Need random number generated in html for embedding into iframe - django

I am using this embed code for a site. The site is a Django site. I apologize if my terms are wrong, I'm not a developer. . Periodically I return to the site and the graph will not display, but the logo from the host site does. I suspect that it's a caching issue. I tried "no-store" but I'm not sure if I pasted it in properly.
I want to add a random number generator to the embed code. In my mind that would be similar to a refresh - again, not a programmer. Django strips css and possibly more. Can anyone either solve my problem or write the random number generator to make the "border-width" 1, 2, or 3? Here is my site with the bug. https://www.twelvebridges.com/twelve-bridges-market-report/. I encounter the bug on Chrome on a macbook. Never the first visit and a refresh solves it every time.
I tried "no-store" but probably in the wrong place. I tried Classic Cache Killer as a Chrome extension on my site. I added a gif on the site even though I cannot really articulate what I thought that would accomplish.

Related

Video site using Wagtail

Want to build a video site like YouTube or peer tube but on my lan completely private, basically I want to pretend my kids are online when their not... plus a good project to learn.
A video based website would be easy to make. You could do this quite easily with a few Wagtail Pages, uploading videos as Documents and using a DocumentChooserPanel to select a video on each page.
To get started you'll want to start in two places:
The wagtail docs, available at http://docs.wagtail.io/en/latest/getting_started/tutorial.html, and
For additional tutorials https://wagtail.io/course/
Take it slow at first, get your virtual environment setup. Then move on to creating your first Wagtail Home Page and adding a few custom fields, then make them show up in the home_page.html template.
For future reference, when you ask questions on StackOverflow (or anywhere else) make sure you add more detail to your question. Including what you've done/tried so far, your end goal, or any problematic code you're working on will help you get answers faster and it'll generate better answers than mine.

Facebook Share showing incorrect info when the debugger is correct

First post on StackOverflow, so please forgive any protocol lapses!
I've found similar problems to the one below elsewhere on SO, but none that's an exact match, nor a solution that hits the spot.
I have a client site with FB Share and Like buttons, all of which work perfectly on straightforward named pages. In the case of the shop and blog pages I need to use a querystring, which works perfectly on other sites, but not this one! I've run the FB Debugger on the affected pages and all looks hunky dory.
Here are two example pages with the problem:
http://www.fabniki.com/productdetail?pid=251 and http://www.fabniki.com/blogdetail?id=327&p=1.
In the case of the shop item, the text Facebook is showing isn't even on the page. I've tried clearing cache, forcing an FB cache refresh etc.
My own site uses a similar querystring system for my blog, and this works absolutely fine with Facebook shares and likes.
I'd be very grateful for any suggestions!
OK, the problem was - unsurprisingly - entirely of my own making. I'd allowed myself to get bogged down in the debugger, which looks at the exact URL you paste into its input field. If you're sufficiently idiotic, it may not occur to you to check if this is the actual value being passed to FB by your Like and Share buttons. Doh!
Thanks to some excellent support from FB developers, the problem was spotted and corrected with only minor dents to my ego.
I wanted to answer my own question, a) to avoid wasting people's time and b) to give Facebook Support a bit of appreciation for a change!

CF Admin showing the root website

My CFIDE just went crazy this morning and I can't locate the what is causing this. When I log in from example.com/cfide/administrator/index.cfm some of the tabs on the left work fine and some are showing the index page of example.com like in an iframe... I restarted the app server but the issue is still there. Any recommendations on how to debug this thing?
So for posterity here is what we found.
There are two possibilities of exploits that could be affecting you:
the bitcoin exploit (miner.d)
the ckeditor file upload exploit (this is the h.cfm file)
There are others but these are common and known. Both tap underlying java to unfold work that either calls something more sinister, delivers server meta data or unrolls a scheduled task to fireoff worker bees to consume resources doing something the admin is unaware of.
So as we discovered we have a varietal of this h.cfm called fusebox.cfm (obfuscated with bonus encrypted CF5 garble). If you can open the file you will see that h.cfm file and open it you will see UGLY and Obfuscated code but not very sophisticated. A lot can be revealed by a coder's code and if you deconstruct and format this particular code you will discern that the developer is not native to CF, and jumps from script style to CMFL style (in caps no-less).
(here is the Stack Overflow link with the raw code (be careful))
It is also named: i.cfm, h9.cfm, r.cfm, adss.cfm or fusebox.cfm here is the black hat page that give you a ton of info. I'm viewing the cached site because I don't trust the blackhat sites. (because one loaded something on my system that raised an antivirus alert).
The file may be unreadable so here is a link to a site that describes some github sourcecode that can decrypt it for you. That is Coldfusion 5 crap that still floats around now and again. (I'm pretty sure it will look similar to that code in the SO link I pasted above).
Post mortum: One more coldfusion serve saved from villainy. Remember, it never hurts to run through your systems and see if anything can be found like this. It also never hurts to make things a little more difficult for would be server exploiters ;)

Accessible Facebook Like Button

Has anyone created a custom Open Graph solution that queries the number of likes and creates an accessible button? Facebook's iFrame and XFBML solutions are both completely inaccessible via the keyboard and screen readers -- and no one seems to care.
The count is super easy to grab, it's the like URL that I'm not sure about. The anchors inside of Facebook's iFrames don't even have hrefs, so I'm currently digging through their scripts for some actionable targets.
Hit this URL with JS or in a browser and you'll get an ID and # of shares (are likes different though? better than nothing i guess): https://graph.facebook.com/http://putyourUrlhere
Any idea how to trigger a like without Facebook's provided code? It's ok if the button is only accessible with Javascript on since screen readers can use JS. Their code obviously requires it anyway. Has anyone done something like this with the Javascript SDK?
I'm trying to figure out if this is even possible, so I'd appreciate any insight!
PS -- iFrames are not inherently inaccessible. The problem is that Facebook's code inside of it is not. http://webaim.org/techniques/frames/#iframe
Facebook finally got around to making the like button keyboard accessible. Just took a while.
https://developers.facebook.com/docs/reference/plugins/like/
It is not supported. Automated likes would compromise the authenticity of the Graph.

Best way to integrate PHP forum into Django site?

Suppose you are running a Django site, and have a legacy PHP forum to support and integrate into your site, since current Django forum solutions are not mature enough.
What is the best way to do this?
Currently I have a simple view, which renders a very simple template which extends my site's base template, and the content area has nothing but an <IFRAME> which holds the forum as its src. A small jQuery function is used to maximize the <IFRAME>'s height (once it finishes loading) so as to contain 100% of the forum content.
But all of this sounds pretty awkward. How would you go about this?
There are a few options. None are ideal (but mixing two platforms never is!)
Use iframes as you've suggested (bad as the address in the address bar is always that of the django page and if somebody copes a link off the forum, it will be the PHP forum, not the django holder)
Use iframes but instead of using the same src all the time, parse the URL and append the relative bit onto the src of the iframe. ie if django sees /forum/this-url, set the src to http://forum-address/this-url and make sure all your links target parent. This has the advantage of showing the correct link in the address bar at all times (rather than it always being /forum/). You'll need to hack your forum for this to work.
Proxy the content and inject it into the page properly. You'll need to pass cookies and it might get really messy but in most terms, this is a great way to integrate things because your links will always be correct. You'll need to butcher your forum theme to strip out everything outside and including the <body> tags.
Theme your forum in the same way as the Django site. This would give best performance but you might have issues if you use dynamic stuff in your django template. An option to get around this is by having the django template cache things to memcache and using php-memcache to pull them out into your forum template.
I have done both 3 and 4 in the past. I used 3 for a very simple form (so didn't have to deal with cookies and sessions as you will). I used 4 for integrating a FluxBB forum into a Wordpress install. Both PHP but it would be uber bloat to load FluxBB inside Wordpress. I cached the dynamic template things into memcache and pulled them out in the forum template.
For this, I would probably suggest going with #4. It's a pain in the arse having to maintain two themes but it's by far the fastest performing solution.
When I read the question summary I immediately thought that you would need some kind of script, which could be linked to a signal via the Dispatcher in Django, to syncronize the user database from your Django site to the forum. This would keep the authentication side of things in check - but you still need to do one of the things that Oli has suggested, to make them look the same.
Themeing will probably be the least hassle-free route, but that's not to say it will be easy!