In a test app I've set up an object (race) and an action (run). I'm now trying to set up a story that combines both of these.
Ideally the race object references a place on my app. But I've been experimenting with many configurations trying to get this to work — none successfully.
In the 'edit attachment' popup is a field 'highlighted points'. I believe this should provide a dropdown list of selectable options? It currently is not, and if I type free text into this field, it is not saved.
What am I doing wrong?
The race page on my app includes the following:
And the course pages include
>>>' />
>>' %> />
On Facebook, course is configured as a Place, race has the course property assigned. But I am unable to select race.course:location in the map popup.
I have also tried various configurations, including defining the lat/lon explicitly on the race page and defining appropriate properties on FB.
I am still unable to select the highlighted points value.
Am I missing something?
Have a look at the answer at
Open Graph Map layout
This should be able to guide you.
Also
https://developers.facebook.com/docs/reference/opengraph/object-type/place/#properties
Related
So, I am trying to set the target ID for an elementor template using a short code ... e.g. can I use a shortcode like: [elementor-template id="15639" postid="9999"]?
Here my intention is to reuse an elementor template which pulls the data from post #9999 into the template. The next one might be #10078, etc. Is this possible? I can't seem to find the answer or I am searching for the wrong terms. Thx much! --Dano
P.S. The elementor template I created uses a Modal Widget, so the user can click a thumbnail (from post #9999) and then get an enlarged image (diagram) + all the data regarding the diagram (using ACF). To be clear, I am using a single post template type, NOT an archive. I don't want to create many elementor templates. I want one template that reuses the post data from a preset ID. Of course, the current page or post (that the user is on) is not the target ID I need, thus my question ... Maybe I need a custom query that will allow me to set a target ID in the shortcode?
Thx in advance!
I created an extension with the extension builder.
On saving I get this message:
The object was updated. Please be aware that this action is publicly accessible unless you implement an access check. See https://docs.typo3.org/typo3cms/extensions/extension_builder/User/Index.html
How can I fix this issue? Yes I read the page but there are no useful hints.
Since the question is how you can "fix the issue": There is no issue, it is a warning, you can remove it and make your request secure. (As in the other answer.)
The "hint" on the page is actually very straightforward. The "issue", that a user is able to manipulate the url and make the server to execute a not wanted action.
Here is an example:
You have a list of users of your page and you can open thier public porfile for more information:
https://yourdomain.com/list/?tx_ext_plugin['action']=show&tx_ext_plugin['userId']=41.
So if I want to make some trouble, I change the action "show" to "delete" and may I am able to delete the poor user "41" from the db. That is bad.
https://yourdomain.com/list/?tx_ext_plugin['action']=delete&tx_ext_plugin['userId']=41.
So since it is you business logic typo3 offers no out of the box solution for this. That is why this warning from extension builder says, that you need to make actions to prevent misuse.
Regarding how to implemnt a better security here are some thoughts about the Access Control and some ideas what to implement in your actions:
1) FE
You can separate your actions into different plugins. So if you have a public list action it can not be modified to the plugin that responsible for the delete action. How is it possible? TYPO3 will look the page record in your database. And will render it, and if there is a plugin on the page with the signature "tx_ext_plugin" then it will get the sent parameters. In this case you have the possibility to add the different plugins to different pages so changing the signature of it for an attacker won't help, because:
If the delete action is not registered by the plugin, TYPO3 will
throw an exception.
If you are trying to change the whole signature the page won't be able to identify the plugin.
You can add the edit / delete plugin to pages where a user has to be logged in. You can even manage multiple usergroups. Like normal user can only edit its profile, but a premium user can make further changes. You can use in fluid a view helper IfHasRole that can show parts of your template for defined user groups. (There is an ifAuthenticated ViewHelper too)
You can take the extension "femanager" as an example. There is a controller "EditController", that covers actions like "update" and "delete". For example before making the update action there is a check if the logged in user has the same user id as the record which going to be changed. If you have a complex example you can make a check on the user group also.
2) BE
It is actually almost the same as frontend.
BUT instead of plugins / user groups assigned in page settings. You can use different mountpoints, so BE users can not see folders where they are not allow to edit / delete.
You have those two ViewHelper for the BE too. There names are: f:be:security.ifAuthenticated and f:be:security:ifHasRole. However ifAuthenticated is also for FE, in a BE context it does not make sense.
You have also the possibility to identify the id and userGroups of the BE user and you can make your own checks before you let an action run.
You have also the possibility to turn on / off a module for a certain BE group.
+1: It is nothing to do with any action but just to list it too. There is also the possibility to allow / disallow field for BE Users by editing a record through the List mode in the BE.
Extension builder creates dummy actions to update and create records. Those example actions do not contain any security checks, whether the caller actually is allowed to do so.
So it is your job to add adequate access control to those methods. E.g. make sure the current user (be it Frontend or Backend) is actually allowed to update the model in question.
I have a form on the home page of quotedjobs.com that I would like to persist the field values of across pages.
For example: A user enters some values in fields, such as job title (textbox), job type (list) and job description (text field). Underneath that I ask users to register on the site, but they have the option to click a link to allow them to login if they are already members.
What I would like to be able to do, is to redirect users to another form that is a copy, but allows them to login instead of register, but keep hold of the values that they entered in the title, type and description form of the previous page so they aren't losing their work.
I have seen the ninja_forms_processing variable in the docs, but I'm not clear on how to use that.
TL;DR - You can't.
As it was slim pickings here, I sent an email over to support. Got this response:
Hello,
At this time this use case is not possible in Ninja Forms. The plugin is currently unable to transfer data from field to field or between forms.
I’m sorry that we do not have a better solution for you at this time.
Thank you,
I cant figure this one out, i have built a site with an e commerce system and i want visitors to be able to like an individual product and thus that product be added to their feed.
I have added all the open graph code to the relevant place, but when someone clicks "Like" is shares a default thing rather than the perticular product. this is the one i have been using for an example
https://pinnaclesupplement.co.uk/index.php/shop/168/10/weight-gainers/serious-mass-2-72kg-detail
so I tried using the facebook debugger to see if i could figure it out, but thats is showing the correct info and exactly what i want to show up on peoples feeds! here is a link for that.
https://developers.facebook.com/tools/debug/og/object?q=https%3A%2F%2Fpinnaclesupplement.co.uk%2Findex.php%2Fshop%2F168%2F10%2Fweight-gainers%2Fserious-mass-2-72kg-detail
You have your Like button set up to point to http://www.pinnaclesupplement.co.uk – so when people klick like, they only get the “default thing”, your basic site’s description.
If you want customers to like a specific product page’s URL – then you should point the href parameter of the Like button there.
I asked a similar question earlier, but it was one of a bunch of questions, most of which I later solved. So I figured I would create a new question only about this.
In developers.facebook => $MY_APP => app settings => open graph => dashboard, you have options to manage your actions and objects. When I try to edit an action, for example by changing its name, or the object reference it points to, these changes wil ostensibly be saved, but when I refresh the page, it will not have the changes (for the object reference) or the url for the object will not change (for changing the action name).
For example,
When I change the name of action1 to action2, from "get code" the page will still be
https://graph.facebook.com/me/myapp:$action1
Furthermore, calling myapp:$action2 will not work, and when I call myapp:$action1 the action that shows up in my timeline is still $action1.
I may also wish to change the title of my object, from say title1 to title2. However, when I try to change the action so that the reference is to title2, the changes refuse to save.
Is there a solution to this, or should I just delete everything and start anew without making mistakes? I tried deleting the actions and objects and making new ones with the old names, but the moment a make an action with the old name all the old fields are filled out and I can't change them again.
Thanks.
EDIT: to change url and name stuff, those are in advanced options inside the action type edit page. Thanks Paul for pointing that out.
The graph api name is in the Advanced section of the ActionType edit page.
For your second question, I don't really understand why your Object Type name won't change. Do you mean the value of og:type isn't changing or the "Name" field? The second one is also in advanced.