YOOtheme Pro is here! The best WordPress and Joomla theme. Learn more

Avatar stefan.muller asked

[BUG] Widgetkit 2.9 if backend is secured with .htaccess

I just installed wk2.9 on one of my sites and now my site asks for username and password if I only want to access the frontpage. Viewing the page source revealed that Yootheme now calls a javascript INSIDE the administrator directory which happens to be .htaccess protected on my site:
<script src="/administrator/components/com_widgetkit/vendor/assets/uikit/js/components/slider.min.js" type="text/javascript"></script>
This needs to be fixed ASAP
As a TEMPORARY workaround you can do the following if you use apache:
in the directory /httpdocs/administrator/components/com_widgetkit/vendor/assets/uikit/js/components create a .htaccess-file with the content "Satisfy any" (without the quotes) this will exclude the directory from password protection, but keep in mind that this could weaken the security of your site. It works but for me this is not an option, so I reinstalled the previous version of widgetkit
I wish Yootheme would test their stuff better rather than making their paying customers beta testers

  • Joomla
  • Widgetkit

Edited

11 Answers

7

Avatar stefan.muller answered

@radevic: Considering the fact, that it completely shuts down your site for all users that do not happen to have the password for your backend, I'd say that it is a severe bug and using Akeeba Admin Tools is not using weird plugins imho.
Also if you know Yootheme support you know that as soon as a "ticket" has one answer, noone from yootheme's support will ever answer you and as long as this doesn't change, I'll open a new topic for everything, just in order to not spoil the chances of other thread openers to get an answer

4

Avatar artur Yootheme answered

Thank you for the hint! We'll investigate the issue.

Greets,
Artur

1

Avatar she4www answered

@radevic: If you run 50 Joomlas and import this update automatically, I would be talking about a huge bug in the face of the result!

1

Avatar artur Yootheme answered

@all we will release a new Widgetkit version today, which should fix the issue. Sorry for all the circumstances.

As a quick fix please remove all lines in {template}/widgetkit/widgets/*/plugin.php that starts with:

$app['scripts']->add('uikit-...

Greets,
Artur

1

Avatar michael.maass Support answered

Unless this was already fixed, please try and carefully follow these steps to exempt certain files from the protection and avoid the login prompt:

  • Access your site's root via FTP

  • Navigate into administrator/components/com_widgetkit/vendor/assets/uikit/fonts/

  • Inside the folder fonts add a new text file named exactly

    .htaccess
    

    with exactly the following content:

    <FilesMatch "\.(eot|ttf|woff|woff2|otf)$">  
        Allow from all  
        Satisfy any  
    </FilesMatch>
    
  • Navigate into administrator/components/com_widgetkit/vendor/assets/uikit/js/components/

  • Inside the folder components add a new text file named exactly

    .htaccess
    

    with exactly the following content:

    <FilesMatch "\.js">  
        Allow from all  
        Satisfy any  
    </FilesMatch>
    

Reload the page in the frontend and test.

Thank you

Edited

0

Avatar nemanja Support answered

Everybody has different versions and plugins and components

Making duplicate tickets without searching doesn t help anyone there is at least 5 tickets I have seen for same issue

It s not such a huge bug but I think they got in github a place where you can ad the bug

It s pointless complaining here

The. Htaccess doesn t have such a great help you just keep your joomla updated and don t put weird plugins and you will be fine, I assume they will fix it in a bit :)

0

Avatar stefan.muller answered

@she4www: Thank god, myjoomla doesn't update WK automatically ;-)

0

Avatar danryan75 answered

Same issue for me. AdminTools and WidgetKit 2. It screwed most of my sites, so temporarily disabled the "Password Protect Administrator" in Admintools. Hopefully Yootheme will provide a fix asap!

0

Avatar projektoliver answered

Thank you Stefan, yesterday I search for hours to find the problem.
What happens to Yootheme the last months???

Know someone who can answer? Share a link to this question via email or twitter.