- Moderated by:
- Support
.750 and Web_Links module doesn't work
-
- rank:
-
Helper
- registered:
- January 2004
- Status:
- offline
- last visit:
- 22.02.08
- Posts:
- 381
I have found a problem with the web links module in .750. It will display the first level of categories just fine, but if you click on a category it won't take you to the list of links.
I thought it might be an issue with the upgrade so I installed a fresh version of .750, added a category and a link inside the category, but am unable to enter the category.
-Chris
-
- rank:
-
Helper
- registered:
- January 2004
- Status:
- offline
- last visit:
- 22.02.08
- Posts:
- 381
OK - I figured it out. It doesn't work with register_globals OFF. The needed parameters aren't getting pulled using pnVarCleanFromInput like they should be :D
If someone hasn't fixed it yet I'll fix it, I just need to know where to send the code when I'm done.
-Chris
-
- rank:
-
Software Foundation
- registered:
- December 1969
- Status:
- offline
- last visit:
- 15.11.08
- Posts:
- 4481
same applies for some part of the banners and downloads module, too - see http://forums.postnuke.com/index.php?name=PNphpBB2&file=viewtopic&t=27222 and the NOC entries...
--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
-
- rank:
-
Helper
- registered:
- January 2004
- Status:
- offline
- last visit:
- 22.02.08
- Posts:
- 381
-
- rank:
-
Moderator
- registered:
- March 2002
- Status:
- offline
- last visit:
- 26.08.08
- Posts:
- 7720
Andreas,
Have you looked at the downloads module yet? If not i'll go through that one. Also noc.postnuke.com won't be back for a little while. A minor fedora core upgrade went horribly wrong and Drak is having to rebuild the box from scratch then migrate the actual gforge and mailman setups.
-Mark
-
- rank:
-
Helper
- registered:
- January 2004
- Status:
- offline
- last visit:
- 22.02.08
- Posts:
- 381
Add this:
Code
list($perpage,
$req,
$min,
$max,
$orderby,
$show,
$mainlink,
$ratenum,
$ratetype,
$newlinkshowdays,
$lid,
$cat,
$title,
$url,
$description,
$modifysubmitter,
$user,
$ratinglid,
$ratinguser,
$rating,
$ratinghost_name,
$ratingcomments,
$ttitle,
$selectdate,
$cid) = pnVarCleanFromInput('perpage',
'req',
'min',
'max',
'orderby',
'show',
'mainlink',
'ratenum',
'ratetype',
'newlinkshowdays',
'lid',
'cat',
'title',
'url',
'description',
'modifysubmitter',
'user',
'ratinglid',
'ratinguser',
'rating',
'ratinghost_name',
'ratingcomments',
'ttitle',
'selectdate',
'cid');
to line #72 in modules/Web_Links/index.php
-Chris
-
- rank:
-
Moderator
- registered:
- March 2002
- Status:
- offline
- last visit:
- 26.08.08
- Posts:
- 7720
-
- rank:
-
Helper
- registered:
- January 2004
- Status:
- offline
- last visit:
- 22.02.08
- Posts:
- 381
Banners are fixed.
You need to add this to line #374 in banners.php:
Code
$op = pnVarCleanFromInput('op');
Then change the function clientlogin() to be:
Code
function clientlogin()
{
include 'header.php';
OpenTable();
echo"<div style=\"text-align:center\">\n"
."<span class=\"pn-title\">"._BAN_ADVSTATS."</span><br /><br />\n"
."<form action=\"banners.php\" method=\"post\">\n"
.""._BAN_LOGIN." <input type=\"text\" name=\"login\" size=\"12\" maxlength=\"10\" /><br />\n"
.""._BAN_PASSWORD." <input type=\"password\" name=\"pass\" size=\"12\" maxlength=\"10\" /><br />\n"
."<input type=\"hidden\" name=\"op\" value=\"Ok\" /><br />\n"
."<input type=\"submit\" value=\""._BAN_LOGIN."\" />\n"
."</form>\n</div>\n";
CloseTable();
include 'footer.php';
}
And delete lines 31-33 in includes/blocks/banners.php that say:
Code
This code isn't needed in the includes/blocks/banners.php file since there is no directly executable code in the file. With it included clients can't login to get their stats or change their links.
-Chris
-
- rank:
-
Moderator
- registered:
- March 2002
- Status:
- offline
- last visit:
- 26.08.08
- Posts:
- 7720
Chris,
I'm not sure I follow the rationale behind changing the block. This code is added to prevent a path discolosue on direct access i.e. http://your.site.url/includes/blocks/banners.php. In a situation where displaying of errors is on (most web hosts) there will be a undefined variable error for $blocks_modules.
-Mark
-
- rank:
-
Professional
- registered:
- January 2004
- Status:
- offline
- last visit:
- 05.09.08
- Posts:
- 633
Thanks a lot for your fiw web_links and banners .
r3ap3r
And delete lines 31-33 in includes/blocks/banners.php that say:
Code
This code isn't needed in the includes/blocks/banners.php file since there is no directly executable code in the file. With it included clients can't login to get their stats or change their links.
-Chris
I don't think so : if you remove it and you try to access directly the file you get :
Fatal error: Call to undefined function: pnsecaddschema() in xxxx on line 50
this is precisely what we are triing to avoid by putting these lines !!
--
Visit my live reef aquarium.
My Amazon wish list.
-
- rank:
-
Helper
- registered:
- January 2004
- Status:
- offline
- last visit:
- 22.02.08
- Posts:
- 381
Ok, forgot about the path disclosure issue. If you have it included though you will get a 'You can't access this file directly' error if you try going to http://www.example.com/banners.php and there is an active banner block being displayed.
We'll have to think of some other way to check against it because it doesn't work with it.
-Chris
|
