2013-03-19, 06:00:44
Fixed in hotfixes
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/543
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/543
Release 3.2.1 Beta 4
|
2013-03-19, 06:00:44
Fixed in hotfixes
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/543
2013-03-29, 02:15:29
v3.2.1 beta 3 released
Fixes above issue.
2013-04-03, 23:13:00
Consensus ?
Is this ready for release ?
2013-04-05, 10:18:27
Sure, seems like it. Email me the file when you have it
(2013-04-03, 23:13:00)shawn_a Wrote: Consensus ? Found one bug(?) When calling: Code: getPageField(get_parent(0),'title') Code: Notice: Undefined index: index in /admin/inc/caching_functions.php on line 52 Solution: Restoring add_action('index-header'... -> add_action('index-pretemplate' as it was in 3.2 I guess this warning is related to one of plugins I use, probably one from i18n plugs family.
Addons: blue business theme, Online Visitors, Notepad
2013-04-08, 22:50:27
Thanks, so I can reproduce where are you calling this function?
2013-04-09, 00:25:41
It's located in header file included by all template files.
Addons: blue business theme, Online Visitors, Notepad
2013-04-09, 01:34:01
Well I do not have this problem, so i need to know where you are seeing it and where it is being called from.
What do you mean by header file included by all templates ?
2013-04-09, 08:29:56
getPageField(get_parent(0),'title'); posted somewhere Carlos, and this snippet was working flawlessly till 3.2.1
I'm using below code: Code: $custom_page_name = return_custom_field('pagetitle'); //custom page name I'm using plenty plugins, where among the other i18n plugin family plays the most important role. ps. i18n plugs tend to be problematic with every new GS update. Have that on mind, as Mvlcek's plugins bring too many features which GS just lacks.
Addons: blue business theme, Online Visitors, Notepad
2013-04-09, 09:51:39
And where do you I put this code to reproduce. You have to give me enough detail to reproduce. It's called a test case. I am not psychic.
2013-04-09, 10:21:56
hmm...I answered the best way I could.
Above droplet is placed in header.php file, included in all created template files. Droplet calls function used in i18n custom fields plugin, but there's as well i18n (with 18n nav) plugin installed - otherwise nested pages would use own functions to display menu items. Try to embed "getPageField(get_parent(0),'title');" in template and call it on a nested page. Mentioned earlier change from 'index-header' to 'index-pretemplate' call solves the problem, thus I suppose it's a problem between plugins, pretemplate and header calls, but warning in caching_functions.php doesn't show up on parent pages.
Addons: blue business theme, Online Visitors, Notepad
2013-04-09, 10:53:16
Heh droplet.
2013-04-10, 01:41:02
I still cannot reproduce this, nor does it make any sense. The hook we changed it to is called before the old one, so i doubt this is causing the error.
index-header is called before pretemplate, I am going to guess this is a plugin issue. Can you install my debug plugin and give me the backtrace for the error ?
2013-04-10, 01:48:00
Also you cannot call
getPageField(get_parent(0),'title'); Without wrapping it in a check to make sure parent is not empty, hence the error. which is what if (get_parent(0)!='') { does but its possible it is returning null instead of '' which the check does not do. should be if (!empty(get_parent(0))) {
2013-04-10, 02:11:40
minor issue, found doing a security review. direct access to files with config, backups must be disallowed. So GS can keep config inside .php files starting with a <?php die(); ?> or denying via config direct access (.xml files) but this config still miss quite a few files that must be directly denied direct access via .htaccess:
/data/other/logs/errorlog.txt is one of these, and even actual official get-simple.info fails to protect that file (not a problem to disclosure that info, it contains old not important data). Than double standard inside /backups/ where some files get a 'safe' extension (/backups/pages/pagename.bak.xml) but other files not, so you have to deny via config or .htaccess /backups/other/website.xml.bak and components.xml.bak I suggest to change those backup files from .xml.bak to .bak.xml in order to have an additional safety layer.
2013-04-10, 02:18:59
Yeah I noticed this, no clue why they are .bak did not bother with it since those directories should not be publicly available.
All data directory are deny all Except for uploads. I see no problem here.
2013-04-10, 02:49:29
> All data directory are deny all
> Except for uploads. good, i'll do a few tests and update the nginx config to include this general rule. I add that all files in /uploads/ should never be executed, so on nginx config i have this rule too. Maybe it can be ported to apache .htaccess: Quote: location ^~ /uploads/ {
2013-04-10, 02:53:26
That prevents access but does not prevent execution, you can disable php execution in uploads, but we leave that to the user as an extended security control. prefer to keep htaccess as simple as possible.
(2013-04-10, 01:48:00)shawn_a Wrote: Also you cannot call Using !empty resolves the problem (many thanks for pointing that out). But interesting is that using !='' didn't cause any problems since GS 3.1 when caching_functions.php utilised index-pretemplate. I assumed that earlier working !='' isn't the cause :\ ps. I found out that plugins tend to stop working or cause problems with every new GS release. If most popular plugs (not updated) won't work with new GS versions, this might become problematic during patch deployment or updating to new version w/o updating template's code. edit: slight change to prevent from fatal error $var = get_parent(0) if (!empty($var)) { ...
Addons: blue business theme, Online Visitors, Notepad
2013-04-10, 23:11:29
I am going to guess its another change in caching_functions and not the hook.
I will see if I can see anything obvious.
2013-04-10, 23:34:29
ok there was a change to retrieve page data from page cache instead of directly from file xml.
This is already to be reverted ( by something unrelated ) I am assuming page cache stores empty elements differently than just getting the simplexml from file. But empty is always the preffered way to check empty values since it covers null and empty strings.
2013-04-10, 23:43:33
yup confirmed.
pagesarray is null, and data_index is an empty simplexmlextended obj. We should probably cast all globals to strings here.
2013-04-11, 03:53:09
Beta 4 released, fixes 2 issues reported with current beta.
Adds a few features requested.
2013-04-11, 10:31:40
Thanks for everyone that helped with this release and testing. We need to get this out it has a lot of security fixes, tell your friends, clone your sites and test it please.
2013-04-18, 01:46:54
Have not heard anything, anyone test this ?
|
« Next Oldest | Next Newest »
|