[RESOLVED] Using an iframe or php include

Boris Becker

Joined: 2012-06-26
Posts: 4
Posted: Tue, 2012-06-26 15:55

Hi guys

I'm new to gallery. I have a full html website. I've installed Gallery3 in a sub folder. Working brilliantly. But I'm looking to use my own header and footer so that the Gallery3 installation appears the same as the rest of the html site. I've tried the following:
1. Added my header html code to the page.html.php file in my custom theme (copy of wind) - header appears but layout distorted

2. Tried to add a php include like this <?php include("header_gallery.html");?> to page.html.php - Doesn't appear at all

3. Tried creating an html page (gallery.html) with an iframe <iframe id="content" name="content" src="/gallery/index.php/" scrolling="no" width="1000" height="1400" frameborder="0"></iframe>. This works brilliantly in all browsers except Internet Explorer which displays: "This content cannot be displayed in a frame - To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."

Any suggestions as to how I can this working? What is the preferred method?

Any help will be greatly appreciated.

Thanks in advance

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Tue, 2012-06-26 16:31

in gallery3/themes/your theme/views create your header.html.php and footer.html.php
and where you want them to show use:
<?= new View("header.html") ?>
and
<?= new View("footer.html") ?>

or try my RESTful approach.

-s

 
Boris Becker

Joined: 2012-06-26
Posts: 4
Posted: Wed, 2012-06-27 18:21

I got it to work. I tried option 2 (php include) again. This time I copied my gallery_header.html file into the views folder. But it was distorted (width and alignment) same as option 1. So I edited the css stylesheet: screen.css file changing the following:

td {
border: none;
border-bottom: 0px;
padding: 0;
}

So now it's working perfectly. hopefully the changes I made didn't muck up something else required, but all seems okay for now.

Thanks for your help.

 
frankbackes

Joined: 2012-10-10
Posts: 3
Posted: Wed, 2012-10-10 19:56

Hi,

Actually you reported that you got the error:

"This content cannot be displayed in a frame - To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."

Have you solved it or worked arround.

As I'm using frame forwarding for my webside with hidden url so I can't workarround as soon you are going to my gallery over my subdomain you just get the error you reported, when I then click on:

"open this content in a new Window"
It shows the full url and it opens.

This problem is with Internet Explorer, but trying with Firefox it simply shows a blank page. Same with google chrome. Before the update I just made it still worked. Version before was 46 now 49.

Can anybody help me please?

Thx

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Wed, 2012-10-10 20:45

look for this bit of javascript and remove it:

    <script>
        if ( top.location != self.location ) {
            top.location = self.location.href;
        }
    </script>

-s
________________________________
All New jQuery Minislideshow for G2/G3

 
frankbackes

Joined: 2012-10-10
Posts: 3
Posted: Wed, 2012-10-10 20:51

HI,

Thx I got also a reply from Bharat:
Unfortunately, this is a security fix to prevent a problem called clickjacking:
http://en.wikipedia.org/wiki/Clickjacking

You can disable it by finding and removing this line from the Wind theme:
themes/wind/views/page.html.php:<?php header("X-Frame-Options: SAMEORIGIN"); ?>

But, yes then you're exposing yourself to a problem. Honestly, I don't think it's a huge issue - you'd have to be specifically targeted and fooled into a bad click in order for it to affect you. This isn't a hack that can be easily perpetrated broadly - but it's kind of up to you.

I Wrote to him before:

Hi,
Actually I have upgraded from version 46 to 49 and since I get this message:
"This content cannot be displayed in a frame - To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."
Is this part of a security improvement?
As I'm using frame forwarding for my webside with hidden url so I can't workarround as soon you are going to my gallery over my subdomain you just get the message reported, when I then click on:
"open this content in a new Window"

It shows the full url and it opens.
This problem is with Internet Explorer, but trying with Firefox it simply shows a blank page. Same with google chrome. Before the update, I just made, it still worked. Version before was 46 now 49.

If this was a security fix, then I can’t use Gallery anymore as I have to use it in frame and I don’t want to put my system vulnerable again by disabling a feature if you blocked it for security reason
Thx

And by applying an other theme it became available also.

Anyway, it's amazing how fast is the feedback in this community GOOD SIGN.

Wish you all the best and thx again

Wfr Frank Backes

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Wed, 2012-10-10 21:09

Remove
<?php header("X-Frame-Options: SAMEORIGIN"); ?>
From your themes page.html.php and see if that works.
http://sourceforge.net/apps/trac/gallery/ticket/1850
Your on your own for security issues this might cause.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team