The Old Man

Hi,

In 4.7.11.1, I noticed 2 missing language strings in the AdminCP > Notification Settings (via bell icon):

Hi,

I noticed that my Unread Content link is missing even in the default IPS theme. I refer to the one that shows near 'Mark site read' below the search input.

I checked and couldn't find a reason for it, but this was weird... It shows as normal in the list of Streams but when I clicked on the pencil icon, the title of the stream was empty despite it being a required field.

So I clicked on the option to Restore Default Streams and this fixed the missing Stream Title for Unread Content.

The default stream is still Unread Content:

However, even after clearing the cache, it is still missing on the front end.

Thanks, yes the downloads work fine. I'd never noticed before that they don't use the configured domain.

Hi @Marc Stridgen

It's more evident with a PDF download because the S3 URL shows inside the browser's address bar when viewing the PDF, but they are not public files. However, if you go to this guest-friendly example when you download the actual .zip file, you can get the final download link which begins with:

https://s3.us-east-2.amazonaws.com/cdn.

Of course!

It doesn’t help that browsers don’t honour the concept of sessions any more. A session should end when you close the browser, but they moved the goalposts a few years back.

22 hours ago, marklcfc said:

Doesn't work as well as guest page caching did though, guests can't change themes is an issue too.

Yep, we got boned.

When I download a file from Downloads that is stored on S3, the url that opens has the S3 bucket name as the url instead of my usual cdn domain name. I don’t recall seeing this before. Is it a bug?

Sanitised example, downloading a PDF, the download works fine:

https://s3.us-east-2.amazonaws.com/cdn.example.com/monthly_2023_06/Pilot(White)(NoWatermarks)_pdf.8cc51399999999999999988c74?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAJ299999999999/20230701/us-east-2/s3/aws4_request&X-Amz-Date=20230701T162042Z&X-Amz-Expires=1200&X-Amz-SignedHeaders=host&response-content-disposition=attachment;%20filename*=UTF-8%27%2520-%2520Pilot%2520%2528White%2529%2520%2528No%2520Watermarks%2529.pdf&response-content-type=application/pdf;charset=UTF-8&X-Amz-Signature=c1853cd3d92d621459999999999999991a5f5bf6a0af

Should begin as 

https://cdn.example.com/monthly blah...

As configured in the AdminCP File Storage settings:

My Cloudflare rules won’t be honoured because the URL isn’t starting with my cdn.domain name.

Please can you the option to automatically reset recurring donation goals in Commerce, based on a selectable period? 

This way a goal such as donations towards site costs could reset back to 0.00 every month, year etc.

Thank you.

Primarily PDFs, but also epub etc

The current watermark option is very basic and applies only to screenshot images, not the actual download.

Here’s my thoughts/needs for Downloads watermark improvements:

• Apply watermarks to files not just screenshot images
• Enable/disable watermark per category
• Enable/disable watermark per file
• Embed watermark into PDF per category/file
• Force watermark yes/no
• Ability to generate a unique watermark per download, logged in AdminCP to aid future accountability/traceability, if required.
• Choice of text/unique random string/image watermark formats

There is obviously no golden solution, but if you have say members only downloads (that are not available to guests), or you charge for membership subscriptions, a bad actor can download the file and distribute them. Same applies with actual paid files.

Could perhaps be using Private Browsing mode or a privacy browser extension?

Okay, done that, thanks Marc.

Dear IPS,

Thank you for adding a Reject button to the cookie banner.

Please can improve the new cookie compliance functionality further to include the duration of the cookies, so that it is clearly stated in order to obtain valid consent?

Reasoning behind this:

Example Reference: https://ico.org.uk/for-organisations/direct-marketing-and-electronic-communications/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/how-do-we-comply-with-the-cookie-rules/#comply4

Quote

How do we tell people about cookies?

To comply with the information requirements of PECR, you need to make sure users will see clear information about cookies. In any case, doing so will increase levels of user awareness and control, and also assist in gaining valid consent.

You also need to tell people about the purposes and duration of the cookies you use.

Example reference: https://ico.org.uk/for-organisations/direct-marketing-and-electronic-communications/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/what-are-the-rules-on-cookies-and-similar-technologies/#rules4

Quote

What does ‘clear and comprehensive information’ mean?

PECR does not define what ‘clear and comprehensive information’ means. However, Article 5(3) of the ePrivacy Directive says that clear and comprehensive information should be provided ‘in accordance with’ data protection law.

This relates to the UK GDPR’s transparency requirements and the right to be informed. It means that when you set cookies you must provide the same kind of information to users and subscribers as you would do when processing their personal data (and, in some cases, your use of cookies will involve the processing of personal data anyway).

The information has to cover:

• the cookies you intend to use; 
• the purposes for which you intend to use them;
• any third parties who may also process information stored in or accessed from the user’s device; and
• the duration of any cookies you wish to set.

Secondly for users using a separate service such as CookieYes, the cookie link still shows and takes users to the IPS cookie page even though it’s being used. This is confusing to site users.

Thank you.

Meh. 😮‍💨

It still shows the cookie link at the bottom though which if a visitor clicks takes them to the IPS cookie page. It would be good to be able to easily disable that or alter its destination.

Also can you include the duration of the cookies on the IPS cookie page, please?

Thank you!

Okay, thanks for that!

Thanks Stuart, I totally missed this.

So it gives me a pop up notification with a green and red button.

Presumably I click on the green button to proceed with the PII export, but when I do, it asks if I’m sure I want to delete the account? 🧐

Hi,

I’ve used a third party cookie solution (CookieYes) for a while now but wondered if the new built-in can be disabled to avoid confusion/conflict? I know there has been some changes and fixes over the weekend and the optional section has gone.

I have it set not to show the pop up to guests.

Thank you!

Hi,

With the new PII request option, I made one using my normal member test account.
 

However since making it, I’ve not received any notification about a member making a request, nothing has came through to either admin or member email address.

If I go to the relevant section in AdminCP I do see an entry. How would I know to look if there is one?

Is that correct?

Many thanks

Got it, thanks Stuart. Sorry they got you working on Gravy Day!

Ah, right, thanks I didn’t realise that + button was for that, on my iPad at the moment.

Where is the option to show a subscription when registering? (So a new member must purchase a subscription). I thought it was on the registration/log in AdminCP settings page. I saw the option for setting a product of a certain value must be purchased, but it says configure up via the products page, not subscriptions. Thanks.

I was looking at the Subscriptions options in Commerce and noticed they seem to be incorrectly calculating renewals.

E.g. Set up a subscription of $10 for 6 months with renewal the same price equating to $20 for a year…

So that should be $20 per year, but if you save and then click on the +Add Member option…

• it shows renewals as going to be either free forever or free for the first 6 months and $10 the next 6 months ($10 a year).
• Also there is a typo, the number of months is displayed twice, but only if you select months, not years…

Whether it’s messed up if you went live, I don’t know.

We shouldn’t have to worry about testing updates first, that’s why they have alpha, beta and release candidate versions. I can’t help but feel it’s more likely down to the ridiculous monthly update schedules, it’s a nightmare trying to keep up. It must also pressurise the whole system from security testing, QA, market place submissions.

I just did my first live site, and the cookie option works but I noticed it doesn't tell you what the optional cookies are? This one doesn't have forums though, on my sites with forums I use CookieYes so not straight forward to test.

No Stuart, I noticed that after updating it asked me to log in with my email address (as expected) the next time but that was all.

Actually, upon checking, with these being my localdev sites, the cookie banner isn't set to show to guests.