GetSimple Support Forum
Release 3.2.1 Beta 4 - Printable Version

+- GetSimple Support Forum (http://get-simple.info/forums)
+-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3)
+--- Forum: GS Development Testing - (alpha/beta) (http://get-simple.info/forums/forumdisplay.php?fid=14)
+--- Thread: Release 3.2.1 Beta 4 (/showthread.php?tid=4414)

Pages: 1 2 3


Release 3.2.1 Beta 4 - shawn_a - 2013-03-04

http://get-simple.info/download/

Settings $LANG persistent xss injection.
Version missing from footer
xss vulns in backupedit, filebrowser, error_checking, edit
health check plugins.xml chmod check 644 writable
Some javascript i18n missing
ajax.php dir traversal
ununsed antixss typo
removed extra install.php from core
Undo link missing for page deletions
Data leakage via traversal inclusion on frontend
removed loadtab.php, arbitrary code execution
Default index.xml date is sep 2009, now install date
slug creation problems, servers with no mb extension
page options parent is blank
attempt to fix 3.0 upgrade issues, missing cache folder
Identify page on edit titlebar and footer
filebrowser cannot read space foldernames in uploads


RE: Release 3.2.1 Beta - E.Eliveld - 2013-03-05

No errors or problems on my boxes.

Anything specific to check for?


RE: Release 3.2.1 Beta - yojoe - 2013-03-06

Just a minor thing with translations.
In plugins tab, there's a hardcoded "Disabled Plugin" label (no var in translation file for it), and harcoded in js "Plugin Updated" notice after changing plugin status.

I stumbled upon couple errors (like function checking php ver in inc/common.php, changing admin path) and http 500's under php 5.4 environment. But switching between 5.2/5.3 and back to 5.4 somewhat unstucked GS and everything started working. I need to install couple more GS instances to make sure if it wasn't a short webserver caprice.


RE: Release 3.2.1 Beta - shawn_a - 2013-03-11

do you have any reports yojoe ?


RE: Release 3.2.1 Beta - yojoe - 2013-03-11

I did a fresh install of 321b; php 5.4.6, default GS config (no custom vars and changes), GS installation in /getsimple subdir
Changing path in define('GSADMIN', 'newdir'); leads to an empty page, both frontend and backend.
Not a single php error appears, logs stay empty.

After contacting with hosting support the problem might lay in the way of use global vars under php5.4, especially paths.

Those are only thoughts.


RE: Release 3.2.1 Beta - shawn_a - 2013-03-11

Works fine for me, 5.4.6


RE: Release 3.2.1 Beta - yojoe - 2013-03-12

Shawn: did you test/check on a production environment (webhosting with 5.4.x) or only on a localhost (win/lin?) ?
I have to find the reason why on php5.2.x GS works out of box, but after switching to p5.4.6 fresh GS instance with changed admin path refuses to work without any error output :/


RE: Release 3.2.1 Beta - shawn_a - 2013-03-12

Did you just rename the admin folder and change the config ?
I cannot imagine why that would have any issues.


RE: Release 3.2.1 Beta - shawn_a - 2013-03-13

Can you just set it to 'admin' and see if that works ?


RE: Release 3.2.1 Beta 2 - shawn_a - 2013-03-14

3.2.1 Beta 2 released


RE: Release 3.2.1 Beta - yojoe - 2013-03-15

(2013-03-13, 23:02:14)shawn_a Wrote: Can you just set it to 'admin' and see if that works ?
Enabling and leaving GSADMIN in gsconfig with default value worked all the time. After I installed 3.2.1B1 3rd time, changed path started to work. None of the files were corrupt in earlier instances. Not even one error appear.
I just don't get it.

I hope B2 works on my current webhost from first shot. I'll check it on couple other webhosts also.


RE: Release 3.2.1 Beta 2 - shawn_a - 2013-03-15

Could have been a permissions issue on the folder rename or something odd there.
Could it be an issue with upgrades on a system with a admin path ?
I have to admit I have never tested that.


RE: Release 3.2.1 Beta 2 - yojoe - 2013-03-15

I've looked at directory attributes, and both 705/755 work now - I dodn't look at the permissions earlier, but assuming I didn't do anything else, that couldn't be the reason.
I can't remind myself if GS was ever making any changes to data structure or content of files in /admin dir.
Although some plugins were accessing and changing core files, but I didn't install any in test environment.

It's really odd, thus it would be great if anyone tests beta versions too on a production server with php 5.4


RE: Release 3.2.1 Beta 2 - shawn_a - 2013-03-16

This thread is about 3.2.1beta


RE: Release 3.2.1 Beta 2 - steenih - 2013-03-16

I seem to have encountered a minor bug in the latest master branch (as of 3 hours before posting this). Freshly downloaded and installed on a local XAMPP server and with pretty urls as well as mod-rewrite enabled, I got a "'Page not found" when clicking the "Home" link on the frontend's menu bar. Likewise when entering the proper url directly into the browser address field

The immidiate problem was that the check in index.php on line 51:
if (!array_key_exists($id, $pagesArray)) returned true because there in fact was no key: "index" in that array - there only was a key: "index " (with a space).

My temporary solution was to trim the value in function pageCacheXMLtoArray($xml) (caching_functions.php) as this:
line 325 before: $key = (string) $page->url;
line 325 after: $key = (string) trim($page->url);
Of course the more permanent solution should be to sanitize matters a bit closer to the origin.


RE: Release 3.2.1 Beta 2 - steenih - 2013-03-16

Just to add that the temporary solution above also is only a partial one. If one view the source as rendered by the browser the: link rel="canonical" href="http://localhost/trv/cms/index /" still has the extra space and therefore doesn't work.

All this only applies to the default index page. All is and was okay with my own test pages.


RE: Release 3.2.1 Beta 2 - Oleg06 - 2013-03-16

what this means in version 3.2.1 Beta 2
Code:
Apache web server    LiteSpeed - Error
Warning: Server Setup non-Apache
PHP Version 5.2.17


RE: Release 3.2.1 Beta 2 - Carlos - 2013-03-16

@Oleg06

It's since 3.2.0

It means your server is not Apache, so GS doesn't know if .htaccess is supported (deny files...).
So you should make sure that your data files (pages, users, backups, etc.) cannot not be viewed with a browser, either because actually .htaccess is supported, or because you protected those data folders yourself.

If you're sure your site is secured properly, you can disable that warning by adding (or uncommenting) this in gsconfig:

define('GSNOAPACHECHECK', true);

( http://get-simple.info/forums/showthread.php?tid=4334 )


RE: Релиз 3.2.1 Бета 2 - Oleg06 - 2013-03-16

once you've shoved me out of this topic, so I downloaded the beta and asked again Smile
thanks for the tip


RE: Release 3.2.1 Beta 2 - shawn_a - 2013-03-17

Thanks oleg, I do not want to spend time on something not current. Making sure issues are reported against current versions.

Its on my list for later but maybe we should go ahead and add a fucking link to the wiki , since noone reads the damn install requirements. Or maybe we can add some other apache clones to the list of aprooved web servers.

Please report false positives on this, as the apache detection code is not the best but helps us alot in identifying why htaccess are not working for folks.


RE: Release 3.2.1 Beta 2 - Carlos - 2013-03-17

Too much html decoding in 3.2.1 betas.
Try creating a page with this content (in source code mode)
a<b

It's being rendered as:
a<b
(broken tag)


RE: Release 3.2.1 Beta 2 - shawn_a - 2013-03-18

We didn't change anything directly related to that.
I added sanitizers to some post fields maybe that did it.


RE: Release 3.2.1 Beta 2 - shawn_a - 2013-03-18

Any ideas?
Before save issue or rendering issue ?

edit
xml
Code:
<content><![CDATA[a&amp;lt;b]]></content>



RE: Release 3.2.1 Beta 2 - Carlos - 2013-03-19

Rendering issue.

I've just checked again just in case.

Here is an example:

Editor in WYSIWYG mode:
Code:
love <3

Same content but in source code mode is:
Code:
<p>love &lt;3</p>

The XML file is saved as:
Code:
...
<content><![CDATA[&lt;p&gt;love &amp;lt;3&lt;/p&gt;
]]></content>
...

Rendered HTML (broken) by GS 3.2.1 beta is now:
Code:
<p>love <3</p>

GS 3.2.0, 3.1.2, etc. properly rendered it as:
Code:
<p>love &lt;3</p>



RE: Release 3.2.1 Beta 2 - shawn_a - 2013-03-19

Ok ill fix it, I know what caused it.
We are using getcontent now to load the global, so its running twice. Just like the filter was running twice and we fixed that.

We need to just change that to raw and exclude this also

$content = stripslashes(htmlspecialchars_decode($data->$field, ENT_QUOTES));