Recent changes to bugs

Vlist/File Cabinet Bug

Englesos — Sat, 24 Aug 2013 13:22:49 -0000

images uploaded via file cabinet to vlist have reduced colour depth as compared to the full sized images - see example here - http://www.yearlyrentalscyprus.com/newr/vlist/listing/6
This seems to occur at random but I haver been totally unable to find a difference between images that cause the problem and images that do not.

If you could have a look and let me know your thoughts I would be most grateful. If you need access to the hosting account/server then I will be happy to provide.

Many thanks

Gerry Barrett

XSS over GET

ihaiha — Mon, 17 Dec 2012 09:42:41 -0000

Hi, there is a XSS vulnerability because of wrong validation of "cm" parameter.

Check it out:
http://phpwebsite_1_7_3/index.php?module=filecabinet&cm=XSS_HERE&itn=icon&rf=0&fid=0&fr=1&ml=1&mw=60&mh=60&fud=0&ftype=1&fop=fm_folders&authkey=sialala

end user script permissions

Thomas de Jesus — Wed, 26 Jan 2011 22:44:41 -0000

Since the 1.7.0 update, define('ALLOW_SCRIPT_TAGS', true); is no longer added to the config file automatically. without it the Allow script tag input permission in users is rendered useless.

blank not allowed in mysql password

Guohua Tang — Wed, 04 Aug 2010 10:59:17 -0000

phpWebSite 1.7.0
CentOS 5.5
PHP 5.1.6
MySQL 5.0.77

I have tried to install the latest phpWebSite 1.7.0. When confinging database settings, I found that blanks are not allowed in mysql password.
Whereas my password for mysql has a blank, for example, "love you".
I hope the next release of phpWebSite will repair this bug.

security.php error on webpage

Wayne Hammond — Wed, 26 Aug 2009 22:30:21 -0000

Have been trying to upgrade from 0.1.0..2 to 1.6.3. Renamed public_html directory and created a new public_directory folder, copied the files from phpwebsite_1_6_3 archive into the directory. Created a new data base and bata base user as per directions. Installed the website, boosted many of the modules, then ran convert to get data from original site into new site. Procedure seemed to proceed without incident.

Renamed setup and convert directories. Opend website. Now having problems with all of the pages and menus. Some items seem to almost work, but many work haphazardly. Menus give an error when clicking on most links and I have to delete the data after the domain name to get back to the site. All the while there is a message at the top of the screen "ion is active. You cannot change the session module's ini settings at this time. in /home2/glenmea1/public_html/inc/Security.php on line 45"

The hosting company cannot help me.

The hosting company is using cpanel.
cPanel Version 11.24.5-RELEASE
cPanel Build 37946
Apache version 2.2.13 (Unix)
PHP version 5.2.9
MySQL version 5.0.81-community-log
Architecture x86_64
Operating system Linux

404 error under specific circumstances

Andrew Patterson — Fri, 05 Jun 2009 16:41:37 -0000

Environment

phpwebsite 1.6.2, Core 1.9.4
See http://phpws.net/phpinfo.php

Situation

404 error occurs when accessing a branch site with a url like http://www.domain.com/branch and $_SERVER['REDIRECT_URL'] gets set and contains /branch/index.php. The problem, as near as I can tell, is that getCurrentUrl returns null instead of 'index.php'. When there is no branch involved, 'index.php' is returned. Or when running pws on another host with an identical pws installation except $_SERVER['REDIRECT_URL'] does NOT get set, 'index.php' is returned even when accessing the branch url without the trailing 'index.php'.

The call to getCurrentUrl that fails is in forwardInfo(). That fails when the forward() function is run from mod/access/inc/init.php.

I see a comment in getCurrentUrl that "some users reported problems using redirect_url so parsing uri instead". The problem I am seeing now may be a side effect of that change. Parsing redirect_url works in this situation, so my interim fix is to parse that, but I'm not sure what problems other users were reporting so it may not be the best permanent fix.

This was not easy to describe, so ping me with any questions. And if you want some testing in different environments, I can help with that.

Andrew P.

Restricted page in menu causes php error

Verdon Vaillancourt — Wed, 06 May 2009 13:22:00 -0000

Creating a pagesmith page (which is added to the menu automatically) and applying view restrictions to it seems to cause a fatal php error when a member of the group logs into the site. The menu item is not displayed to annon visitors, as is correct.

For instance, a pagesmith page is created and added to the menu. View restrictions are applied to that page, restricting the view to members of two groups. When a user logs in who is a member of one of those groups, the following php error occurs...
PHP Fatal error: Call to a member function loadChildren() on a non-object in /home/user/public_html/mod/menu/class/Menu_Item.php on line 246

Blog Previous Entry view doesn't always display

Verdon Vaillancourt — Tue, 28 Apr 2009 18:18:01 -0000

The previous entries sidebox for blog, for anonymous viewers doesn't always display. Resetting the cache seems to temporarily help. Disabling the cache does help.

text replaces icon in menu admin

Englesos — Mon, 13 Apr 2009 06:57:49 -0000

Php Version: 5.2.9
Web Server: Apache version 2.2.11 (Unix)
Operating System: Linux
SQL Server: 5.0.77-community
Browser: IE 8.0.6001
PhpWebSite Version: 1.6.3

Hi - when using menu admin, the final icon in the row of four icons displayed when mousing over the spanner and screwdriver icon is missing, and a text link MENU_LINK_INDENT_INCREASE is displayed.
The link functionality is unaffected, everything seems to work, it seems to be just a display bug.

Many thanks

Boost doesn't un-boost 1.6.1

Thomas de Jesus — Mon, 23 Feb 2009 16:17:15 -0000

No error thrown that I can see, but boost doesn't unboost any mods.