Menu
▾
▴
phpesp-devel — Discussion of the development of phpESP
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
(103) |
Apr
(37) |
May
(45) |
Jun
(49) |
Jul
(55) |
Aug
(11) |
Sep
(47) |
Oct
(55) |
Nov
(47) |
Dec
(8) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(43) |
Feb
(85) |
Mar
(121) |
Apr
(37) |
May
(33) |
Jun
(33) |
Jul
(14) |
Aug
(34) |
Sep
(58) |
Oct
(68) |
Nov
(31) |
Dec
(9) |
| 2004 |
Jan
(13) |
Feb
(57) |
Mar
(37) |
Apr
(26) |
May
(57) |
Jun
(14) |
Jul
(8) |
Aug
(12) |
Sep
(32) |
Oct
(10) |
Nov
(7) |
Dec
(12) |
| 2005 |
Jan
(8) |
Feb
(25) |
Mar
(50) |
Apr
(20) |
May
(32) |
Jun
(20) |
Jul
(83) |
Aug
(25) |
Sep
(17) |
Oct
(14) |
Nov
(32) |
Dec
(27) |
| 2006 |
Jan
(24) |
Feb
(15) |
Mar
(46) |
Apr
(5) |
May
(6) |
Jun
(9) |
Jul
(12) |
Aug
(5) |
Sep
(7) |
Oct
(7) |
Nov
(4) |
Dec
(5) |
| 2007 |
Jan
(4) |
Feb
(1) |
Mar
(7) |
Apr
(3) |
May
(4) |
Jun
|
Jul
|
Aug
(2) |
Sep
(2) |
Oct
|
Nov
(22) |
Dec
(19) |
| 2008 |
Jan
(94) |
Feb
(19) |
Mar
(32) |
Apr
(46) |
May
(20) |
Jun
(10) |
Jul
(11) |
Aug
(20) |
Sep
(16) |
Oct
(12) |
Nov
(13) |
Dec
|
| 2009 |
Jan
|
Feb
(9) |
Mar
(37) |
Apr
(65) |
May
(15) |
Jun
|
Jul
(24) |
Aug
(1) |
Sep
(8) |
Oct
(4) |
Nov
(21) |
Dec
(5) |
| 2010 |
Jan
(35) |
Feb
(6) |
Mar
(8) |
Apr
|
May
(4) |
Jun
(3) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2008-10-03 15:57:45
|
Bugs item #2138508, was opened at 2008-09-30 18:04 Message generated for change (Settings changed) made by liedekef You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v2.0.2 >Status: Closed >Resolution: Invalid Priority: 5 Private: No Submitted By: Jonathan Hughes (xerxesii) Assigned to: Franky Van Liedekerke (liedekef) Summary: group manager cannot do much managing Initial Comment: A group manager cannot add a new designer using the forms interface, or perform other tasks such as changing user flags. Message is "This account does not have permission to access this group". Batch submission works OK. Cannot duplicate on demo site since user doesn't have this capability. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-10-03 14:49 Message: I've found it, it was nnot a bug but a configuration matter. In the default config file (phpESP.ini.php.default) the setting is as followed: $ESPCONFIG['limit_double_postings'] = 3; By adding the next line to phpESP.ini.php the problem is solved $ESPCONFIG['limit_double_postings'] = 0; Greetings Arjan ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-10-03 14:49 Message: I've found it, it was nnot a bug but a configuration matter. In the default config file (phpESP.ini.php.default) the setting is as followed: $ESPCONFIG['limit_double_postings'] = 3; By adding the next line to phpESP.ini.php the problem is solved $ESPCONFIG['limit_double_postings'] = 0; Greetings Arjan ---------------------------------------------------------------------- Comment By: Franky Van Liedekerke (liedekef) Date: 2008-10-03 13:21 Message: I'll check this out. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-10-03 12:50:03
|
Bugs item #2138508, was opened at 2008-09-30 16:04 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v2.0.2 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jonathan Hughes (xerxesii) Assigned to: Franky Van Liedekerke (liedekef) Summary: group manager cannot do much managing Initial Comment: A group manager cannot add a new designer using the forms interface, or perform other tasks such as changing user flags. Message is "This account does not have permission to access this group". Batch submission works OK. Cannot duplicate on demo site since user doesn't have this capability. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-10-03 12:49 Message: I've found it, it was nnot a bug but a configuration matter. In the default config file (phpESP.ini.php.default) the setting is as followed: $ESPCONFIG['limit_double_postings'] = 3; By adding the next line to phpESP.ini.php the problem is solved $ESPCONFIG['limit_double_postings'] = 0; Greetings Arjan ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-10-03 12:49 Message: I've found it, it was nnot a bug but a configuration matter. In the default config file (phpESP.ini.php.default) the setting is as followed: $ESPCONFIG['limit_double_postings'] = 3; By adding the next line to phpESP.ini.php the problem is solved $ESPCONFIG['limit_double_postings'] = 0; Greetings Arjan ---------------------------------------------------------------------- Comment By: Franky Van Liedekerke (liedekef) Date: 2008-10-03 11:21 Message: I'll check this out. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-10-03 12:49:35
|
Bugs item #2138508, was opened at 2008-09-30 16:04 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v2.0.2 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jonathan Hughes (xerxesii) Assigned to: Franky Van Liedekerke (liedekef) Summary: group manager cannot do much managing Initial Comment: A group manager cannot add a new designer using the forms interface, or perform other tasks such as changing user flags. Message is "This account does not have permission to access this group". Batch submission works OK. Cannot duplicate on demo site since user doesn't have this capability. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-10-03 12:49 Message: I've found it, it was nnot a bug but a configuration matter. In the default config file (phpESP.ini.php.default) the setting is as followed: $ESPCONFIG['limit_double_postings'] = 3; By adding the next line to phpESP.ini.php the problem is solved $ESPCONFIG['limit_double_postings'] = 0; Greetings Arjan ---------------------------------------------------------------------- Comment By: Franky Van Liedekerke (liedekef) Date: 2008-10-03 11:21 Message: I'll check this out. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-10-03 11:21:43
|
Bugs item #2138508, was opened at 2008-09-30 18:04 Message generated for change (Comment added) made by liedekef You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v2.0.2 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jonathan Hughes (xerxesii) >Assigned to: Franky Van Liedekerke (liedekef) Summary: group manager cannot do much managing Initial Comment: A group manager cannot add a new designer using the forms interface, or perform other tasks such as changing user flags. Message is "This account does not have permission to access this group". Batch submission works OK. Cannot duplicate on demo site since user doesn't have this capability. ---------------------------------------------------------------------- >Comment By: Franky Van Liedekerke (liedekef) Date: 2008-10-03 13:21 Message: I'll check this out. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-10-03 11:20:36
|
Bugs item #2144034, was opened at 2008-10-03 12:02 Message generated for change (Comment added) made by liedekef You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2144034&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: None >Status: Closed >Resolution: Invalid Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: survey can only be submitted once per user Initial Comment: We've recently upgraded to version 2.1.2 (from 1.8). When filling in a survey it is only possible to submit it once. When trying to fill in the same survey the survey is closed. This happens with survey that were in use before de update. Anny suggestions on how to fix this. Ive looked in de database and can't find anything wrong (close dates are empty). Greetings, Arjan ---------------------------------------------------------------------- >Comment By: Franky Van Liedekerke (liedekef) Date: 2008-10-03 13:20 Message: Look at the option "limit_double_postings" in phpesp.ini.php.default. If this setting is not ok for you, add it to phpesp.ini.php and set it to 0 to disable. Franky ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2144034&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-10-03 10:03:00
|
Bugs item #2144034, was opened at 2008-10-03 10:02 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2144034&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: survey can only be submitted once per user Initial Comment: We've recently upgraded to version 2.1.2 (from 1.8). When filling in a survey it is only possible to submit it once. When trying to fill in the same survey the survey is closed. This happens with survey that were in use before de update. Anny suggestions on how to fix this. Ive looked in de database and can't find anything wrong (close dates are empty). Greetings, Arjan ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2144034&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-09-30 16:05:05
|
Bugs item #2138508, was opened at 2008-09-30 17:04 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v2.0.2 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jonathan Hughes (xerxesii) Assigned to: Nobody/Anonymous (nobody) Summary: group manager cannot do much managing Initial Comment: A group manager cannot add a new designer using the forms interface, or perform other tasks such as changing user flags. Message is "This account does not have permission to access this group". Batch submission works OK. Cannot duplicate on demo site since user doesn't have this capability. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 |
|
From: Bishop B. <ph...@id...> - 2008-09-26 11:58:42
|
Charles, Thanks for your response. Per my earlier email, this has been fixed in the latest released version: https://sourceforge.net/tracker/index.php?func=detail&aid=2035113&group_id=8956&atid=108956 Please download version 2.1.2 and use that: https://sourceforge.net/project/showfiles.php?group_id=8956 You can also get the latest code from SVN, if 2.1.2 fails to work for you: http://phpesp.svn.sourceforge.net/viewvc/phpesp/trunk/ (Click download GNU tarball) Regards, bishop Quoting Charles Toh <cha...@gm...>: > Dear Bishop > > I did not activate the survey, go into test and then acitivate again.PHPesp > version is 2.1.1, which I dowloaded only a few days ago. > > For more information about the error, you can test at > http://www.ua-solutions.com/survey. username and password remains as "root" > and "esp" respectively. > > Thanks for your advice. > > With regards > Charles > > On Thu, Sep 25, 2008 at 9:49 PM, Bishop Bettini <ph...@id...> wrote: > >> Charles, >> >> Did you activate this survey, then go into test, then activate again? What >> version of PHPESP are you running? >> >> >> Team, >> The survey status is 9, which I think can only mean the survey has been >> activated (0x00 | 0x01 = 0x01), put into test (0x08 | 0x01 = 0x09), and then >> activated again (error). >> >> But admin/include/where/status.inc:45 prevents an active survey from going >> into test. >> >> Thoughts? >> >> bishop >> >> ----- Forwarded message from cha...@us... ----- >> Date: Thu, 25 Sep 2008 08:41:12 +0000 >> From: Charles Charles <cha...@us...> >> Reply-To: Charles Charles <cha...@us...> >> Subject: phpesp error >> To: bi...@us... >> Cc: cha...@us... >> >> >> >> Message body follows: >> >> I recently install phpesp on my server. Everything looks to >> be working well. >> >> EXCEPT when I tried to change the status from "test" >> to "active" at "change status of survey", I get the >> following error message: >> >> Can not set survey status. [ Status: 9 ] >> >> Could you assist on how I can resolve this? >> >> -- >> This message has been sent to you, a registered SourceForge.net user, >> by another site user, through the SourceForge.net site. This message >> has been delivered to your SourceForge.net mail alias. You may reply >> to this message using the "Reply" feature of your email client, or >> using the messaging facility of SourceForge.net at: >> https://sourceforge.net/sendmessage.php?touser=2227450 >> >> >> ----- End forwarded message ----- >> >> >> -- >> Bishop Bettini >> ideacode, Inc. >> (main) +1 919 341 5170 / (fax) +1 919 521 4100 >> >> Visit us on the web at: >> ideacode.com Professional software research and development >> reviewmysoftware.com Improve sales! Review your software before you >> release >> bytejar.com Solutions to those annoying development problems >> >> > -- Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Bishop B. <ph...@id...> - 2008-09-25 14:07:29
|
Charles, This is the result of a bug in older versions of the software. You need to do two things: 1. Update to the latest version of PHPESP, possibly from SVN HEAD 2. Manually update the surveys to the correct status, eg: UPDATE survey SET status=1 WHERE id=whatever See bug 2035113 in the SourceForge tracker https://sourceforge.net/tracker/index.php?func=detail&aid=2035113&group_id=8956&atid=108956 bishop Quoting Bishop Bettini <ph...@id...>: > Charles, > > Did you activate this survey, then go into test, then activate again? > What version of PHPESP are you running? > > > Team, > The survey status is 9, which I think can only mean the survey has > been activated (0x00 | 0x01 = 0x01), put into test (0x08 | 0x01 = > 0x09), and then activated again (error). > > But admin/include/where/status.inc:45 prevents an active survey from > going into test. > > Thoughts? > > bishop > > ----- Forwarded message from cha...@us... ----- > Date: Thu, 25 Sep 2008 08:41:12 +0000 > From: Charles Charles <cha...@us...> > Reply-To: Charles Charles <cha...@us...> > Subject: phpesp error > To: bi...@us... > Cc: cha...@us... > > > Message body follows: > > I recently install phpesp on my server. Everything looks to > be working well. > > EXCEPT when I tried to change the status from "test" > to "active" at "change status of survey", I get the > following error message: > > Can not set survey status. [ Status: 9 ] > > Could you assist on how I can resolve this? > > -- > This message has been sent to you, a registered SourceForge.net user, > by another site user, through the SourceForge.net site. This message > has been delivered to your SourceForge.net mail alias. You may reply > to this message using the "Reply" feature of your email client, or > using the messaging facility of SourceForge.net at: > https://sourceforge.net/sendmessage.php?touser=2227450 > > > ----- End forwarded message ----- > > > -- > Bishop Bettini > ideacode, Inc. > (main) +1 919 341 5170 / (fax) +1 919 521 4100 > > Visit us on the web at: > ideacode.com Professional software research and development > reviewmysoftware.com Improve sales! Review your software before you release > bytejar.com Solutions to those annoying development problems > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > -- Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: SourceForge.net <no...@so...> - 2008-09-25 14:02:59
|
Bugs item #2119492, was opened at 2008-09-19 11:16 Message generated for change (Comment added) made by bishopb You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2119492&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) >Assigned to: bishop (bishopb) Summary: opening/closing date Initial Comment: The opening and closing date are not allowed to left empty. (At least my mysql did not accept an empty string). I changed some code in \admin\include\function\survey_update.inc to handle this. At the moment it's not clear how to enter the opening and closing dates. Maybe it's nice to have a calendar interface for these dates. ---------------------------------------------------------------------- >Comment By: bishop (bishopb) Date: 2008-09-25 10:02 Message: What versions of MySQL and PHPESP are you running? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2119492&group_id=8956 |
|
From: Bishop B. <ph...@id...> - 2008-09-25 14:01:02
|
I added and resolved the bug. May want to forward to the original reporter.
bishop
Quoting Matthew Gregg <mat...@gm...>:
> I think a bug for this is a good idea. I know many moons ago I did
> this, but lots of code has changed.
>
> On Thu, 2008-09-25 at 09:32 -0400, Bishop Bettini wrote:
>> Yeah, I missed the fact that $_name went through _addslashes() in the
>> original email. I just now followed up with a trace verifying
>> _addslashes() quotes properly.
>>
>> Nonetheless, I'd advise adding the incoming message as a bug, then
>> marking it as not a bug, so we know this issue's been handled.
>>
>> bishop
>>
>> Quoting Matthew Gregg <mat...@gm...>:
>>
>> > Isn't $_name quoted? _addslashes does the quoting.
>> >
>> > if(get_magic_quotes_gpc()) {
>> > function _addslashes($a)
>> > { return(db_qstr(stripslashes($a))); }
>> > function _stripslashes($a) { return(stripslashes($a)); }
>> > } else {
>> > function _addslashes($a) { return(db_qstr($a)); }
>> > function _stripslashes($a) { return($a); }
>> > }
>> >
>> > On Thu, 2008-09-25 at 09:24 -0400, Bishop Bettini wrote:
>> >> Any parameters to an SQL query not going through the adodb quoting
>> >> mechanism is vulnerable to SQL injection attacks. The proposed fix
>> >> (just enclosing in single quotes) is itself insufficient, as single
>> >> quotes can be fooled by prematurely closing the quote, inserting a
>> >> statement, then restarting, as in:
>> >>
>> >> '; DELETE FROM respondent; '1=1
>> >>
>> >> So, the problem is legitimate, the fix is not. A bug (or task) should
>> >> be added to tracker to go through all SQL commands and ensure all
>> >> parameters are quoted, including this instance. Thoughts?
>> >>
>> >> bishop
>> >>
>> >>
>> >> Quoting Matthew Gregg <mat...@gm...>:
>> >>
>> >> > I received the message below, but don't have time to do a thorough
>> >> > investigation at the moment. A quick look, seem like this is not a
>> >> > problem. Anyone with more time please take a look.
>> >> >
>> >> >> File: phpESP/public/survey.php
>> >> >> Lines:
>> >> >>
>> >> >> 15 $_name = _addslashes($_GET['name']);
>> >> >> 25 $_sql = "SELECT id,title,theme FROM
>> >> >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name";
>> >> >>
>> >> >> Since the variable $_name is not embedded in quotes, the function
>> >> >> addslashes will not prevent SQL injection attacks since the attacker
>> >> >> does not
>> >> >> need to use quotes.
>> >> >>
>> >> >> PoC:
>> >> >> survey.php?name=1 and 1=0 union select null, username, password from
>> >> >> designer
>> >> >>
>> >> >> Fix:
>> >> >> 25 $_sql = "SELECT id,title,theme FROM
>> >> >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'";
>> >> >
>> >> >
>> >> >
>> -------------------------------------------------------------------------
>> >> > This SF.Net email is sponsored by the Moblin Your Move
>> >> Developer's challenge
>> >> > Build the coolest Linux based applications with Moblin SDK & win
>> >> great prizes
>> >> > Grand prize is a trip for two to an Open Source event anywhere in
>> >> the world
>> >> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> >> > _______________________________________________
>> >> > phpESP-devel mailing list
>> >> > php...@li...
>> >> > https://lists.sourceforge.net/lists/listinfo/phpesp-devel
>> >> >
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>>
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> phpESP-devel mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpesp-devel
>
--
Bishop Bettini
ideacode, Inc.
(main) +1 919 341 5170 / (fax) +1 919 521 4100
Visit us on the web at:
ideacode.com Professional software research and development
reviewmysoftware.com Improve sales! Review your software before you release
bytejar.com Solutions to those annoying development problems
|
|
From: SourceForge.net <no...@so...> - 2008-09-25 13:58:57
|
Bugs item #2128464, was opened at 2008-09-25 09:54 Message generated for change (Comment added) made by bishopb You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2128464&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: SQL Group: None >Status: Closed >Resolution: Invalid Priority: 1 Private: No Submitted By: bishop (bishopb) >Assigned to: bishop (bishopb) Summary: Unquoted variable ($_name) allows SQL injection attack Initial Comment: Reported via email to Matthew Gregg: File: phpESP/public/survey.php Lines: 15 $_name = _addslashes($_GET['name']); 25 $_sql = "SELECT id,title,theme FROM " $GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name"; Since the variable $_name is not embedded in quotes, the function addslashes will not prevent SQL injection attacks since the attacker does not need to use quotes. PoC: survey.php?name=1 and 1=0 union select null,username, password from designer Fix: 25 $_sql = "SELECT id,title,theme FROM ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'"; ---------------------------------------------------------------------- >Comment By: bishop (bishopb) Date: 2008-09-25 09:58 Message: $_name is quoted by _addslashes(). Here is the call order: _addslashes() calls db_qstr() db_qstr() calls ADODB::qstr() ADODB::qstr() does the proper quoting to prevent SQL injection attacks. So, as long as the variables are going through _addslashes(), then there is no bug. Had _addslashes() not been present, the proposed fix (just enclosing in single quotes) is itself insufficient, as single quotes can be fooled by prematurely closing the quote, inserting a statement, then restarting, as in: '; DELETE FROM respondent; '1=1 Requirement: all parameters to all SQL statements should go through _addslashes() ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2128464&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-09-25 13:54:43
|
Bugs item #2128464, was opened at 2008-09-25 09:54 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2128464&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: SQL Group: None Status: Open Resolution: None Priority: 1 Private: No Submitted By: bishop (bishopb) Assigned to: Nobody/Anonymous (nobody) Summary: Unquoted variable ($_name) allows SQL injection attack Initial Comment: Reported via email to Matthew Gregg: File: phpESP/public/survey.php Lines: 15 $_name = _addslashes($_GET['name']); 25 $_sql = "SELECT id,title,theme FROM " $GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name"; Since the variable $_name is not embedded in quotes, the function addslashes will not prevent SQL injection attacks since the attacker does not need to use quotes. PoC: survey.php?name=1 and 1=0 union select null,username, password from designer Fix: 25 $_sql = "SELECT id,title,theme FROM ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'"; ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2128464&group_id=8956 |
|
From: Bishop B. <ph...@id...> - 2008-09-25 13:51:18
|
Yeah, I missed the fact that $_name went through _addslashes() in the
original email. I just now followed up with a trace verifying
_addslashes() quotes properly.
Nonetheless, I'd advise adding the incoming message as a bug, then
marking it as not a bug, so we know this issue's been handled.
bishop
Quoting Matthew Gregg <mat...@gm...>:
> Isn't $_name quoted? _addslashes does the quoting.
>
> if(get_magic_quotes_gpc()) {
> function _addslashes($a)
> { return(db_qstr(stripslashes($a))); }
> function _stripslashes($a) { return(stripslashes($a)); }
> } else {
> function _addslashes($a) { return(db_qstr($a)); }
> function _stripslashes($a) { return($a); }
> }
>
> On Thu, 2008-09-25 at 09:24 -0400, Bishop Bettini wrote:
>> Any parameters to an SQL query not going through the adodb quoting
>> mechanism is vulnerable to SQL injection attacks. The proposed fix
>> (just enclosing in single quotes) is itself insufficient, as single
>> quotes can be fooled by prematurely closing the quote, inserting a
>> statement, then restarting, as in:
>>
>> '; DELETE FROM respondent; '1=1
>>
>> So, the problem is legitimate, the fix is not. A bug (or task) should
>> be added to tracker to go through all SQL commands and ensure all
>> parameters are quoted, including this instance. Thoughts?
>>
>> bishop
>>
>>
>> Quoting Matthew Gregg <mat...@gm...>:
>>
>> > I received the message below, but don't have time to do a thorough
>> > investigation at the moment. A quick look, seem like this is not a
>> > problem. Anyone with more time please take a look.
>> >
>> >> File: phpESP/public/survey.php
>> >> Lines:
>> >>
>> >> 15 $_name = _addslashes($_GET['name']);
>> >> 25 $_sql = "SELECT id,title,theme FROM
>> >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name";
>> >>
>> >> Since the variable $_name is not embedded in quotes, the function
>> >> addslashes will not prevent SQL injection attacks since the attacker
>> >> does not
>> >> need to use quotes.
>> >>
>> >> PoC:
>> >> survey.php?name=1 and 1=0 union select null, username, password from
>> >> designer
>> >>
>> >> Fix:
>> >> 25 $_sql = "SELECT id,title,theme FROM
>> >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'";
>> >
>> >
>> > -------------------------------------------------------------------------
>> > This SF.Net email is sponsored by the Moblin Your Move
>> Developer's challenge
>> > Build the coolest Linux based applications with Moblin SDK & win
>> great prizes
>> > Grand prize is a trip for two to an Open Source event anywhere in
>> the world
>> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> > _______________________________________________
>> > phpESP-devel mailing list
>> > php...@li...
>> > https://lists.sourceforge.net/lists/listinfo/phpesp-devel
>> >
>>
>>
>>
>
>
--
Bishop Bettini
ideacode, Inc.
(main) +1 919 341 5170 / (fax) +1 919 521 4100
Visit us on the web at:
ideacode.com Professional software research and development
reviewmysoftware.com Improve sales! Review your software before you release
bytejar.com Solutions to those annoying development problems
|
|
From: Bishop B. <ph...@id...> - 2008-09-25 13:51:17
|
Any parameters to an SQL query not going through the adodb quoting mechanism is vulnerable to SQL injection attacks. The proposed fix (just enclosing in single quotes) is itself insufficient, as single quotes can be fooled by prematurely closing the quote, inserting a statement, then restarting, as in: '; DELETE FROM respondent; '1=1 So, the problem is legitimate, the fix is not. A bug (or task) should be added to tracker to go through all SQL commands and ensure all parameters are quoted, including this instance. Thoughts? bishop Quoting Matthew Gregg <mat...@gm...>: > I received the message below, but don't have time to do a thorough > investigation at the moment. A quick look, seem like this is not a > problem. Anyone with more time please take a look. > >> File: phpESP/public/survey.php >> Lines: >> >> 15 $_name = _addslashes($_GET['name']); >> 25 $_sql = "SELECT id,title,theme FROM >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name"; >> >> Since the variable $_name is not embedded in quotes, the function >> addslashes will not prevent SQL injection attacks since the attacker >> does not >> need to use quotes. >> >> PoC: >> survey.php?name=1 and 1=0 union select null, username, password from >> designer >> >> Fix: >> 25 $_sql = "SELECT id,title,theme FROM >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'"; > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > -- Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Bishop B. <ph...@id...> - 2008-09-25 13:51:17
|
Regarding my last email, I skipped over the fact that $_name is going through _addslashes(), so my point about the bug being valid is false. Here is the call order: _addslashes() calls db_qstr() db_qstr() calls ADODB::qstr() ADODB::qstr() does the proper quoting to prevent SQL injection attacks. So, as long as the variables are going through _addslashes(), then there is no bug. bishop Quoting Franky Van Liedekerke <lie...@te...>: > IIRC the function _addslashes adds quotes itself, therefore no quotes are > needed in the sql statement. I'll check this evening, but for now I would > advise no action. > > Franky > > On Thu, Sep 25, 2008 at 3:05 PM, Matthew Gregg > <mat...@gm...>wrote: > >> I received the message below, but don't have time to do a thorough >> investigation at the moment. A quick look, seem like this is not a >> problem. Anyone with more time please take a look. >> >> > File: phpESP/public/survey.php >> > Lines: >> > >> > 15 $_name = _addslashes($_GET['name']); >> > 25 $_sql = "SELECT id,title,theme FROM >> > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name"; >> > >> > Since the variable $_name is not embedded in quotes, the function >> > addslashes will not prevent SQL injection attacks since the attacker >> > does not >> > need to use quotes. >> > >> > PoC: >> > survey.php?name=1 and 1=0 union select null, username, password from >> > designer >> > >> > Fix: >> > 25 $_sql = "SELECT id,title,theme FROM >> > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'"; >> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> phpESP-devel mailing list >> php...@li... >> https://lists.sourceforge.net/lists/listinfo/phpesp-devel >> >> > -- Bishop Bettini ideacode, Inc. (main) +1 919 341 5170 / (fax) +1 919 521 4100 Visit us on the web at: ideacode.com Professional software research and development reviewmysoftware.com Improve sales! Review your software before you release bytejar.com Solutions to those annoying development problems |
|
From: Bishop B. <ph...@id...> - 2008-09-25 13:49:15
|
Charles,
Did you activate this survey, then go into test, then activate again?
What version of PHPESP are you running?
Team,
The survey status is 9, which I think can only mean the survey has
been activated (0x00 | 0x01 = 0x01), put into test (0x08 | 0x01 =
0x09), and then activated again (error).
But admin/include/where/status.inc:45 prevents an active survey from
going into test.
Thoughts?
bishop
----- Forwarded message from cha...@us... -----
Date: Thu, 25 Sep 2008 08:41:12 +0000
From: Charles Charles <cha...@us...>
Reply-To: Charles Charles <cha...@us...>
Subject: phpesp error
To: bi...@us...
Cc: cha...@us...
Message body follows:
I recently install phpesp on my server. Everything looks to
be working well.
EXCEPT when I tried to change the status from "test"
to "active" at "change status of survey", I get the
following error message:
Can not set survey status. [ Status: 9 ]
Could you assist on how I can resolve this?
--
This message has been sent to you, a registered SourceForge.net user,
by another site user, through the SourceForge.net site. This message
has been delivered to your SourceForge.net mail alias. You may reply
to this message using the "Reply" feature of your email client, or
using the messaging facility of SourceForge.net at:
https://sourceforge.net/sendmessage.php?touser=2227450
----- End forwarded message -----
--
Bishop Bettini
ideacode, Inc.
(main) +1 919 341 5170 / (fax) +1 919 521 4100
Visit us on the web at:
ideacode.com Professional software research and development
reviewmysoftware.com Improve sales! Review your software before you release
bytejar.com Solutions to those annoying development problems
|
|
From: Matthew G. <mat...@gm...> - 2008-09-25 13:36:40
|
I think a bug for this is a good idea. I know many moons ago I did
this, but lots of code has changed.
On Thu, 2008-09-25 at 09:32 -0400, Bishop Bettini wrote:
> Yeah, I missed the fact that $_name went through _addslashes() in the
> original email. I just now followed up with a trace verifying
> _addslashes() quotes properly.
>
> Nonetheless, I'd advise adding the incoming message as a bug, then
> marking it as not a bug, so we know this issue's been handled.
>
> bishop
>
> Quoting Matthew Gregg <mat...@gm...>:
>
> > Isn't $_name quoted? _addslashes does the quoting.
> >
> > if(get_magic_quotes_gpc()) {
> > function _addslashes($a)
> > { return(db_qstr(stripslashes($a))); }
> > function _stripslashes($a) { return(stripslashes($a)); }
> > } else {
> > function _addslashes($a) { return(db_qstr($a)); }
> > function _stripslashes($a) { return($a); }
> > }
> >
> > On Thu, 2008-09-25 at 09:24 -0400, Bishop Bettini wrote:
> >> Any parameters to an SQL query not going through the adodb quoting
> >> mechanism is vulnerable to SQL injection attacks. The proposed fix
> >> (just enclosing in single quotes) is itself insufficient, as single
> >> quotes can be fooled by prematurely closing the quote, inserting a
> >> statement, then restarting, as in:
> >>
> >> '; DELETE FROM respondent; '1=1
> >>
> >> So, the problem is legitimate, the fix is not. A bug (or task) should
> >> be added to tracker to go through all SQL commands and ensure all
> >> parameters are quoted, including this instance. Thoughts?
> >>
> >> bishop
> >>
> >>
> >> Quoting Matthew Gregg <mat...@gm...>:
> >>
> >> > I received the message below, but don't have time to do a thorough
> >> > investigation at the moment. A quick look, seem like this is not a
> >> > problem. Anyone with more time please take a look.
> >> >
> >> >> File: phpESP/public/survey.php
> >> >> Lines:
> >> >>
> >> >> 15 $_name = _addslashes($_GET['name']);
> >> >> 25 $_sql = "SELECT id,title,theme FROM
> >> >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name";
> >> >>
> >> >> Since the variable $_name is not embedded in quotes, the function
> >> >> addslashes will not prevent SQL injection attacks since the attacker
> >> >> does not
> >> >> need to use quotes.
> >> >>
> >> >> PoC:
> >> >> survey.php?name=1 and 1=0 union select null, username, password from
> >> >> designer
> >> >>
> >> >> Fix:
> >> >> 25 $_sql = "SELECT id,title,theme FROM
> >> >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'";
> >> >
> >> >
> >> > -------------------------------------------------------------------------
> >> > This SF.Net email is sponsored by the Moblin Your Move
> >> Developer's challenge
> >> > Build the coolest Linux based applications with Moblin SDK & win
> >> great prizes
> >> > Grand prize is a trip for two to an Open Source event anywhere in
> >> the world
> >> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> > _______________________________________________
> >> > phpESP-devel mailing list
> >> > php...@li...
> >> > https://lists.sourceforge.net/lists/listinfo/phpesp-devel
> >> >
> >>
> >>
> >>
> >
> >
>
>
>
|
|
From: Matthew G. <mat...@gm...> - 2008-09-25 13:28:40
|
Isn't $_name quoted? _addslashes does the quoting.
if(get_magic_quotes_gpc()) {
function _addslashes($a)
{ return(db_qstr(stripslashes($a))); }
function _stripslashes($a) { return(stripslashes($a)); }
} else {
function _addslashes($a) { return(db_qstr($a)); }
function _stripslashes($a) { return($a); }
}
On Thu, 2008-09-25 at 09:24 -0400, Bishop Bettini wrote:
> Any parameters to an SQL query not going through the adodb quoting
> mechanism is vulnerable to SQL injection attacks. The proposed fix
> (just enclosing in single quotes) is itself insufficient, as single
> quotes can be fooled by prematurely closing the quote, inserting a
> statement, then restarting, as in:
>
> '; DELETE FROM respondent; '1=1
>
> So, the problem is legitimate, the fix is not. A bug (or task) should
> be added to tracker to go through all SQL commands and ensure all
> parameters are quoted, including this instance. Thoughts?
>
> bishop
>
>
> Quoting Matthew Gregg <mat...@gm...>:
>
> > I received the message below, but don't have time to do a thorough
> > investigation at the moment. A quick look, seem like this is not a
> > problem. Anyone with more time please take a look.
> >
> >> File: phpESP/public/survey.php
> >> Lines:
> >>
> >> 15 $_name = _addslashes($_GET['name']);
> >> 25 $_sql = "SELECT id,title,theme FROM
> >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name";
> >>
> >> Since the variable $_name is not embedded in quotes, the function
> >> addslashes will not prevent SQL injection attacks since the attacker
> >> does not
> >> need to use quotes.
> >>
> >> PoC:
> >> survey.php?name=1 and 1=0 union select null, username, password from
> >> designer
> >>
> >> Fix:
> >> 25 $_sql = "SELECT id,title,theme FROM
> >> ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'";
> >
> >
> > -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> > Build the coolest Linux based applications with Moblin SDK & win great prizes
> > Grand prize is a trip for two to an Open Source event anywhere in the world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > _______________________________________________
> > phpESP-devel mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpesp-devel
> >
>
>
>
|
|
From: Matthew G. <mat...@gm...> - 2008-09-25 13:24:20
|
That is what I thought as well, just wanted more eyes on this. On Thu, 2008-09-25 at 15:22 +0200, Franky Van Liedekerke wrote: > IIRC the function _addslashes adds quotes itself, therefore no quotes > are needed in the sql statement. I'll check this evening, but for now > I would advise no action. > > Franky > > On Thu, Sep 25, 2008 at 3:05 PM, Matthew Gregg > <mat...@gm...> wrote: > I received the message below, but don't have time to do a > thorough > investigation at the moment. A quick look, seem like this is > not a > problem. Anyone with more time please take a look. > > > File: phpESP/public/survey.php > > Lines: > > > > 15 $_name = _addslashes($_GET['name']); > > 25 $_sql = "SELECT id,title,theme FROM > > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = > $_name"; > > > > Since the variable $_name is not embedded in quotes, the > function > > addslashes will not prevent SQL injection attacks since the > attacker > > does not > > need to use quotes. > > > > PoC: > > survey.php?name=1 and 1=0 union select null, username, > password from > > designer > > > > Fix: > > 25 $_sql = "SELECT id,title,theme FROM > > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = > '$_name'"; > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move > Developer's challenge > Build the coolest Linux based applications with Moblin SDK & > win great prizes > Grand prize is a trip for two to an Open Source event anywhere > in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ phpESP-devel mailing list php...@li... https://lists.sourceforge.net/lists/listinfo/phpesp-devel |
|
From: Franky V. L. <lie...@te...> - 2008-09-25 13:22:26
|
IIRC the function _addslashes adds quotes itself, therefore no quotes are needed in the sql statement. I'll check this evening, but for now I would advise no action. Franky On Thu, Sep 25, 2008 at 3:05 PM, Matthew Gregg <mat...@gm...>wrote: > I received the message below, but don't have time to do a thorough > investigation at the moment. A quick look, seem like this is not a > problem. Anyone with more time please take a look. > > > File: phpESP/public/survey.php > > Lines: > > > > 15 $_name = _addslashes($_GET['name']); > > 25 $_sql = "SELECT id,title,theme FROM > > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name"; > > > > Since the variable $_name is not embedded in quotes, the function > > addslashes will not prevent SQL injection attacks since the attacker > > does not > > need to use quotes. > > > > PoC: > > survey.php?name=1 and 1=0 union select null, username, password from > > designer > > > > Fix: > > 25 $_sql = "SELECT id,title,theme FROM > > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'"; > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > |
|
From: Matthew G. <mat...@gm...> - 2008-09-25 13:05:38
|
I received the message below, but don't have time to do a thorough investigation at the moment. A quick look, seem like this is not a problem. Anyone with more time please take a look. > File: phpESP/public/survey.php > Lines: > > 15 $_name = _addslashes($_GET['name']); > 25 $_sql = "SELECT id,title,theme FROM > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = $_name"; > > Since the variable $_name is not embedded in quotes, the function > addslashes will not prevent SQL injection attacks since the attacker > does not > need to use quotes. > > PoC: > survey.php?name=1 and 1=0 union select null, username, password from > designer > > Fix: > 25 $_sql = "SELECT id,title,theme FROM > ".$GLOBALS['ESPCONFIG']['survey_table']." WHERE name = '$_name'"; |
|
From: SourceForge.net <no...@so...> - 2008-08-24 22:24:14
|
Feature Requests item #2072351, was opened at 2008-08-24 15:24 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=358956&aid=2072351&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: gui Group: None Status: Open Priority: 5 Private: No Submitted By: Sam Karpluk (skarpluk) Assigned to: Nobody/Anonymous (nobody) Summary: Labels for ratings grid Initial Comment: I think it would be a good addition to optionally apply labels to the rating grid options. Right now they are numbered 1...n, so you can have a scale of, say, 1, 2, 3, 4, 5 as your headings on the grid. I think it would be useful to label these, such as Strongly Disagree(1), Disagree(2), Neutral(3), Agree(4), Strongly Agree(5). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=358956&aid=2072351&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-08-21 05:55:00
|
Patches item #2063920, was opened at 2008-08-21 05:55 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=308956&aid=2063920&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: russian translation for phpESP 2.1.2 Initial Comment: Russian translation gettext files for phpESP version 2.1.2 encoding/chrset: UTF-8 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=308956&aid=2063920&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2008-08-21 05:51:41
|
Patches item #2063913, was opened at 2008-08-21 05:51 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=308956&aid=2063913&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: i18n for phpESP 2.1.2 Initial Comment: fixed some i18n issues (with tabs, js, buttons ...) fixed pasre errors with "short_open_tag = off" fixed some "undefined index" Dmitry da...@iz... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=308956&aid=2063913&group_id=8956 |
24 messages has been excluded from this view by a project administrator.
