it to use Invision Community. This last year have been filled with ups and downs, not just in life but the entire world seem to be having trouble finding it's footings. As I move into year two of the latest incarnation of this website it is time to find that footing again, at least for this website.
When I started the conversion last year it was just another experiment. A way to try out the good old Invision Community again. Something I have done on and off since 2002 or so, but never really stuck with. What I found was that Invision Community was working very well for me now. The many years had matured Invsion Community as a product and as I got deeper into the template system it really appealed to me as it allowed me a creative freedom that not even Wordpress can match.
In this last year I have created hundreds of blogposts, hundreds of videos have been added and I have recreated my entire swedish blog again. I have built several databases such as the Awesome People section and My Projects section. I have also had a few setbacks such as loosing all graphics for some strange mishap at my hosting company and also had my account ravaged by virus due to the presence of my old Wordpress site. This has since been corrected and I am now on a new webhost and I have setup an AWS hosting for images (which also cost me dearly due to a script malfunction, but that has since been corrected).
Over all it has been a good year, filled with exploration and learning. My passion for front end development have been reignited and my passion for design has also returned. The writing comes and goes, but overall I feel good about it and i feel that it is far easier to write using Invision Community than it is to use Wordpress. It suits me better I think.
 
Moving forward
Last year I wrote some goals for this website in the form of short term, medium term and long term goals. These goals are still valid and while I have created the databases and I have a design that works for at the moment, I will rebuild this design again as part of the 4.5 upgrade.
Short Term Goals
My short term goals is to upgrade the site to version 4.5. With that comes some new features, but the main goal is to reset the structure and design  bit. I have played around and experimented a bit in the last year and it is time to clean that up now. So the first short term goal I have is to build a new design, recreating the current design for the 4.5 version. This includes building some new templates that I need for certain databases, but also organize the databases properly.
One of those templates I want to build is to recreate the block design I currently use for this blog. It is based from a purchased application and as much as I like it, I do not need the functionality. I also want to build a design I can understand fully and can control rather than relying on someone elses design. I also want to experiment a bit and use css grid, flexbox and maybe even currentColor, which will be superfun I think.
The second template is a listing template that I will use for things like My Education and if I decide to add a reference feature, like the CSS reference on w3schools. It will be a very simple template, but very useful for different types of listings.
Another short term goal I am working on right now is to update all the projects in My Projects and rebuild My Gallery section.
Medium Term Goals
The medium term goals will be to create the information for guest blogging and about this site.  About this site is not just for the visitors as I also need to define what this site is for myself. I also need to figure out who I build the site for so I know what to create for them. For this purpose I am starting to create sort of a personas gallery for myself, which is actually already helping me focusing the content a bit.
Guest blogging is probably not going to take off that much in year 2, but I still want to make sure it is easy to understand how to do it. Having a page and instructions on what it means to guest blog is just a first step however. I still need to build a few things to make it valuable for the guest bloggers so I can repay them for their contributions. I have create a new user group just for authors and I am considering to build a new database for them as well.
With the My Projects on it's feet I will take another look at My Roles. I realize that it is quite easy to build a CV - like structure by connecting to the My Projects database. So I will build a new template for this later this fall and combine that with acual CV's as time permit.
Long Term Goals
The long term goals for year 2 will be to create more content that is helpful. What I mean by that is that much of what I write here is mostly for me. It is news that I think is interesting and my own thoughts mostly. While that is good and fine, I also want to make sure that I add content that can help and inspire. Things like short tutorials, downloadable graphics and inspiring posts on new tools or practices is probably more useful for a visitor, so I will focus a bit extra on that in year 2. It takes a bit more time and energy, but I think it will be worth it.
I get a lot of questions on how I built this site, so I am going to write more about that. I know how hard it can be to get started with Invision Community as the information is a bit scattered, so if I can help people get started, then that would be great.
Overall the long time goal is still to provide useful information and resources to make people want to come here. The long time goal is also to use this site as a way to keep my toes wet in the front end development area and the design area primarely.
These long term goals always balance against me having fun. This site can never be a source of stress, that would defeat it's puprpose. Slow and steady progress over perfection as time permit is key. As is doing this with love, not obligation because this is a website created to satisfy my need to write and create. Nothing more. Nothing less.
Onwards to year 2 with new adventures and discoveries!
Jimi Wikman
💫 Jimi Wikman

How to add database relationsship with design in invision community

Database relations in Pages is a very powerful way to bring content from different databases into entries of ther databases. In this example I will show you how I added the People in project area in My Projects.

Creating the Database
I started by creating a new database called "People Profiles". It will be a database just to hold the data as it will not be publicly presented anywhere outside of the My Projects area. just to make it easier to work with I created a page and added the database to it. I also made the page available only to me so I can use it, but it will not be visible to anyone else.
Then I decided on the fields that I wanted to use. I want to use an image, so I activated the record image. Then I went through the data I wanted to add:
Name Title Awesome URL Linkedin URL Instagram URL Twitter URL Homepage URL Working area These are the basic fields. I realized thad I will probably have multiple versions of the profiles depending on when in time I worked with them. To search for the correct profile I would need more information, so I also added a Long Title that i se as the title field. I also added a Notes field to act as the Content field in case I wanted to scribble something down for myself.

 
Setting up a Database Relationship
After I added a few profiles it was time to bring them from the People Profiles database into the My Projects database. The first step was to add a new field into the My Projects database of the type "Database Relationship". When creating that I have to choose what database I want to create the relationship to, so I selected People Profiles. In the settings for display options I set a template key so I can reference it later and I unchecked the show in listing template and show in display tempate.

 
Adding the database relationship in the template
As I have selected not to display anything in the listing or display templates nothing will happen yet. So new we have to add this to our template for My Projects so we can show the data where we want it. So we head over to Templates in Pages where I have created my own template set for My Projects.
 

 
Adding custom fields are done by adding a code line. There are some variations on this, but I will not into it in this post. This is the code:
{$record->customFieldDisplayByKey('your custom field key', 'display')|raw} As you only want to show this field if it is actually not blank, then we wrap that in a condition to only show if it is not blank:
 
{{if $record->customFieldDisplayByKey('your custom field key')}} {$record->customFieldDisplayByKey('your custom field key', 'display')|raw} {{endif}} In my case I also wanted to add some styling and a header. So my code looks like this:
 
<!- People in Footer --> {{if $record->customFieldDisplayByKey('project_people')}} <div class="project_people_footer"> <h3>People in the Project</h3> <div class='ipsGrid ipsGrid_collapseTablet'> {$record->customFieldDisplayByKey('project_people', 'display')|raw} </div> </div> {{endif}}  
Defining the output in basicRelationship
Now that we have included the data from the People Profiles database you will see that it is just a link. We want to have more data than that so now we must define what data we want to pull from that database and how we want that to be displayed. We have to do that be editing a theme file called basicRelationship. So we head over to our Theme folder and click the "Edit HTML and CSS" icon to get into the templates. Then under CMS->Global you will find the basicRelationship file.
 

 
This file is a bit tricky because it defines all database relations. In order for us to target specifically the data coming from People Profiles we need to figure out what ID that database has. We can do that from Pages under Content->Databases which will list all database. If you hover over the edit button over your selected database, then you can see the URL at the bottom of your screen with the ID of the database at the very end.
 

 
With the ID defined we can add a bit of code to make sure we only target specific databases with our changes:
{{foreach $items as $id => $item}} {{if $item::$customDatabaseId == 19}} <!-- People database --> {template="BasicRelationship_PeopleProfiles" app="cms" group="basic_relationship_templates" params="$item"} {{elseif $item::$customDatabaseId == 16}} <!-- Author database --> {template="BasicRelationship_author" app="cms" group="basic_relationship_templates" params="$item"} {{else}} <!-- all other databases --> <a class="ipsPages_csv" href="{$item->url()}">{$item->_title}</a> {{endif}} {{endforeach}}  
Creating Theme Templates instead of just using basicRelationship
In this code I have added 2 databases (19 and 16) and then I have a fallback for all others at the end that will show the default link. While it is very possible to add the code directly into this template I have used a different approach and instead created separate templates outside and then referenced them in the basicRelationship. This way I can work on the content for each database in a more focused way and the basicRelationship becomes a bit easier to overlook.
In order to create a new template you go to Create New at the bottom of the template listings. Select HTML template and then fill out the form accordingly.
Name - the name of the template. Variables - We add $items here since that is what is defined in the foreach loop in basicRelations. Location - Here we select front to place the template in the correct section. Group - I suggest you create your own group here so it is easier for you to find later. Application - Here we select Pages
If you have done this as I have then you will have your new template located under CMS->Front->basic_relationship_templates. If you have selcted another group, then that is where you will find it instead.
 

 
Adding data to the theme template
Now that we have a template for our connection between the databases, then we can start adding the data to it that we want to show in My Projects. This is done in a very similar way as when we add the data to the entry templates. Instead of using $record however we use $item:
{{if $item->customFieldDisplayByKey('your custom field key')}} {$item->customFieldDisplayByKey('your custom field key', 'raw')} {{endif}} As I added the default record image that is called a bit differently:
{file="$item->_record_image_thumb" extension="cms_Records"} You can also reference the title field and the content field with a shorter tag:
{$item->_title} {$item->_content|raw} In my current code I have nested the fields a bit and I have used the field for working area pretty sloppy, but I think you get the general idea.
<div class='ipsGrid_span2 people-profiles_card'> <div class="people-profiles_image {{if $item->customFieldDisplayByKey('working-area')}}{$item->customFieldDisplayByKey('working-area', 'raw')}{{endif}}_image"> <img class="ipsImage {{if $item->customFieldDisplayByKey('working-area')}}{$item->customFieldDisplayByKey('working-area', 'raw')}{{endif}}" src="{file="$item->_record_image_thumb" extension="cms_Records"}" class=" {{if $item->customFieldDisplayByKey('working-area')}} {$item->customFieldDisplayByKey('working-area', 'raw')} {{endif}} " /> </div> <div class="people-profiles_Name"> {{if $item->customFieldDisplayByKey('people-profiles_Name')}} {$item->customFieldDisplayByKey('people-profiles_Name', 'raw')} {{endif}} </div> <div class="people-profiles_Title"> {{if $item->customFieldDisplayByKey('people-profiles_Title')}} <span class="{{if $item->customFieldDisplayByKey('working-area')}}{$item->customFieldDisplayByKey('working-area', 'raw')}{{endif}}">{$item->customFieldDisplayByKey('people-profiles_Title', 'raw')}</span> {{endif}} </div> <div class="people-profiles_links"> {{if $item->customFieldDisplayByKey('people-profiles_Awesome')}} <a href="{$item->customFieldDisplayByKey('people-profiles_Awesome', 'raw')}" class="people-profiles_Awesome"><i class="fas fa-id-card"></i></a> {{else}} <i class="fas fa-id-card"></i> {{endif}} {{if $item->customFieldDisplayByKey('people-profiles_Linkedin')}} <a href="{$item->customFieldDisplayByKey('people-profiles_Linkedin', 'raw')}" class="people-profiles_Linkedin"><i class="fab fa-linkedin"></i></a> {{else}} <i class="fab fa-linkedin"></i> {{endif}} {{if $item->customFieldDisplayByKey('people-profiles_Instagram')}} <a href="{$item->customFieldDisplayByKey('people-profiles_Instagram', 'raw')}" class="people-profiles_Instagram"><i class="fab fa-instagram-square"></i></a> {{else}} <i class="fab fa-instagram-square"></i> {{endif}} {{if $item->customFieldDisplayByKey('people-profiles_Twitter')}} <a href="{$item->customFieldDisplayByKey('people-profiles_Twitter', 'raw')}" class="people-profiles_Twitter"><i class="fab fa-twitter-square"></i></a> {{else}} <i class="fab fa-twitter-square"></i> {{endif}} {{if $item->customFieldDisplayByKey('people-profiles_Homepage')}} <a href="{$item->customFieldDisplayByKey('people-profiles_Homepage', 'raw')}" class="people-profiles_Homepage"><i class="fas fa-home"></i></a> {{else}} <i class="fas fa-home"></i> {{endif}} </div> </div>  
This guide should help you to bring in the data from any database into another database with the styling of your choice. I know this is a pretty short and not very detailed guide, but I hope it was useful anyway. Please add questions and I will improve upon the guide where I am jumping a bit to fast.
Happy coding!
Jimi Wikman
💫 Jimi Wikman

10 Questions You Should Ask When Hiring a Magento Developer

Magento is one of the most popular e-commerce platforms that are out there, famed for providing no limits when it comes to customizing your online store. Whether you’ve decided to build your store from scratch, wish to optimize or migrate the one that you have, you won’t make it without some professional help of specialists. In this article, we give you tips on how to hire expert Magento developers and which questions to ask them.
Tips on Hiring Magento Developers
Before stepping to the questions, it’ll be helpful to know a couple of things about the process.
There are many specialists all around the globe, and you need to know who you’re looking for as the developer services can differ based on what you need: migrating the store, building it, optimizing it, etc. Having a clear vision of what you need specifically makes up almost half of the deal. Make emphasis on experience with similar projects to the one that you’re planning, this can eliminate some unneeded questions or blind spots. Keep in mind the time-lag if you’re hiring someone on the other side of the world. Which Questions to Ask a Magento Developer
Now that we’ve given some general recommendations of where to look for Magento developers and what to keep in mind as you’re searching, let’s move on to the actual questions you can ask and why you should do so.
 
1. How many years of working with Magento do you have?
Speaking about Magento development, the experience of actual work on the platform is the key factor to pay attention to. Because Magento isn’t easy to get in the hang of, it can be challenging to understand and master even to those who have many years of general development behind their shoulders or to those who are good at PHP.
The more years of hands-on work that the developer (or team) has with Magento the better. The reasons for that include the quality of code that is produced as well as the wider range of tasks and issues that could be taken care of. Importantly, make sure those who you’re considering to hire have plenty of experience with the Magento 2 platform, as Magento 1 (the previous version) differs from it big time.
That said, you’d surely want your developer to know how to sidestep a problem, avoiding it before it even arises, as well as to have the necessary knowledge to fix things quickly and efficiently in case something goes wrong. 
 
2. Are you Magento certified?
To be fair, having Magento certification is not an obligatory requirement. Yes, on the whole, certification is a big plus since it somewhat proves that the candidate has the needed knowledge, and that he/she took the time to confirm having it. Nevertheless, although there are many types of Magento certificates out there, some of the questions that the tests include to get the certificate are outdated and don’t cover the recent turns such as PWAs (Progressive web applications).
So, if the person in front of you is officially Magento certified, that’s wonderful. If not, that shouldn’t become a ground-breaking reason not to consider them for the job, especially if they could boast having plenty of Magento 2 experience under their belt.
 
3. How well do you know Magento 2 architecture?
As mentioned earlier, Magento isn’t a piece of cake. This question is especially relevant if you don’t understand which Magento (1 or 2) the person who’s before you has worked with. Magento 1is becoming outdated, and everyone is either making the move to Magento 2 or building ground-up on it. Consequently, it is vital to dot the “I’s” regarding where the candidate stands in terms of Magento 2 architecture knowledge.
Like already stated, Magento 2 architecture is radically different from Magento 1. It’s quite hard and time-consuming to figure it out too if you’re just getting acquainted with it (roughly, you need about a year to hold up well). This is why you should definitely be on the lookout regarding this. 
 
4. Have you ever migrated a Magento 1 store to Magento 2?
As you’ve probably guessed by now, moving a store that was created on Magento 1 to Magento 2 is a very complicated problem to solve. The thing is that in order to cope with the task successfully and within adequate time frames, the developer (or team of developers) should be equally witty in both of the platforms. They need to know M1 and M2 like the back of their hands, keeping in mind all the features and elements that the two differ in. They have to be able to carry out loss-free data moves, come up with custom solutions, deal with the compatibility of modules, among other things.
Thus, if the candidate has migrated Magento previously, that could be a good sign. You may ask about what was challenging, how long the process took, and look at the website.
 
5. Which progressive JavaScript frameworks do you know?
What’s for progressive JavaScript frameworks, knowing React.js or Vue.js, for example, is noteworthy. Having such skills, developers are able to make UI components that’ll be reusable for sites and applications.
 
6. Do you have experience with Magento’s PWA Studio?
Progressive web applications are a highly popular and promising trend in e-commerce. Because the solution offers an affordable replacement for native apps and allows your website to work like an app (even offline), at the same time being fast, responsive, and accessible by search engines, it’s a solution that many store owners want to get ahold of. Ask your developer whether they’ve built PWAs and their thoughts on the subject.
 
7. Which of your former Magento projects was the toughest/are you most proud of?
Browsing real examples of work is yet another great option. CVs and portfolios might be packed with information, so fishing out some specific highlights can do you good. You can ask which aims were set, how were they handled. Pay additional attention to the points that are connected with custom solutions and configuration.
On another note, make certain that the portfolio in front of you actually reflects the work of the specific candidate and that it’s authentic, you don’t want to waste your time on something that’s claimed to be theirs but really isn’t. You can attempt in contacting the company and ask them a few questions.
 
8. If you were to give advice on Magento optimization what would it be?
Let’s face it, if you’re running a business in the sphere of e-commerce, you want your online store to be performing at its best. Time is moving forward, technology is evolving, new trends are established. This means that you’ll need optimization so that your store is viable, fast, findable via search engines, provides a great user experience, etc.
Some replies that can count here would surely include recommendations on optimizing website speed, improving the product search, and reworking the checkout. At times just several touch-ups can already make a change for the better.
 
9. Do you provide support after the site’s release?
Knowing that your developers will have your back after the release also helps. After all, if there will be a situation when you’ll need urgent assistance, having a service level agreement with your developers wouldn’t hurt. For this reason, settling from the very start the “what happens after the release” matter is in your interests.
 
10. Do you mind preparing a test assignment?
It is considered good practice to offer a test task to the specialist who you’re planning to hire. After all, it’s your chance to see the person in action. One of the ways to do that is to request to solve an actual issue that you have or to turn to specialized platforms that were created for test assignment purposes, for example, Devskiller.
 
All in all, approaching the matter of hiring a Magento specialist for your project is very important. Ultimately, these people will be entrusted to deliver a product that’ll influence your business. We hope that this guide will help you when searching for your perfect match!
Alex Husar
° Alex Husar

Portfolio for Jira is now Advanced Roadmaps for Jira Cloud Premium users

The requests to get Portfolio for Jira for Cloud users have been loud and finally Atlassian released a Cloud version. They also made a very odd choice to rename Portfolio for Jira to Advanced Roadmaps and place it behind the Cloud Premium barrier.
Portfolio for Jira has long been the better choice for Jira Server and Jira DC users. The features have been perfectly suited for managers to keep an overview over large programs and initiatives with relative ease. As such it has been the envy of Cloud users for years and it comes as no surprise that Atlassian would port this to Cloud given their focus on the cloud platform lately.
Renaming Portfolio for Jira is also no surprise as it confuse managers with two portfolio products where the high level Portfolio tool Jira Align is the product Atlassian seem to want to focus on. Renaming it to Advanced Roadmaps is however a very strange choice as it is not a simple roadmap tool. It also make the naming confusion shift from Portfolio to Roadmaps as Cloud users have been using the limited Roadmaps feature for quite some time.
The new Advanced Roadmaps is only available for Cloud Premium users. This makes sense as Atlassian want to push users into their new price model. Currently there is not much that would warrant double the price for Cloud Premium so Atlassian need something that is enticing enough for users to make the shift. Advanced Roadmaps could be one of those features, but they need more as Advanced Roadmaps cost $2.3/user and month at it's lowest level and Cloud Premium cost an additional $7/user and month.
Feature wise Advanced Roadmaps is still great with the two main selling points of great overview and the ability to scale the issues with more levels. Here are some of the selling points from Atlassian:
With the changes coming to Roadmaps where all projects will get them, and not just Next-Gen projects, combined with the promise that Advanced Roadmaps will somehow be connected to a more comprehensive whole this could be a pretty good thing for Cloud Premium users. Adding Advanced Roadmaps to Cloud Premium will now add the ability to scale issue types beyond the standard 3 levels, which is something people have asked for for a very long time.

Will it be enough to warrant the high price tag for Cloud Premium? I doubt that as Advanced Roadmaps is only really useful when you pass a certain number of teams. Doubling the price tag will probably discourage most low to mid-range clients. The fact that you can only have a 7 day test version and that you need to setup a new cloud instance to even test this if you are on a regular cloud plan is also a problem. With more features added into Cloud Premium however I think more and more will make the shift over to that.
Overall this is a good new addition and package it with the Cloud Premium offer will make it more accessible and therefore used, which is a good thing. It's a bit sad to see Atlassian being so aggressive in their way of forcing cloud users into their Premium tier that is making some old customers a bit annoyed, but I think it will be good in the long run.
Jimi Wikman
💫 Jimi Wikman