Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Release 3.2.1 Beta 4
#26
Fixed in hotfixes
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/543
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#27
v3.2.1 beta 3 released
Fixes above issue.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#28
Consensus ?

Is this ready for release ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#29
Sure, seems like it. Email me the file when you have it Smile
Reply
#30
(2013-04-03, 23:13:00)shawn_a Wrote: Consensus ?

Is this ready for release ?

Found one bug(?)
When calling:
Code:
getPageField(get_parent(0),'title')
to get parent page's title, I get:
Code:
Notice: Undefined index: index in /admin/inc/caching_functions.php on line 52

Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in /admin/inc/caching_functions.php on line 52

Solution:
Restoring add_action('index-header'... -> add_action('index-pretemplate' as it was in 3.2
I guess this warning is related to one of plugins I use, probably one from i18n plugs family.
Addons: blue business theme, Online Visitors, Notepad
Reply
#31
Thanks, so I can reproduce where are you calling this function?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#32
It's located in header file included by all template files.
Addons: blue business theme, Online Visitors, Notepad
Reply
#33
Well I do not have this problem, so i need to know where you are seeing it and where it is being called from.

What do you mean by header file included by all templates ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#34
getPageField(get_parent(0),'title'); posted somewhere Carlos, and this snippet was working flawlessly till 3.2.1
I'm using below code:
Code:
    $custom_page_name = return_custom_field('pagetitle'); //custom page name
    if ($template_file == 'template_pomoc.php') {
        if (get_parent(0)!='') { //if page slug is nested, display parent name + slug name
             echo '<h1 id="pagetitle">';
                getPageField(get_parent(0),'title');
                if (!empty($custom_page_name)) { //show custom page name if provided
                    echo ': '.$custom_page_name.' </h1>';
                }else echo ': '.return_page_title().' </h1>';
which breaks on mentioned call, until I restore caching_functions.php file from GS 3.2
I'm using plenty plugins, where among the other i18n plugin family plays the most important role.

ps. i18n plugs tend to be problematic with every new GS update.
Have that on mind, as Mvlcek's plugins bring too many features which GS just lacks.
Addons: blue business theme, Online Visitors, Notepad
Reply
#35
And where do you I put this code to reproduce. You have to give me enough detail to reproduce. It's called a test case. I am not psychic.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#36
hmm...I answered the best way I could.
Above droplet is placed in header.php file, included in all created template files.
Droplet calls function used in i18n custom fields plugin, but there's as well i18n (with 18n nav) plugin installed - otherwise nested pages would use own functions to display menu items.
Try to embed "getPageField(get_parent(0),'title');" in template and call it on a nested page.
Mentioned earlier change from 'index-header' to 'index-pretemplate' call solves the problem, thus I suppose it's a problem between plugins, pretemplate and header calls, but warning in caching_functions.php doesn't show up on parent pages.
Addons: blue business theme, Online Visitors, Notepad
Reply
#37
Heh droplet.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#38
I still cannot reproduce this, nor does it make any sense. The hook we changed it to is called before the old one, so i doubt this is causing the error.

index-header is called before pretemplate, I am going to guess this is a plugin issue.

Can you install my debug plugin and give me the backtrace for the error ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#39
Also you cannot call
getPageField(get_parent(0),'title');
Without wrapping it in a check to make sure parent is not empty, hence the error.

which is what
if (get_parent(0)!='') {
does
but its possible it is returning null instead of '' which the check does not do.

should be
if (!empty(get_parent(0))) {
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#40
minor issue, found doing a security review. direct access to files with config, backups must be disallowed. So GS can keep config inside .php files starting with a <?php die(); ?> or denying via config direct access (.xml files) but this config still miss quite a few files that must be directly denied direct access via .htaccess:
/data/other/logs/errorlog.txt is one of these, and even actual official get-simple.info fails to protect that file (not a problem to disclosure that info, it contains old not important data).

Than double standard inside /backups/ where some files get a 'safe' extension (/backups/pages/pagename.bak.xml) but other files not, so you have to deny via config or .htaccess /backups/other/website.xml.bak and components.xml.bak
I suggest to change those backup files from .xml.bak to .bak.xml in order to have an additional safety layer.
Reply
#41
Yeah I noticed this, no clue why they are .bak did not bother with it since those directories should not be publicly available.

All data directory are deny all
Except for uploads.

I see no problem here.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#42
> All data directory are deny all
> Except for uploads.

good, i'll do a few tests and update the nginx config to include this general rule. I add that all files in /uploads/ should never be executed, so on nginx config i have this rule too. Maybe it can be ported to apache .htaccess:

Quote: location ^~ /uploads/ {
if ($request_uri ~* \.php$) {return 403;}
}
Reply
#43
That prevents access but does not prevent execution, you can disable php execution in uploads, but we leave that to the user as an extended security control. prefer to keep htaccess as simple as possible.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#44
(2013-04-10, 01:48:00)shawn_a Wrote: Also you cannot call
getPageField(get_parent(0),'title');
Without wrapping it in a check to make sure parent is not empty, hence the error.

which is what
if (get_parent(0)!='') {
does
but its possible it is returning null instead of '' which the check does not do.

should be
if (!empty(get_parent(0))) {

Using !empty resolves the problem (many thanks for pointing that out).
But interesting is that using !='' didn't cause any problems since GS 3.1 when caching_functions.php utilised index-pretemplate. I assumed that earlier working !='' isn't the cause :\

ps. I found out that plugins tend to stop working or cause problems with every new GS release. If most popular plugs (not updated) won't work with new GS versions, this might become problematic during patch deployment or updating to new version w/o updating template's code.

edit: slight change to prevent from fatal error
$var = get_parent(0)
if (!empty($var)) {

...
Addons: blue business theme, Online Visitors, Notepad
Reply
#45
I am going to guess its another change in caching_functions and not the hook.
I will see if I can see anything obvious.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#46
ok there was a change to retrieve page data from page cache instead of directly from file xml.
This is already to be reverted ( by something unrelated )

I am assuming page cache stores empty elements differently than just getting the simplexml from file.

But empty is always the preffered way to check empty values since it covers null and empty strings.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#47
yup confirmed.
pagesarray is null, and data_index is an empty simplexmlextended obj.
We should probably cast all globals to strings here.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#48
Beta 4 released, fixes 2 issues reported with current beta.
Adds a few features requested.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#49
Thanks for everyone that helped with this release and testing. We need to get this out it has a lot of security fixes, tell your friends, clone your sites and test it please.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#50
Have not heard anything, anyone test this ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply




Users browsing this thread: 1 Guest(s)