Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Release 3.2.1 Beta 4
#1
Information 
http://get-simple.info/download/

Settings $LANG persistent xss injection.
Version missing from footer
xss vulns in backupedit, filebrowser, error_checking, edit
health check plugins.xml chmod check 644 writable
Some javascript i18n missing
ajax.php dir traversal
ununsed antixss typo
removed extra install.php from core
Undo link missing for page deletions
Data leakage via traversal inclusion on frontend
removed loadtab.php, arbitrary code execution
Default index.xml date is sep 2009, now install date
slug creation problems, servers with no mb extension
page options parent is blank
attempt to fix 3.0 upgrade issues, missing cache folder
Identify page on edit titlebar and footer
filebrowser cannot read space foldernames in uploads
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#2
No errors or problems on my boxes.

Anything specific to check for?
Reply
#3
Just a minor thing with translations.
In plugins tab, there's a hardcoded "Disabled Plugin" label (no var in translation file for it), and harcoded in js "Plugin Updated" notice after changing plugin status.

I stumbled upon couple errors (like function checking php ver in inc/common.php, changing admin path) and http 500's under php 5.4 environment. But switching between 5.2/5.3 and back to 5.4 somewhat unstucked GS and everything started working. I need to install couple more GS instances to make sure if it wasn't a short webserver caprice.
Addons: getsimple theme, Online Visitors, Notepad
Reply
#4
do you have any reports yojoe ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#5
I did a fresh install of 321b; php 5.4.6, default GS config (no custom vars and changes), GS installation in /getsimple subdir
Changing path in define('GSADMIN', 'newdir'); leads to an empty page, both frontend and backend.
Not a single php error appears, logs stay empty.

After contacting with hosting support the problem might lay in the way of use global vars under php5.4, especially paths.

Those are only thoughts.
Addons: getsimple theme, Online Visitors, Notepad
Reply
#6
Works fine for me, 5.4.6
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#7
Shawn: did you test/check on a production environment (webhosting with 5.4.x) or only on a localhost (win/lin?) ?
I have to find the reason why on php5.2.x GS works out of box, but after switching to p5.4.6 fresh GS instance with changed admin path refuses to work without any error output :/
Addons: getsimple theme, Online Visitors, Notepad
Reply
#8
Did you just rename the admin folder and change the config ?
I cannot imagine why that would have any issues.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#9
Can you just set it to 'admin' and see if that works ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#10
3.2.1 Beta 2 released
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#11
(2013-03-13, 23:02:14)shawn_a Wrote: Can you just set it to 'admin' and see if that works ?
Enabling and leaving GSADMIN in gsconfig with default value worked all the time. After I installed 3.2.1B1 3rd time, changed path started to work. None of the files were corrupt in earlier instances. Not even one error appear.
I just don't get it.

I hope B2 works on my current webhost from first shot. I'll check it on couple other webhosts also.
Addons: getsimple theme, Online Visitors, Notepad
Reply
#12
Could have been a permissions issue on the folder rename or something odd there.
Could it be an issue with upgrades on a system with a admin path ?
I have to admit I have never tested that.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#13
I've looked at directory attributes, and both 705/755 work now - I dodn't look at the permissions earlier, but assuming I didn't do anything else, that couldn't be the reason.
I can't remind myself if GS was ever making any changes to data structure or content of files in /admin dir.
Although some plugins were accessing and changing core files, but I didn't install any in test environment.

It's really odd, thus it would be great if anyone tests beta versions too on a production server with php 5.4
Addons: getsimple theme, Online Visitors, Notepad
Reply
#14
This thread is about 3.2.1beta
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#15
Brick 
I seem to have encountered a minor bug in the latest master branch (as of 3 hours before posting this). Freshly downloaded and installed on a local XAMPP server and with pretty urls as well as mod-rewrite enabled, I got a "'Page not found" when clicking the "Home" link on the frontend's menu bar. Likewise when entering the proper url directly into the browser address field

The immidiate problem was that the check in index.php on line 51:
if (!array_key_exists($id, $pagesArray)) returned true because there in fact was no key: "index" in that array - there only was a key: "index " (with a space).

My temporary solution was to trim the value in function pageCacheXMLtoArray($xml) (caching_functions.php) as this:
line 325 before: $key = (string) $page->url;
line 325 after: $key = (string) trim($page->url);
Of course the more permanent solution should be to sanitize matters a bit closer to the origin.
Reply
#16
Just to add that the temporary solution above also is only a partial one. If one view the source as rendered by the browser the: link rel="canonical" href="http://localhost/trv/cms/index /" still has the extra space and therefore doesn't work.

All this only applies to the default index page. All is and was okay with my own test pages.
Reply
#17
what this means in version 3.2.1 Beta 2
Code:
Apache web server    LiteSpeed - Error
Warning: Server Setup non-Apache
PHP Version 5.2.17
Reply
#18
@Oleg06

It's since 3.2.0

It means your server is not Apache, so GS doesn't know if .htaccess is supported (deny files...).
So you should make sure that your data files (pages, users, backups, etc.) cannot not be viewed with a browser, either because actually .htaccess is supported, or because you protected those data folders yourself.

If you're sure your site is secured properly, you can disable that warning by adding (or uncommenting) this in gsconfig:

define('GSNOAPACHECHECK', true);

( http://get-simple.info/forums/showthread.php?tid=4334 )
Reply
#19
once you've shoved me out of this topic, so I downloaded the beta and asked again Smile
thanks for the tip
Reply
#20
Thanks oleg, I do not want to spend time on something not current. Making sure issues are reported against current versions.

Its on my list for later but maybe we should go ahead and add a fucking link to the wiki , since noone reads the damn install requirements. Or maybe we can add some other apache clones to the list of aprooved web servers.

Please report false positives on this, as the apache detection code is not the best but helps us alot in identifying why htaccess are not working for folks.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#21
Too much html decoding in 3.2.1 betas.
Try creating a page with this content (in source code mode)
a<b

It's being rendered as:
a<b
(broken tag)
Reply
#22
We didn't change anything directly related to that.
I added sanitizers to some post fields maybe that did it.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#23
Any ideas?
Before save issue or rendering issue ?

edit
xml
Code:
<content><![CDATA[a&amp;lt;b]]></content>
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#24
Rendering issue.

I've just checked again just in case.

Here is an example:

Editor in WYSIWYG mode:
Code:
love <3

Same content but in source code mode is:
Code:
<p>love &lt;3</p>

The XML file is saved as:
Code:
...
<content><![CDATA[&lt;p&gt;love &amp;lt;3&lt;/p&gt;
]]></content>
...

Rendered HTML (broken) by GS 3.2.1 beta is now:
Code:
<p>love <3</p>

GS 3.2.0, 3.1.2, etc. properly rendered it as:
Code:
<p>love &lt;3</p>
Reply
#25
Ok ill fix it, I know what caused it.
We are using getcontent now to load the global, so its running twice. Just like the filter was running twice and we fixed that.

We need to just change that to raw and exclude this also

$content = stripslashes(htmlspecialchars_decode($data->$field, ENT_QUOTES));
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply




Users browsing this thread: 1 Guest(s)
Free HDTV Channels Residential Solar Panels