phplib-trackers Mailing List for PHPLIB (Page 24)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-trackers — List for monitoring the phplib SourceForge trackers.
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(91) |
Sep
(12) |
Oct
(26) |
Nov
(16) |
Dec
(14) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(37) |
Feb
(22) |
Mar
(39) |
Apr
(74) |
May
(14) |
Jun
(17) |
Jul
(81) |
Aug
(32) |
Sep
(28) |
Oct
(18) |
Nov
(8) |
Dec
(6) |
| 2003 |
Jan
(6) |
Feb
(11) |
Mar
(5) |
Apr
(4) |
May
(6) |
Jun
(6) |
Jul
(5) |
Aug
(3) |
Sep
(8) |
Oct
(4) |
Nov
(2) |
Dec
(2) |
| 2004 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
(8) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(3) |
Nov
|
Dec
(2) |
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2006 |
Jan
|
Feb
(2) |
Mar
(6) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(41) |
Nov
|
Dec
(78) |
|
From: <no...@so...> - 2001-08-21 12:48:57
|
Bugs item #452692, was opened at 2001-08-18 14:38 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452692&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Richard Archer (richardarcher) Summary: Bugs in : php-lib/php/db/mysql/db_sql.in Initial Comment: reposted from mailing list At 5:46 PM +0200 18/8/01, Guillaume Desclaux wrote: >Bugs in : php-lib/php/db/mysql/db_sql.inc > ... see attached file. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452692&group_id=31885 |
|
From: <no...@so...> - 2001-08-21 01:19:20
|
Bugs item #450648, was opened at 2001-08-13 16:15 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450648&group_id=31885 Category: None Group: None >Status: Open Resolution: Fixed Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Richard Archer (richardarcher) Summary: Warning: Call-time pass-by-reference Initial Comment: Repost of a "bug" posted to NetUSE bugs forum. This one will take a little investigating. -- Warning: Call-time pass-by-reference has been depr [66] by Roxy web...@ya... on Thursday, July 12 @12:31AM Are there any plans to update PHPLIB to be compatible with PHP4.04? It is the defacto library, however beyond PHP 4 it gets a little hairy. ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-20 18:19 Message: Logged In: YES user_id=279311 Re-opening this bug. Looks like all the calls to serialize have to have the ampersands removed from the $str arg. To test this problem, put this in a .htaccess file: php_value allow_call_time_pass_reference off ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2001-08-18 01:30 Message: Logged In: YES user_id=279311 Fixed in my working copy and will be committed soon. ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2001-08-13 18:27 Message: Logged In: YES user_id=279311 In the -devel tree, unsup/phplib-4/(session4.inc|user4.inc) have the same problem. Isn't this whole directory (unsup/phplib-4) obsolete? Isn't Maxim's session4.inc "the one". ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2001-08-13 17:46 Message: Logged In: YES user_id=279311 The API description of session.inc/Session->serialize() reads: serialize($prefix, &$str) but the function is declared: function serialize($prefix, $str) { All calls I can find to this function pass the variable by reference, so there shouldn't be any problems changing the function declaration to ...&$str. This is how it is in the -devel tree. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450648&group_id=31885 |
|
From: <no...@so...> - 2001-08-20 21:30:55
|
Bugs item #452346, was opened at 2001-08-17 20:47 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452346&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Guillaume Desclaux (gdesclaux) >Assigned to: Richard Archer (richardarcher) Summary: DB_Generic_Sql not defined... Initial Comment: Hi, In phplib/php-lib/php/db/db_mysql and in phplib/php- lib/php/db/mysql/db_mysql : DB_MySQL_Sql extends DB_Generic_Sql BUT : where is defined this DB_Generic_Sql ??? Moreover : in phplib/php-lib/php/prepend.php3 : require($_PHPLIB["libdir"] . "auth/auth.inc"); should be replace by : require($_PHPLIB["libdir"] . "auth/auth" . (($_PHPLIB["version"] == "4") ? "4" : "") // use user4.inc if PHP4 . ".inc"); And finally... require($_PHPLIB["libdir"] . "local.inc"); should be replace by : require($_PHPLIB["libdir"] . "local" . (($_PHPLIB["version"] == "4") ? "4" : "") // use user4.inc if PHP4 . ".inc"); Guillaume ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452346&group_id=31885 |
|
From: <no...@so...> - 2001-08-20 21:30:55
|
Bugs item #453089, was opened at 2001-08-19 15:04 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=453089&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Richard Archer (richardarcher) >Assigned to: Richard Archer (richardarcher) Summary: devel mysql/db_sql.inc missing functions Initial Comment: At 4:09 PM +0200 19/8/01, Guillaume Desclaux wrote: >Hi > >In php-lib/php/db/mysql/db_sql.inc > > /* public: shorthand notation */ > function nf() { > return $this->num_rows(); > } > > function np() { > print $this->num_rows(); > } > > function f($Name) { > return $this->Record[$Name]; > } > > function p($Name) { > print $this->Record[$Name]; > } > >are missing... > >Guillaume > ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=453089&group_id=31885 |
|
From: <no...@so...> - 2001-08-20 21:30:55
|
Bugs item #452692, was opened at 2001-08-18 14:38 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452692&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Richard Archer (richardarcher) >Assigned to: Richard Archer (richardarcher) Summary: Bugs in : php-lib/php/db/mysql/db_sql.in Initial Comment: reposted from mailing list At 5:46 PM +0200 18/8/01, Guillaume Desclaux wrote: >Bugs in : php-lib/php/db/mysql/db_sql.inc > ... see attached file. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452692&group_id=31885 |
|
From: <no...@so...> - 2001-08-20 06:52:14
|
Bugs item #450721, was opened at 2001-08-14 00:19 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450721&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: PHP4 and menu.inc Initial Comment: reposted from the mailing list this is a patch against the -devel tree, but it looks af it would apply cleanly to -stable too. At 2:13 PM +0300 16/1/01, Alexandr E. Bravo wrote: >Below is my solution (as a patch to original menu.inc) for menu under PHP4. It >differs a bit from Paolo's changes but allows to keep "" as a root item value. >Not sure that it's bugs free, checked it on two menu configurations only. > >------------- > >--- /tmp/php-lib/php/html/menu.inc Wed Jul 12 15:05:15 2000 >+++ menu.inc Tue Jan 16 13:58:12 2001 >@@ -5,7 +5,7 @@ > * Copyright (c) 1999 NetUSE GmbH > * Kristian Koehntopp > * >- * $Id: menu.inc,v 1.2 2000/07/12 11:05:15 kk Exp $ >+ * $Id: menu.inc,v 1.1 2000/11/19 11:02:42 abravo Exp $ > * > */ > class Menu { >@@ -184,10 +184,11 @@ > /* private: normalize current menu position > */ > function normalize_pos($pos) { >- if ( $m = $this->urlmap[basename($pos)] ) >+ $m = $this->urlmap[basename($pos)]; >+ if ( isset($m) ) > return($m); > $m = $pos; >- while(substr($m, 0, 1)) { >+ while( strlen($m)>1 ) { > if ($this->urlmap[$m]) > break; > $m = dirname($m); >@@ -244,6 +245,7 @@ > reset($this->urlmap); > while(list($k, $v) = each($this->urlmap)) { > $base = dirname($v); >+ if ($base=="/") { $base=""; } > $this->children[$base][] = $v; > $this->item[$v]["url"] = $k; > } > ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-19 23:52 Message: Logged In: YES user_id=279311 Many problems with menu.inc have been fixed in both CVS trees. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450721&group_id=31885 |
|
From: <no...@so...> - 2001-08-19 22:04:29
|
Bugs item #453089, was opened at 2001-08-19 15:04 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=453089&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: devel mysql/db_sql.inc missing functions Initial Comment: At 4:09 PM +0200 19/8/01, Guillaume Desclaux wrote: >Hi > >In php-lib/php/db/mysql/db_sql.inc > > /* public: shorthand notation */ > function nf() { > return $this->num_rows(); > } > > function np() { > print $this->num_rows(); > } > > function f($Name) { > return $this->Record[$Name]; > } > > function p($Name) { > print $this->Record[$Name]; > } > >are missing... > >Guillaume > ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=453089&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 21:38:19
|
Bugs item #452692, was opened at 2001-08-18 14:38 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452692&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: Bugs in : php-lib/php/db/mysql/db_sql.in Initial Comment: reposted from mailing list At 5:46 PM +0200 18/8/01, Guillaume Desclaux wrote: >Bugs in : php-lib/php/db/mysql/db_sql.inc > ... see attached file. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452692&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 10:00:17
|
Bugs item #450638, was opened at 2001-08-13 15:40 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450638&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Works For Me Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Richard Archer (richardarcher) Summary: prob with session.inc/get_id() Initial Comment: This is Nathan's bug report from the NetUSE bugs forum. -- auto_init appears to always be loaded, whether the session is new or not. Fix: if ( "" == $id ) { $newid=true; $id = $this->that->ac_newid(md5(uniqid($this->magic)), $this->name); } else { $this->in = true; } in the get_id() method of the Session class where it is determined that the session is indeed new. ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-18 01:29 Message: Logged In: YES user_id=279311 This does not appear to be a problem. Unless I inadvertently fixed something in session.inc before testing for this. $sess->freeze registers $sess->in as a persistent variable. page_open() calls $sess->start() which calls $sess->thaw() which will reload $sess->in if it has been registered. $sess->in is set to true in page_open() after calling $sess->start() and just before auto_init is called. page_open() also calls $sess->freeze, so you don't even have to call page_close()! $sess->in should be persistent and should always be true once the session has been initialized. Unless perhaps there was a problem comparing "if (false == "")" in some version of PHP? I'll change the code so $sess->in contains 0 or 1 and is tested as a boolean rather than tested against "". Should make it more robust (or at least more readable) and remain compatible with existing saved sessions. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450638&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 09:58:24
|
Feature Requests item #452437, was opened at 2001-08-18 02:06 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403614&aid=452437&group_id=31885 Category: None Group: None Status: Open Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: $sess->new_query() required Initial Comment: Regarding add-query(), the docs say: Intended usage is like this: <a href="<<? $sess->pself_url().$sess->padd_query(array("again"=>"yes")) ?>"> Reload</a> and log in? The way it works is that if there is an existing value in QUERY_STRING, add_query() expects self_url() to have already ouput it. So it uses & as the sepchar and adds the extra vars onto the end. If add_query() is called after purl() and with a value in QUERY_STRING, add_query() assumes QUERY_STRING has been output, so uses & as sepchar. In fact purl() won't have output the QUERY_STRING therefore ? would be the correct spechar, so add_query() does the wrong thing. There needs to be a series of methods that allow query strings to be added to arbitrary URLs. I suggest methods called new_query() and pnew_query(). Usage would be: <a href="<? $sess->purl("another_page.php").$sess->pnew_query(array("param"=>"val")) ?>">another page</a> These would function just like add_query() except they would assume QUERY_STRING had not been output. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403614&aid=452437&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 09:57:33
|
Bugs item #450648, was opened at 2001-08-13 16:15 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450648&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Richard Archer (richardarcher) Summary: Warning: Call-time pass-by-reference Initial Comment: Repost of a "bug" posted to NetUSE bugs forum. This one will take a little investigating. -- Warning: Call-time pass-by-reference has been depr [66] by Roxy web...@ya... on Thursday, July 12 @12:31AM Are there any plans to update PHPLIB to be compatible with PHP4.04? It is the defacto library, however beyond PHP 4 it gets a little hairy. ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-18 01:30 Message: Logged In: YES user_id=279311 Fixed in my working copy and will be committed soon. ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2001-08-13 18:27 Message: Logged In: YES user_id=279311 In the -devel tree, unsup/phplib-4/(session4.inc|user4.inc) have the same problem. Isn't this whole directory (unsup/phplib-4) obsolete? Isn't Maxim's session4.inc "the one". ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2001-08-13 17:46 Message: Logged In: YES user_id=279311 The API description of session.inc/Session->serialize() reads: serialize($prefix, &$str) but the function is declared: function serialize($prefix, $str) { All calls I can find to this function pass the variable by reference, so there shouldn't be any problems changing the function declaration to ...&$str. This is how it is in the -devel tree. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450648&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 09:19:15
|
Bugs item #450749, was opened at 2001-08-14 02:48 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450749&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Invalid Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Richard Archer (richardarcher) Summary: possible prob in session.inc/add_query() Initial Comment: reposted from mailing list... I really can't see this being a *real* problem after all this time, but the code hasn't changed so we should double-check. The logic in that function looks pretty dodgy to me. At 11:53 AM +0100 9/2/00, Detlev Wagner wrote: >The add_query() function produces URLs like >filename.php3&var1=123&var2=abc when used together with the purl() >function while in cookie mode. I think this is caused by the if-clause >of the function, which should not read (like now): > if ((isset($QUERY_STRING) && ("" != $QUERY_STRING)) > || ($this->mode == "get")) { > ....} >but: > if ((isset($QUERY_STRING) && ("" != $QUERY_STRING)) && >(!($this->mode == "cookie")) > || ($this->mode == "get")) { > ....} >This doesn't affect the use of the function in get mode (fallback) and >it works properly in cookie mode, too. >phplib version 7.2 used. > >Detlev ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-18 01:56 Message: Logged In: YES user_id=279311 The docs say: Intended usage is like this: <a href="<<? $sess->pself_url().$sess->padd_query(array("again"=>"yes")) ?>"> Reload</a> and log in? Apart from the typo, this makes it clear that the function is not necessarily intended to work with the purl function. The ay it works is that if there is an existing QUERY_STRING, add_url() expects self_url() to have already ouput it. So it uses & as the sepchar and adds the extra vars onto the end. If add_query() is called after purl() and with a value in QUERY_STRING, add_query() assumes QUERY_STRING has been output, so uses & as sepchar. In fact purl() won't have output the QUERY_STRING, so add_query() does the wrong thing. Another problem with add_query() is that it can't be called twice. If called a second time with nothing in QUERY_STRING, a ? will erroneously be used as the sepchar again. If you need multiple added query strings, add_query must be called with all these values in $qarray. There needs to be a series of methods that allow query strings to be added to arbitrary URLs. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450749&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 03:47:15
|
Bugs item #452346, was opened at 2001-08-17 20:47 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452346&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Guillaume Desclaux (gdesclaux) Assigned to: Nobody/Anonymous (nobody) Summary: DB_Generic_Sql not defined... Initial Comment: Hi, In phplib/php-lib/php/db/db_mysql and in phplib/php- lib/php/db/mysql/db_mysql : DB_MySQL_Sql extends DB_Generic_Sql BUT : where is defined this DB_Generic_Sql ??? Moreover : in phplib/php-lib/php/prepend.php3 : require($_PHPLIB["libdir"] . "auth/auth.inc"); should be replace by : require($_PHPLIB["libdir"] . "auth/auth" . (($_PHPLIB["version"] == "4") ? "4" : "") // use user4.inc if PHP4 . ".inc"); And finally... require($_PHPLIB["libdir"] . "local.inc"); should be replace by : require($_PHPLIB["libdir"] . "local" . (($_PHPLIB["version"] == "4") ? "4" : "") // use user4.inc if PHP4 . ".inc"); Guillaume ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=452346&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 02:40:07
|
Bugs item #450648, was opened at 2001-08-13 16:15 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450648&group_id=31885 Category: None Group: None Status: Open Resolution: None >Priority: 5 Submitted By: Richard Archer (richardarcher) >Assigned to: Richard Archer (richardarcher) Summary: Warning: Call-time pass-by-reference Initial Comment: Repost of a "bug" posted to NetUSE bugs forum. This one will take a little investigating. -- Warning: Call-time pass-by-reference has been depr [66] by Roxy web...@ya... on Thursday, July 12 @12:31AM Are there any plans to update PHPLIB to be compatible with PHP4.04? It is the defacto library, however beyond PHP 4 it gets a little hairy. ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2001-08-13 18:27 Message: Logged In: YES user_id=279311 In the -devel tree, unsup/phplib-4/(session4.inc|user4.inc) have the same problem. Isn't this whole directory (unsup/phplib-4) obsolete? Isn't Maxim's session4.inc "the one". ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2001-08-13 17:46 Message: Logged In: YES user_id=279311 The API description of session.inc/Session->serialize() reads: serialize($prefix, &$str) but the function is declared: function serialize($prefix, $str) { All calls I can find to this function pass the variable by reference, so there shouldn't be any problems changing the function declaration to ...&$str. This is how it is in the -devel tree. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450648&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 02:40:06
|
Bugs item #450749, was opened at 2001-08-14 02:48 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450749&group_id=31885 Category: None Group: None Status: Open Resolution: None >Priority: 5 Submitted By: Richard Archer (richardarcher) >Assigned to: Richard Archer (richardarcher) Summary: possible prob in session.inc/add_query() Initial Comment: reposted from mailing list... I really can't see this being a *real* problem after all this time, but the code hasn't changed so we should double-check. The logic in that function looks pretty dodgy to me. At 11:53 AM +0100 9/2/00, Detlev Wagner wrote: >The add_query() function produces URLs like >filename.php3&var1=123&var2=abc when used together with the purl() >function while in cookie mode. I think this is caused by the if-clause >of the function, which should not read (like now): > if ((isset($QUERY_STRING) && ("" != $QUERY_STRING)) > || ($this->mode == "get")) { > ....} >but: > if ((isset($QUERY_STRING) && ("" != $QUERY_STRING)) && >(!($this->mode == "cookie")) > || ($this->mode == "get")) { > ....} >This doesn't affect the use of the function in get mode (fallback) and >it works properly in cookie mode, too. >phplib version 7.2 used. > >Detlev ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450749&group_id=31885 |
|
From: <no...@so...> - 2001-08-18 02:40:06
|
Bugs item #450638, was opened at 2001-08-13 15:40 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450638&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Richard Archer (richardarcher) >Assigned to: Richard Archer (richardarcher) Summary: prob with session.inc/get_id() Initial Comment: This is Nathan's bug report from the NetUSE bugs forum. -- auto_init appears to always be loaded, whether the session is new or not. Fix: if ( "" == $id ) { $newid=true; $id = $this->that->ac_newid(md5(uniqid($this->magic)), $this->name); } else { $this->in = true; } in the get_id() method of the Session class where it is determined that the session is indeed new. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450638&group_id=31885 |
|
From: <no...@so...> - 2001-08-17 21:42:46
|
Patches item #452237, was opened at 2001-08-17 14:42 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=452237&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: table.inc enhancements Initial Comment: Reposted from mailing list At 9:09 PM +0200 17/8/01, Jens Benecke wrote: >for a database project I did some extensions to the table() class. Perhaps >there is enough interest to clean them up a little and put them into the >main phplib tree. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=452237&group_id=31885 |
|
From: <no...@so...> - 2001-08-16 06:27:46
|
Bugs item #445514, was opened at 2001-07-28 11:17 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=445514&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Andrew Newton (bludot) >Assigned to: Richard Archer (richardarcher) Summary: new_user_md5.php3 column names and query Initial Comment: The setup scripts supplied for creation of db's and the query strings in new_user_md5.php3 are mismatched. In the auth_user_md5 table a column user_id is created with the setup script for mysql but the new_user_md5.php3 script tries to act on the column 'uid'. $query = "update auth_user_md5 set password='$password' where uid='$u_id'"; The inserts work OK because they don't refer to column names but updates and deletes give errors. FIX by nhruby: "change the script to use user_id" ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=445514&group_id=31885 |
|
From: <no...@so...> - 2001-08-16 05:39:49
|
Bugs item #450713, was opened at 2001-08-13 23:55 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450713&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Richard Archer (richardarcher) >Assigned to: Richard Archer (richardarcher) Summary: tree.inc in PHP4 Initial Comment: reposted from mailing list At 12:08 PM -0500 19/2/01, Lauren Matheson wrote: >Ok, I found it. If anyone else wants to patch their tree.inc to work >with php4, here's the diff (it is slightly different than the message on >the list a few months ago - the brackets were in the wrong spots.) > >76c76 >< while ($k || ("0"==$k && $t!="NULL")) { >--- >> while ($k || "0"==$k) { Note: this diff looks like it's reversed. ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-15 22:39 Message: Logged In: YES user_id=279311 Fixed this and a bunch of other problems. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450713&group_id=31885 |
|
From: <no...@so...> - 2001-08-15 22:30:03
|
Bugs item #450709, was opened at 2001-08-13 23:04 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450709&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Richard Archer (richardarcher) >Assigned to: Richard Archer (richardarcher) >Summary: missing $_PHPLIB["libdir"] in local.inc Initial Comment: reposted from the mailing list At 7:48 PM +0200 6/8/01, Guillaume Desclaux wrote: >The "standard" local.inc should be patched like >this to be conform with >the use of the $_PHPLIB variable : > >old: > function auth_loginform() { > global $sess; > global $challenge; > > $challenge = md5(uniqid($this->magic)); > $sess->register("challenge"); > > include("crcloginform.ihtml"); > } > >new : > function auth_loginform() { > global $sess; > global $challenge; > global $_PHPLIB; > > $challenge = md5(uniqid($this->magic)); > $sess->register("challenge"); > > include($_PHPLIB["libdir"] . "crcloginform.ihtml"); > } > > ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450709&group_id=31885 |
|
From: <no...@so...> - 2001-08-15 11:02:02
|
Bugs item #450712, was opened at 2001-08-13 23:48 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450712&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: cross site scripting attack Initial Comment: reposted from mailing list At 2:06 PM +0100 28/2/01, Daniel Naber wrote: >Hi, > >with PHP lib 7.2b (and it seems no different in CVS) there's a cross site >scripting attack possible. > >Anyone can use such a link to break out of the input field: >http://server/home.php?username=X">YYY >(home.php needs to be a page that's protected with my_Auth) > >This is a problem since any code, escpecially javascript code, can then be >placed on the page. This can be used to get a user's password. > >More general information is here: >http://www.cert.org/advisories/CA-2000-02.html > >The attached patch is supposed to fix the problem for crloginform.ihtml. >It would be great if someone with CVS write access could check + apply it >(also for at least the other login form file. I don't know about other >places, since I'm not so familiar with PHP lib). > >Regards > Daniel > >-- >Daniel Naber, Paul-Gerhardt-Str. 2, 33332 Guetersloh, Germany >Tel. 05241-59371, Mobil 0170-4819674 ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-15 04:02 Message: Logged In: YES user_id=279311 OK. I've read up on the vulnerability and it looks to me as if it is only relevant if the inserted data is being displayed on a page presented to an unsuspecting user. If this is the case, this is a non-issue, as the data entered here can only ever be shown to the person who entered it. And there's no point trying to capture your own password. I must admit, I find this vulnerability rather confusing so I might have this wrong. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450712&group_id=31885 |
|
From: <no...@so...> - 2001-08-15 08:20:00
|
Bugs item #450718, was opened at 2001-08-14 00:01 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450718&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Richard Archer (richardarcher) >Assigned to: Richard Archer (richardarcher) Summary: prob in pages/admin/new_user_md5.php3 Initial Comment: reposted from mailing list At 9:08 PM -0500 12/2/01, Lauren Matheson wrote: >Hello, > >You may have already fixed this, but in /pages/admin/new_user_md5.php3 I >believe line 171 > >$query = "update auth_user_md5 set password='$password' where >uid='$u_id'"; > >should read > >$query = "update auth_user_md5 set password='$password' where >user_id='$u_id'"; > ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-15 01:20 Message: Logged In: YES user_id=279311 Fixed this and a bunch of other errors in new_user_md5.php3. Committed to both devel and -stable. I figured that even if I have broken something it can't be any worse than it was. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450718&group_id=31885 |
|
From: <no...@so...> - 2001-08-15 06:42:39
|
Feature Requests item #451087, was opened at 2001-08-14 23:42 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403614&aid=451087&group_id=31885 Category: None Group: None Status: Open Priority: 3 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: secure passwords in new_user_md5.php3 Initial Comment: reposted from mailing list Note: this deficiency is documented in the code. At 3:28 PM -0700 16/8/00, Torrey Hoffman wrote: >Hello. I'm using phplib 7.2b, with the md5 based challenge-response >authentication system. (Challenge_Crypt_Auth). > >I have a concern about password security for administrators adding users, or >changing user passwords. > >First, some background, as I understand it: > >The MD5 challenge-response authentication system is reasonably secure, even >over insecure networks, as it never sends passwords in the clear. It works >by using the JavaScript implementation of MD5 on the client to compute: >MD5("$username:$pass:$challenge"), where $pass is actually the md5 hash of >the plaintext password. > >Both the client and the server can compute this value, allowing the server >to authenticate the client. Since the $challenge is different for every >session, an eavesdropper (packet sniffer) cannot gain any useful knowledge >of the password, even though they can see the $username and $challenge. > >So all is well for authentication. > >But when adding a new user, the "\pages\admin\new_user_md5.php3" sample code >ends up passing the just md5(plaintext-password) over the network. If an >attacker grabs that information, then they can easily compute >md5("$username:$pass:$challenge) and falsify their authentication. As I see >it, there is no extra security in sending the MD5 hash of the plaintext >password when changing or setting passwords - you might as well just send >the plaintext password. > >I can't figure out an easy way to fix this without going with the full >Diffie-Hellman key exchange protocol. (See >http://www.apocalypse.org/pub/u/seven/diffie.html). However, I am not a >cryptography expert. > >So my questions are: > >1. Is there a secure way to set Challenge_Crypt_Auth MD5 passwords over the >net? >2. If so, has it been implemented somewhere with free source? >3. If not, is there some fundamental reason? Is this is hard to do with >JavaScript on the client and PHP on the server? >3. Is this weakness in the PHPLIB sample code documented? > >Thanks very much for any help or advice you can give. > >Tor...@my... > >PS: Huge thanks to the authors of PHPLIB for writing such an amazingly >useful piece of code. > ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403614&aid=451087&group_id=31885 |
|
From: <no...@so...> - 2001-08-14 11:25:36
|
Patches item #450758, was opened at 2001-08-14 04:25 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=450758&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Support multiple database Initial Comment: To support multiple database add if (!@mysql_select_db($this->Database,$this->Link_ID)) { $this->halt("cannot use database ".$this->Database); } before each mysql_query() in db_mysql.inc ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=450758&group_id=31885 |
|
From: <no...@so...> - 2001-08-14 09:48:42
|
Bugs item #450749, was opened at 2001-08-14 02:48 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450749&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 2 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: possible prob in session.inc/add_query() Initial Comment: reposted from mailing list... I really can't see this being a *real* problem after all this time, but the code hasn't changed so we should double-check. The logic in that function looks pretty dodgy to me. At 11:53 AM +0100 9/2/00, Detlev Wagner wrote: >The add_query() function produces URLs like >filename.php3&var1=123&var2=abc when used together with the purl() >function while in cookie mode. I think this is caused by the if-clause >of the function, which should not read (like now): > if ((isset($QUERY_STRING) && ("" != $QUERY_STRING)) > || ($this->mode == "get")) { > ....} >but: > if ((isset($QUERY_STRING) && ("" != $QUERY_STRING)) && >(!($this->mode == "cookie")) > || ($this->mode == "get")) { > ....} >This doesn't affect the use of the function in get mode (fallback) and >it works properly in cookie mode, too. >phplib version 7.2 used. > >Detlev ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450749&group_id=31885 |
115 messages has been excluded from this view by a project administrator.
