Thread Rating:
  • 4 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Get simple 3.3.16 support for php 8.0
#1
Hi,
After many days waiting and suggestion df8oe from another topic, i decided upload my files when i correct error save pages and file uploader. Now pure gs 3.3.16 is work on php 8.0. Place zip on root folder and unpack this with rewrite files. Done.

http://gsphp8.multicolor.ovh/gsphp8.zip


GS IS STILL ALIVE!

///GS 3.3.16 Community Edition release- Project fixes by Multicolor & Islander


Project Website
https://getsimplecms-ce.github.io/

Github Project

https://github.com/GetSimpleCMS-CE/

Plugins repo compatible with php 8
https://getsimplecms-ce-plugins.github.io/

Github Plugins Repo
https://github.com/getsimplecms-ce-plugins/
Reply
#2
(2021-11-23, 01:55:20)multicolor Wrote: GS IS STILL ALIVE!

Yeah, just like Elvis
Reply
#3
Hi to all

Many people follow the trend of "having the latest version .... "
Please keep in Mind that it is not necessary to have the Get-Simple system work on PHP8

1) PHP8 does not make the get-simple cms faster - compared to other php8 systems
2) PHP8 does not make the get-simple cms safer

The Get-Simple cms is already blazing fast - compared to other php8 systems
Websites don't get hacked just because of php5.x or php7.x

------------------------------------------------------------------------------

Quote:Yeah, just like Elvis

Sorry to read that some people look down on the get-simple cms
F.
Reply
#4
(2021-11-23, 05:43:17)Felix Wrote: Hi to all

Many people follow the trend of "having the latest version .... "
Please keep in Mind that it is not necessary to have the Get-Simple system work on PHP8

1) PHP8 does not make the get-simple cms faster -  compared to other php8 systems
2) PHP8 does not make the get-simple cms safer

The Get-Simple cms is already blazing fast -  compared to other php8 systems
Websites don't get hacked just because of php5.x or php7.x

------------------------------------------------------------------------------

Quote:Yeah, just like Elvis

Sorry to read that some people look down on the get-simple cms
F.


I do it fixes for php 8.0 because some hosting does't support old php version, but i love this cms and i don't wanna leave support this. I hope you understand
Reply
#5
Quote:but i love this cms and i don't wanna leave support this ...
Hi multicolor,
Thank you for all your support. Yes I totally agree to keep this cms supported.
Maybe we can do something together to support this cms.
Reply
#6
Yes they do, php <7.3 have massive well known security flaws
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#7
I can take a look at any issues on github related to this, please create them.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#8
(2021-11-23, 10:21:17)shawn_a Wrote: I can take a look at any issues on github related to this, please create them.

github version is different than version download 3.3.16 from website. I based on them
Reply
#9
Thats not how github works, it has all versions
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#10
upload.php:
178 $dirSorted = subval_sort($dirsArray,'name'); 
a 's' disappeared
$dirSorted ... $dirsSorted

basic.php:
Why did you commented out the content of
safe_slash_html($text) { ... ?
Edit: Found https://github.com/GetSimpleCMS/GetSimpl...ssues/1342
Reply
#11
This project is too good to die yet, so lets keep it going.
I modified/replaced functions where it was neccessary to make the CMS PHP 8 compatiple.
Here is what I did:

Fixed bug in admin/changedata.php file line 52
Fixed bug in admin/changedata.php file line 60
Fixed bug in admin/upload.php file line 178

Modified/Replaced all functions using get_magic_quotes_gpc() in all relevant files.
PHP 8.0 no longer adds slashes to post variables so no need for stripslashes() the function get_magic_quotes_gpc() has been removed in PHP 8.0

Also added thumbnails to images when listing files in the Files tab.

Attaching the changed files, just unzip an drop in the GetSimpleCMS-3.3.16 folder to overwrite the previous versions of the changed files.

enjoy


Attached Files
.zip   _GetSimpleCMS-3.3.16-PHP-8.0-Compatible.zip (Size: 27.46 KB / Downloads: 39)
Reply
#12
(2021-11-24, 19:20:40)jofer Wrote: upload.php:
178 $dirSorted = subval_sort($dirsArray,'name'); 
a 's' disappeared
$dirSorted ... $dirsSorted

basic.php:
Why did you commented out the content of
safe_slash_html($text) { ... ?
Edit: Found https://github.com/GetSimpleCMS/GetSimpl...ssues/1342

Hi,
I am sure this is because the function get_magic_quotes_gpc() is removed in PHP 8.0
This is what I did:

function safe_slash_html($text) {

/* // PHP 8, no get_magic_quotes_gpc()
if (get_magic_quotes_gpc()==0) {
$text = addslashes(htmlspecialchars($text, ENT_QUOTES, 'UTF-8'));
} else {
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
}

return xmlFilterChars($text);
*/

// replacement
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
return xmlFilterChars($text);
}

Please see my post above
Reply
#13
nice if someone wants to PR this, go ahead
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#14
Fact is:
PHP 7.4 has its EOL 28th Nov 2022 - all older versions are no longer supplied with security updates. Every hoster who wants to be on the safe side has removed outdated PHP versions, so PHP 7.4 is just a few months away from beeing removed: https://www.php.net/supported-versions.php

PHP 8.0 will not get active development after 26th Nov 2022 and loose its security-fixes at 26th Nov 2023

This is not a question of GS - it is a question "in-priciple" of the motor which drives GS: PHP...

Regarding GitHub it seems that I do not have the correct url for the actively developed getsimple.If I look here: https://github.com/GetSimpleCMS/GetSimpleCMS all contributions have an age of years.

But it is very good work: As I think there is no known vulnerability inside GS. It is a very nice and powerful CMS!

Without using a versioning control we will loose control of complete GS.

Today I have had to add two castings to admin/upload.php because newly created folders have not allowed to upload anything:
#183 (array)$filesSorted
#271 (array)$filesSorted

This are the only two upcoming changes of my first post for migrating to PHP 8. I am running PHP 8.1 now since ~ half a year without any trouble (regarding getsimple). So getsimple is much, much nearer to work with PHP 8.x as many other projects. I was able to fix all problems by myself...
Reply
#15
(2022-07-25, 21:15:31)df8oe Wrote: Fact is:
PHP 7.4 has its EOL 28th Nov 2022

Could somebody perhaps make a complete downloadable zip file (3.3.17?) to be prepared for this date? PLEEEASE...
Reply
#16
Migrating my website CMS to PHP 8.1 which is now the current version.

I found two deprecations which affect GetSimple (will probably become hard errors when PHP9 comes):

1. They changed null parameter handling in built-in string functions like trim(), substr(), htmlentities() etc.
Until PHP 8.0, these functions silently handled a null argument as an empty string. Starting with PHP 8.1, a warning is thrown that passing null parameter is deprecated.
There are a few places in GetSimple cms, and unfortunately also in i18N plugings.
It is easy to fix this change by adding a null coalescing operator and an empty string (parameter ?? "") in any place where the warning pops up.

Fixes in GetSimple core:

/admin/inc/basic.php: line 85:
  $text = mb_convert_encoding($text ?? "",'HTML-ENTITIES',$from_enc);

/admin/inc/cookie_functions..php: line 23:
  return setcookie($id, $value, $expire, $cookie_path, $cookie_domain ??"", $cookie_secure??"", $cookie_httponly);

/admin/inc/cookie_functions..php: line 35:
return setcookie($id,false,1,$cookie_path,$cookie_domain??"",$cookie_secure??"", $cookie_httponly);

Also fixed some warnings of the same type in i18N Bases and i18N Search, but I do not know what Mvlcek thinks about modifying his plugins.

2. FILTER_SANITIZE_STRING is deprecated and must be removed.
It is used in admin/inc/security_functions.php in function var_out($var, $filter = "special").

I changed this function like this:

PHP Code:
function var_out($var,$filter "special"){
 
$var = (string)$var;

 
// php 5.2 shim
 
if(!defined('FILTER_SANITIZE_FULL_SPECIAL_CHARS')){
 
define('FILTER_SANITIZE_FULL_SPECIAL_CHARS',522);
 if(
$filter == "full") return htmlspecialchars($varENT_QUOTES);
 }

 
// php 8.1: FILTER_SANITIZE_STRING deprecated
 
if(function_exists"filter_var") && ($filter !== "string" )){
 
$aryFilter = array(
 
"int"    => FILTER_SANITIZE_NUMBER_INT,
 
"float"  => FILTER_SANITIZE_NUMBER_FLOAT,
 
"url"    => FILTER_SANITIZE_URL,
 
"email"  => FILTER_SANITIZE_EMAIL,
 
"special" => FILTER_SANITIZE_SPECIAL_CHARS,
 
"full"    => FILTER_SANITIZE_FULL_SPECIAL_CHARS
 
);
 if(isset(
$aryFilter[$filter])) return filter_var$var$aryFilter[$filter]);
 return 
filter_var$varFILTER_SANITIZE_SPECIAL_CHARS);
 }
 else if (
$filter === "string") {
 return 
htmlspecialchars($var);
 }
 else {
 return 
htmlentities($var);
 }


With these additional fixes, my GetSimple site seems to run flawlessly and without warnings on PHP 8.1. However, there are probably parts of the CMS I currently did not use, which also would throw such warnings.

Hope this helps a little further in making GetSimple "future-proof" Wink
Reply
#17
Quote:Could somebody perhaps make a complete downloadable zip file (3.3.17?) to be prepared for this date? PLEEEASE...

Hi Hypertexter, that is really a good idea. My free time is very limited.
Perhaps we should raise fund money and pay a coder to do this job.
Reply
#18
Quote:With these additional fixes, my GetSimple site seems to run flawlessly and without warnings on PHP 8.1.

Hi Knobbles, thanks for your reply on this. Another problem is to get the best plugins for GS compatible with PHP 8.x
Reply
#19
(2022-09-29, 06:58:54)Felix Wrote: Perhaps we should raise fund money and pay a coder to do this job.

Maybe use a website/service like BountySource? Although I'd far prefer an "official" update from the GetSimple folks and that money went to them instead.
Reply
#20
(2022-09-29, 04:52:35)Knobbles Wrote: Fixes in GetSimple core:

/admin/inc/basic.php: line 85:
  $text = mb_convert_encoding($text ?? "",'HTML-ENTITIES',$from_enc);

/admin/inc/cookie_functions..php: line 23:
  return setcookie($id, $value, $expire, $cookie_path, $cookie_domain ??"", $cookie_secure??"", $cookie_httponly);

/admin/inc/cookie_functions..php: line 35:
return setcookie($id,false,1,$cookie_path,$cookie_domain??"",$cookie_secure??"", $cookie_httponly);

@Knobbles Thanks for the info!
The first fix you included (/admin/inc/basic.php: line 85) should say "line 65"

I will try to incorporate these fixes into one of the above patch files and post it here as soon as I can get some time.
I will also try to see if I can if I can create a Pull Request via Github to see if that would help with an official version.
But I really dont know, as it seems that all the official peeps are busy with other things.


GS Community Edition with php8.x compatibility, new features and much more!  Support Me


Reply
#21
Information 
OK, here is an updated patch file for php 8.1

This file contains two folders:
  • _Report (Open "_Report.html" to see what files have been modified. Click "" icon to see the exact changes to file.)
  • patch (Contains the updated files to upload.)
If somebody wishes to review and test this, that would be very much appreciated.

These updates are the combined efforts "multicolor", "Abbe", and "Knobbles"

If there are any updates found that can be applied, I will try to add those updates.

I hope this helps.


GS Community Edition with php8.x compatibility, new features and much more!  Support Me


Reply
#22
Ok, we talking with Islander and we will start create GS 3.3.16 CE (community edition) - we will create some github page or something to download, with ready for use php 8.1 and 8.0. Next chapter to fix some plugins.Stay tuned.
Reply
#23
@Knobbles, @islander , ...

If you want to stay compatible with PHP < 7, I suggest you use the ternary operator instead of the null coalescing operator, e.g.:

Code:
isset($cookie_domain)?$cookie_domain:''
instead of
Code:
$cookie_domain ??""
Reply
#24
@Carlos
I think it would be good that is supports 7.x and above, unless there is a separate branch or just a patch for 8.x,
so if you can recommend any other changes like that, or provide info about file, line, code, that should be changed, that would be fantastic.

Send full line change, and I can add it to the patch file to provide the most recent developments.

Thanks for your help and knowledge


GS Community Edition with php8.x compatibility, new features and much more!  Support Me


Reply
#25
(2022-10-03, 05:17:40)Carlos Wrote: @Knobbles, @islander , ...

If you want to stay compatible with PHP < 7, I suggest you use the ternary operator instead of the null coalescing operator...

Like this?
admin/inc/cookie_functions.php
Line: 23
Code:
return setcookie($id, $value, $expire, $cookie_path, isset($cookie_domain)?$cookie_domain:'', $cookie_secure??"", $cookie_httponly);


GS Community Edition with php8.x compatibility, new features and much more!  Support Me


Reply




Users browsing this thread: 4 Guest(s)