phpslash-devel Mailing List for phpSlash
Brought to you by:
joestewart,
nhruby
You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(45) |
Dec
(50) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(29) |
Feb
(49) |
Mar
(38) |
Apr
(22) |
May
(39) |
Jun
(21) |
Jul
(6) |
Aug
(9) |
Sep
(6) |
Oct
(26) |
Nov
(42) |
Dec
(19) |
2003 |
Jan
(15) |
Feb
(71) |
Mar
(40) |
Apr
(41) |
May
(28) |
Jun
(5) |
Jul
(25) |
Aug
|
Sep
(2) |
Oct
(50) |
Nov
(89) |
Dec
(19) |
2004 |
Jan
(21) |
Feb
(9) |
Mar
(5) |
Apr
(6) |
May
(7) |
Jun
|
Jul
(4) |
Aug
|
Sep
(14) |
Oct
(24) |
Nov
(3) |
Dec
|
2005 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2006 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: tobozo <to...@ma...> - 2006-02-21 19:22:27
|
hi everyone it's funny to see parts of the phpSlash code in security bulletins that do not involve the application itself ;-) (...snip...) function check_html ($str, $strip="") { /* The core of this code has been lifted from phpslash */ /* which is licenced under the GPL. */ (...snip...) be well tobozo -------- Original Message -------- Subject: Critical SQL Injection PHPNuke <= 7.8 - Your_Account module Date: 16 Feb 2006 12:28:25 -0000 From: sp...@se... To: bu...@se... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityAlert SA032 Author: sp3x CVE : CVE-2006-0679 Date: 16. February 2006 Affected software : =================== PHPNuke version : 7.8 with all security fixes/patches Not Affected software : ======================= PHPNuke version : 7.9 + patch 3.1 Description : ============= PHP-Nuke is a Web Portal System, storytelling software, News system, online community or whatever you want to call it. The goal of PHP-Nuke is to have an automated web site to distribute news and articles with users system. Each user can submit comments to discuss the articles, just similar to Slashdot and many others. Main features include: web based admin, surveys, top page, access stats page with counter, user customizable box, themes manager for registered users, friendly administration GUI with graphic topic manager, option to edit or delete stories, option to delete comments, moderation system, Referers page to know who link us, sections manager, customizable HTML blocks, user and authors edit, an integrated Banners Ads system, search engine, backend/headlines generation (RSS/RDF format), and many, many more friendly functions. PHP-Nuke is written 100% in PHP and requires Apache Web server, PHP and a SQL (MySQL, mSQL, PostgreSQL, ODBC, ODBC_Adabas, Sybase or Interbase). Support for 25 languages, Yahoo like search engine, Comments option in Polls, lot of themes, Ephemerids manager, File Manager, Headlines, download manager, faq manager, advanced blocks systems, reviews system, newsletter, categorized articles, multilanguage content management, phpBB Forums included and a lot more. Vulnerabilities : ***************** Critical SQL injection : ========================== IN module called "Your_Account" there exists SQL Injection bug, which can lead to stealing admin`s username and password md5 and also some sensitive data from database. The problem exist in index.php so first let's see the source code of this file. Original code from index.php : - --------------------------------- ... function confirmNewUser($username, $user_email, $user_password, $user_password2, $random_num, $gfx_check) { global $stop, $EditedMessage, $sitename, $module_name, $minpass; include("header.php"); include("config.php"); filter_text($username); $username = $EditedMessage; $user_viewemail = "0"; userCheck($username, $user_email); $user_email = validate_mail($user_email); .... - ----------------------------------- Here we can see that there is filter_text() used on $query variable and later we have userCheck($username, $user_email); , Ok lets see function filter_text(); . Orginal code from mainfile.php : - ---------------------------------- function filter_text($Message, $strip="") { global $EditedMessage; check_words($Message); $EditedMessage=check_html($EditedMessage, $strip); return $EditedMessage; } - ----------------------------------- Here we have another function check_words($Message); , lets check this also : Orginal code from mainfile.php : - -------------------------------- function check_html ($str, $strip="") { /* The core of this code has been lifted from phpslash */ /* which is licenced under the GPL. */ include("config.php"); if ($strip == "nohtml") global $AllowableHTML; if (!is_array($AllowableHTML)) $AllowableHTML =array(''); $str = stripslashes($str); $str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str); // Delete all spaces from html tags . $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >>]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str); // Delete all attribs from Anchor, except an href, double quoted. $str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str); // Delete all img tags $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str); // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com $tmp = ""; while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) { $i = strpos($str,$reg[0]); $l = strlen($reg[0]); if ($reg[1][0] == "/") $tag = strtolower(substr($reg[1],1)); else $tag = strtolower($reg[1]); if ($a = $AllowableHTML[$tag]) if ($reg[1][0] == "/") $tag = "</$tag>"; elseif (($a == 1) || (empty($reg[2]))) $tag = "<$tag>"; else { # Place here the double quote fix function. $attrb_list=delQuotes($reg[2]); // A VER $attrb_list = str_replace("&","&",$attrb_list); $tag = "<$tag" . $attrb_list . ">"; } # Attribs in tag allowed else $tag = ""; $tmp .= substr($str,0,$i) . $tag; $str = substr($str,$i+$l); } $str = $tmp . $str; return $str; exit; /* Squash PHP tags unconditionally */ $str = str_replace("<?","",$str); return $str; } - ---------------------------------------- This function return $str variable but at the beginning of this function we can see $str = stripslashes($str); . So when we have in index.php : filter_text($username); this mean that on variable $username is used stripslashes(); Lower in index.php we can see : userCheck($username, $user_email); So another function userCheck(); that uses $username variable , lets see the code : Orginal code from index.php : - ----------------------------- .... function userCheck($username, $user_email) { global $stop, $user_prefix, $db; if ((!$user_email) || (empty($user_email)) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$",$user_email))) $stop = "<center>"._ERRORINVEMAIL."</center><br>"; if (strrpos($user_email,' ') > 0) $stop = "<center>"._ERROREMAILSPACES."</center>"; if ((!$username) || (empty($username)) || (ereg("[^a-zA-Z0-9_-]",$username))) $stop = "<center>"._ERRORINVNICK."</center><br>"; if (strlen($username) > 25) $stop = "<center>"._NICK2LONG."</center>"; if (eregi("^((root)|(adm)|(linux)|(webmaster)|(admin)|(god)|(administrator)|(administrador)|(nobody)|(anonymous)|(anonimo)|(anónimo)|(operator)|(JackFromWales4u2))$",$username)) $stop = "<center>"._NAMERESERVED."</center>"; if (strrpos($username,' ') > 0) $stop = "<center>"._NICKNOSPACES."</center>"; if ($db->sql_numrows($db->sql_query("SELECT username FROM ".$user_prefix."_users WHERE username='$username'")) > 0) $stop = "<center>"._NICKTAKEN."</center><br>"; if ($db->sql_numrows($db->sql_query("SELECT username FROM ".$user_prefix."_users_temp WHERE username='$username'")) > 0) $stop = "<center>"._NICKTAKEN."</center><br>"; ....... - -------------------------------- In this function we see two sql queries : SELECT username FROM ".$user_prefix."_users WHERE username='$username' SELECT username FROM ".$user_prefix."_users_temp WHERE username='$username' At last here now we can say : "Critical SQL injection " Time to exploit this issue : Go to : http://[victim]/[phpnuke_dir]/modules.php?name=Your_Account&op=new_user And fill in all Fields but in Nickname: field enter : ' or 1=1/* The Result is : - -------------- ERROR: Nickname already taken - -------------- So the SQl injection is working but we can't see the results ... It doesn't metter we can all our results write to file . To do this i wrote a little exploit . Exploit : - --------- http://securityreason.com/achievement_exploitalert/7 How to fix : ============ Download the new version of the script or update. Greets : ======== Special greets : cXIb8O3 And the rest : pkw , p_e_a, pi3, LordDav and alkeniu Contact : ========= sp3x[at]securityreason[dot]com GPG: http://securityreason.com/key/sp3x.gpg www.securityreason.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFD9FnqhaZ93YsJSwQRAhjjAJ4yhgq8xeJX0Nq4nuC9Id25SB8B8ACeMqtx idqutIAdBkMn/4qeCps6k54= =7sJt -----END PGP SIGNATURE----- -- To unsubscribe, send mail to php...@li... |
From: Luis M <le...@gm...> - 2005-07-17 15:19:42
|
Ah, written like heaven. Very well done Tobozo. On 7/7/05, tobozo <to...@ma...> wrote: > Hi everyone ;-) >=20 > advisory is attached as a text file >=20 > be well >=20 > tobozo >=20 >=20 >=20 >=20 >=20 --=20 ----)(-----=20 Luis M System Administrator Kiskeyix.org=20 "We think basically you watch television to turn your brain off, and you work on your computer when you want to turn your brain on" -- Steve Jobs in an interview for MacWorld Magazine 2004-Feb No .doc: http://www.fsf.org/philosophy/no-word-attachments.es.html |
From: tobozo <to...@ma...> - 2005-07-07 11:55:49
|
Hi everyone ;-) advisory is attached as a text file be well tobozo |
From: Luis M <le...@gm...> - 2005-06-22 00:25:28
|
On 6/21/05, Tigran <ti...@us...> wrote: > Hello, >=20 > I'm trying to translate PHPSlash into Armenian. I have copied the en.php > into hy.php file and I know I'm suppose to type the translated text in it= . > I don't know how to type the translated text. Do I just change the font i= n > my computer and start typing in Armenian? I tried for some reason it didn= 't > work. > How do I make sure I'm typing in UTF-8? >=20 > Test url is www.usanogh.com/articles2 You should put: Content-Language =3D "en-us" Content-Type =3D "text/html; charset=3DUTF-8" Content-Style-Type =3D "text/css" In your config.ini.php file so that phpslash puts the right stuff in the META tags. You can open the .php file with any text editor that supports UTF8 (like Gedit or Gvim) and make sure your locate is setup properly. In my case i do: export LANG=3Den_US.UTF-8 export LC_ALL=3Den_US.UTF-8 gvim foo.php When you are done with the translation. just attach it to an email and fire it to phpslash-devel. So we can include it in phpslash. Hope that helps. --=20 ----)(-----=20 Luis M System Administrator Kiskeyix.org=20 "We think basically you watch television to turn your brain off, and you work on your computer when you want to turn your brain on" -- Steve Jobs in an interview for MacWorld Magazine 2004-Feb No .doc: http://www.fsf.org/philosophy/no-word-attachments.es.html |
From: Peter C. <li...@cr...> - 2005-06-21 21:43:09
|
Mmm, not sure PSL will work out the box with non-latin alphabets. Things to think about: - The template needs to have charset=utf8 meta tag added so the browser knows what it's looking at - You need to make sure that webserver isnt sending the wrong charset info (many apache installations set it as some western charset - I can't remember the apache tag name right now, sorry) - You need to make sure that the MySql tables have the correct charset and collation values set for the text fields And then there's the text processing side of things - on your website, it looks like PSL is applying htmlspecial chars irrespective of charsets. As for saving UTF-8, that should be an option in your editor. What OS/Editor are you using? If you want to work with a PSL-based app, it might be worth looking at Back-End <www.back-end.org>: we reworked it last year to deal with Persian, which involved resolving many of these issues (and right-to-left text too). Back-End is multilingual and allows explicit definition of charsets for each language. Not good news maybe, but HTH Peter On 21 Jun 2005, at 21:43, Tigran wrote: > Hello, > > I'm trying to translate PHPSlash into Armenian. I have copied the > en.php into hy.php file and I know I'm suppose to type the translated > text in it. I don't know how to type the translated text. Do I just > change the font in my computer and start typing in Armenian? I tried > for some reason it didn't work. > How do I make sure I'm typing in UTF-8? > > Test url is www.usanogh.com/articles2 > > Thanks > --Tigran > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Phpslash-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > |
From: Tigran <ti...@us...> - 2005-06-21 20:43:17
|
Hello, I'm trying to translate PHPSlash into Armenian. I have copied the en.php into hy.php file and I know I'm suppose to type the translated text in it. I don't know how to type the translated text. Do I just change the font in my computer and start typing in Armenian? I tried for some reason it didn't work. How do I make sure I'm typing in UTF-8? Test url is www.usanogh.com/articles2 Thanks --Tigran |
From: Joe S. <joe...@us...> - 2005-01-12 20:51:19
|
On Wed, Jan 12, 2005 at 02:30:51PM -0600, Joe Stewart wrote: > Mike and I were discussing upgrading BE to use phpSlash 0.8. > Here is a flowchart showing the files and methods in the processing of a pageview: http://www.php-slash.org/downloads/kcachegrind1.gif Joe |
From: Joe S. <joe...@us...> - 2005-01-12 20:24:38
|
Mike and I were discussing upgrading BE to use phpSlash 0.8. It turned to listing some of the new features and benefits of using phpSlash 0.8. I brought up a few things that I thought were useful and interesting. Just off the top of my head so not formal at all. Here goes: modules built for this framework do not require new pages in the public_html directories. They can be accessed via url arguments. The module index and admin pages don't have to worry about any page layout. Only their own formatting. They simply return the output to the controller. Really no other rules. Quasi-MVC framework. All views via templates. The block interface and url arguments control modules. Each module has controller scripts ( index, admin, etc). These scripts call the business logic in the classes. Not MVC in strict defined way as in Struts or Ruby on Rails but just a description of how it works. New block types. Page, module, template. Other new block types are not needed. Module blocks can be called with a page argument to show a new module's blocks. A view argument changes output from html to any of the other rss, xml etc outputs. backend.php is not required for story feeds. Other modules would have to process the argument and are not implemented yet. Page layout controlled by the blocks assigned to the page. Very flexible in what is displayed in each section. Different headers, navbars, modules, etc. Polls, About, Search, etc can have different blocks than the home page. Stories and blocks can contain {IMAGURL} and {ROOTURL}. This is pretty cool. I think you had trouble implementing BE in a subdir and the image link in the blocks. Doesn't show up nicely in htmlarea but works nicely. The cvs config.php has this hostname config file setup where you can host many sites off of one set of code. Luis has one install with different ini files, db's, templates and images for a few different sites. The others don't even have a home directory. Just the apache vhost. I haven't explored this much myself yet. Since everything is displayed through block output, there are some admin tasks that are easier now and don't require code changes. TopicBar, comments on or off per section, different tabs, navbars and ad server code per section, About page can be inside the admin instead of in a template. Location of breadcrumb and related links can be moved around. Really a lot of flexibility. Joe |
From: Luis M <le...@gm...> - 2004-11-25 11:37:42
|
Hello all, I've taken some time to make sure that the debian packages for phpslash build straight from the phpslash-dev cvs module. To build them you would need to: checkout the phpslash-dev module from Source Forge change into this directory (phpslash-dev) run "scripts/build-debian.sh" debian packages will exist in the previous directory along with all the supporting files To build the skins package, you would follow the same instructions except that you would: checkout the phpslash-skins module from cvs change into this directory (phpslash-skins) run "/path/to/phpslash-dev/scripts/build-debian.sh phpslash-skins" the phpslash*.deb package depends on phplib. I have built a package for phplib-7.4 (currently stable) which can be found (complete with sources) from: http://www.latinomixed.com/downloads/phplib Freshly built packages for phpslash can be taken from: http://www.latinomixed.com/downloads/phpslash The Debian's README file describes all necessary steps needed to make phpslash work. I'll continue to enhance the debian package as I see fit, especially to include debconf questions for all generic steps/variables needed by phpslash to work "out-of-the-box". For now, the README covers all needed steps. Enjoy -- ----)(----- Luis M System Administrator LatinoMixed.com "We think basically you watch television to turn your brain off, and you work on your computer when you want to turn your brain on" -- Steve Jobs in an interview for MacWorld Magazine 2004-Feb No .doc: http://www.fsf.org/philosophy/no-word-attachments.es.html |
From: Joe S. <joe...@us...> - 2004-11-11 23:44:53
|
Released Release Candidate Four of phpSlash 0.8. https://sourceforge.net/project/showfiles.php?group_id=10566&package_id=70712&release_id=281949 There are quite a number of new features in this release. As well as additional modules available. If no critical bugs are reported for one week, phpSlash 0.8 will be released stable. Please test this version thoroughly so we can have a smooth release. Also help update the documentation. This can be done the easiest way for you to work. You can submit your changes back in whatever format is most convenient. The documentation is available as sgml, html, pdf, txt, rtf, Word doc, or Open Office writer files. http://www.php-slash.org/doc/single/ Or help build the Wiki into something that we can all use productively: http://www.php-slash.org/modules/wikka/wikka.php?wakka= thanks, Joe |
From: Luis M <le...@gm...> - 2004-11-02 03:58:54
|
On Tue, 19 Oct 2004 14:07:28 -0500, Joe Stewart <joe...@us...> wrote: > on 10/07/04 10:52 Joe Stewart said the following: > > Anyone got any bugs that need fixing before starting a Release Candidate? > > > > Here is what I've got so far: > > > > - [ 1034553 ] [0.8] - Title is not correct for Articles > > - [ 1034554 ] [0.8] - Title is not correct if no section forced. > > > > > > > > - [ 1035199 ] [0.8] - upgrade script doesn't upgrade all sections. > > It only upgrades the sections that exist in a > > default installation. Need to gather all sections > > and install new blocks. > > > > Closed these. Reopen if new problems found. > > > > > - No printer friendly choice for articles yet. - Anybody created a > > printer css? This may require a change that would allow css switching > > from the url. Probably could pretty much be done already. The previous > > method wouldn't be as straight forward because the article generation > > doesn't dictate what the rest of the page looks like. > > > > Added CSS tag to slashHead.tpl - Filled with either the skin or css GET > variable to allow changing css on the fly. > > Added print media css for basic, basiccurves, and ShankZen. > > The ShankZen_print.css is broken in that the botton navbar and comment > change view is still shown. > > > - Need to get away from god/password in the setup wizard. A screen in > > the wizard setting the username/password should work OK. > > > > TODO > > > - How many skins should be in the release? Most available are simply > > ported from other applications and not maintained too well. > > > > We've got: ShankZen > > Funkatronic > > basic > > basiccurves > > default - hasn't been maintained and I'm not interested in > > > > spending time with it. > > > > These are the ones in the current development release, except for > funkatronic. I'll try to get it up to date first. > > > Chime in with your thoughts or any other changes needed before 0.8 release. > > > > A couple more that would be nice: > > 1. Separate sql file into a core set to install the minimum necessary > and another set to install the example data. > > The install wizard was built for Back-End which already has this setup. > Should be simple to reenable. > > 2. RSS2.0 and Atom output from backend.php. > > These will probably come in during the RC testing. 3. When first login from LDAP-only source, the user is not automatically login to the page, but asked to re-enter username/password at which point authentication is done from the newly registered SQL account. Will fix this minor annoyance soon. -- ----)(----- Luis M System Administrator LatinoMixed.com "We think basically you watch television to turn your brain off, and you work on your computer when you want to turn your brain on" -- Steve Jobs in an interview for MacWorld Magazine 2004-Feb No .doc: http://www.fsf.org/philosophy/no-word-attachments.es.html |
From: Joe S. <joe...@us...> - 2004-10-26 22:16:05
|
on 10/24/04 13:14 Mike Gifford said the following: > Hi folks, > > Did a wee bit of testing on the most recent release.. > > In posting a comment (on my localhost test environment), I got: > http://localhost/psl/public_html/comment.php > > Warning: gethostbyaddr(): Address is not a valid IPv4 or IPv6 address > in I believe I fixed this in the cvs. Will try to get another release out tomorrow. > /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ > Comment.class on line 693 > > Warning: Cannot modify header information - headers already sent by > (output started at > /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ > Comment.class:693) in > /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ > index.php on line 87 > > Liked the use of BE's installer.. I didn't realize you had imported > it.. Great stuff! > Thank Evan for writing it. We've made a few changes here and there. > I had a problem logging in in either mozilla or firefox.. Didn't have > time to test it further.. may be a magic quotes issue as they were > enabled.. Will disable them and get back.. > Still haven't duplicated this. Joe > Mike > -- > Mike Gifford, OpenConcept Consulting > Free Software for Social Change -> http://www.openconcept.ca > Featured Sites - http://cupe1750.ca/ http://www.openoffice.ca > |
From: Mike G. <mi...@op...> - 2004-10-26 20:21:34
|
Hi Joe, On 26-Oct-04, at 3:40 PM, Joe Stewart wrote: > on 10/24/04 13:14 Mike Gifford said the following: >> Hi folks, >> Did a wee bit of testing on the most recent release.. >> In posting a comment (on my localhost test environment), I got: >> http://localhost/psl/public_html/comment.php >> Warning: gethostbyaddr(): Address is not a valid IPv4 or IPv6 address >> in > I believe I fixed this in the cvs. Will try to get another release > out tomorrow. Cool.. >> /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ >> Comment.class on line 693 >> Warning: Cannot modify header information - headers already sent by >> (output started at >> /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ >> Comment.class:693) in >> /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ >> index.php on line 87 >> Liked the use of BE's installer.. I didn't realize you had imported >> it.. Great stuff! > Thank Evan for writing it. We've made a few changes here and there. I'll try to take a look at your changes at some point.. I've ripped out the phpMyAdmin sql file parsing class from it though.. I'd like BE's updated to be controlled entirely though the web interface.. I don't see any reason why PMA_splitSqlFile() can't be used for all of the upgrade tables as well.. Just couldn't quite get it working before the last release... Oh well.. >> I had a problem logging in in either mozilla or firefox.. Didn't >> have time to test it further.. may be a magic quotes issue as they >> were enabled.. Will disable them and get back.. > Still haven't duplicated this. No worries.. Might just be something buggy with my setup.. I didn't have a chance to test this in fedora.. Mike -- Mike Gifford, OpenConcept Consulting Free Software for Social Change -> http://www.openconcept.ca Featured Sites - http://cupe1750.ca/ http://www.openoffice.ca |
From: Mike G. <mi...@op...> - 2004-10-24 18:14:42
|
Hi folks, Did a wee bit of testing on the most recent release.. In posting a comment (on my localhost test environment), I got: http://localhost/psl/public_html/comment.php Warning: gethostbyaddr(): Address is not a valid IPv4 or IPv6 address in /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ Comment.class on line 693 Warning: Cannot modify header information - headers already sent by (output started at /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ Comment.class:693) in /Library/WebServer/Documents/phpslash-0.8RC1/include/modules/comment/ index.php on line 87 Liked the use of BE's installer.. I didn't realize you had imported it.. Great stuff! I had a problem logging in in either mozilla or firefox.. Didn't have time to test it further.. may be a magic quotes issue as they were enabled.. Will disable them and get back.. Mike -- Mike Gifford, OpenConcept Consulting Free Software for Social Change -> http://www.openconcept.ca Featured Sites - http://cupe1750.ca/ http://www.openoffice.ca |
From: Joe S. <joe...@us...> - 2004-10-19 20:11:44
|
on 09/18/04 06:39 Joe Stewart said the following: > On Sat, Sep 18, 2004 at 10:45:30AM +0100, Peter Cruickshank wrote: > >>On Thu, 16 Sep 2004 12:41:57 -0500 >>Joe Stewart <joe...@us...> wrote: >> <snip> > >>>- Anything else? >> >>I wonder if this is a good point to create a new default database? >> > > > Yes. I've been thinking of splitting it out to two sql files - one core and one > example data. > Got it split here. Working on getting the installer to grab the example data too now. > >>As for skins, I clearly have a bias towards ShankZen! But it would be good >>to move to consistent use of style names. eg Where ShankZen uses >>"psl-desc", basic uses "desc". I think the "psl-" prefix is good, because >>it avoids namespace clashes with external modules... I'd be happy to update >>basic if you agree. >> > > > a volunteer! great! > > How about a printer css? > I committed a ShankZen_print.css but it's broken. There were some parts that still wanted to be shown. Maybe you can fix quickly in a way that won't break your other css files. > Most of the skins that I ported kept all their style names instead of conforming to > your convention. > > >>ShankZen's stylesheets could probably be simplified a little; again, I'd be >>happy to do this. >> > > > There is an issue with the ShankZend htmlarea3 and one of the stylesheets now I > think. This may have been resolved. > The ShankZen_ext.css has something that was interfering with the htmlarea displaying. I didn't investigate further. > >>I've got other CSS files that can be applied to ShankZen's templates. >>Would you be interested? How would they be included in a distribution? >> > I created a phpslash-skins/public_html/styles/ShankZen directory. Add them there. > > Good question. > > At the very least - > > create a ShankZen directory in the styles ( like BE_Default) > put all your stylesheets there. > Put them in the header so that they can be chosen in the browser. > > This would get them included and show they could be used in the header template as > needed. > Adding a few in the header would let Mozilla users change them. This was evidently taken out of Firefox. Anybody know of an extension? Joe > > thanks, > > Joe > > > >>P |
From: Joe S. <joe...@us...> - 2004-10-19 19:27:17
|
on 10/07/04 10:52 Joe Stewart said the following: > Anyone got any bugs that need fixing before starting a Release Candidate? > > Here is what I've got so far: > > - [ 1034553 ] [0.8] - Title is not correct for Articles > - [ 1034554 ] [0.8] - Title is not correct if no section forced. > > > > - [ 1035199 ] [0.8] - upgrade script doesn't upgrade all sections. > It only upgrades the sections that exist in a > default installation. Need to gather all sections > and install new blocks. > Closed these. Reopen if new problems found. > > - No printer friendly choice for articles yet. - Anybody created a > printer css? This may require a change that would allow css switching > from the url. Probably could pretty much be done already. The previous > method wouldn't be as straight forward because the article generation > doesn't dictate what the rest of the page looks like. > Added CSS tag to slashHead.tpl - Filled with either the skin or css GET variable to allow changing css on the fly. Added print media css for basic, basiccurves, and ShankZen. The ShankZen_print.css is broken in that the botton navbar and comment change view is still shown. > - Need to get away from god/password in the setup wizard. A screen in > the wizard setting the username/password should work OK. > TODO > - How many skins should be in the release? Most available are simply > ported from other applications and not maintained too well. > > We've got: ShankZen > Funkatronic > basic > basiccurves > default - hasn't been maintained and I'm not interested in > > spending time with it. > These are the ones in the current development release, except for funkatronic. I'll try to get it up to date first. > Chime in with your thoughts or any other changes needed before 0.8 release. > A couple more that would be nice: 1. Separate sql file into a core set to install the minimum necessary and another set to install the example data. The install wizard was built for Back-End which already has this setup. Should be simple to reenable. 2. RSS2.0 and Atom output from backend.php. These will probably come in during the RC testing. Joe > If you can take any of these on that would be great. I've got an idea > of how to solve the page title issue and will try to get that done. > > Joe > |
From: Luis M <le...@gm...> - 2004-10-14 16:18:12
|
On Wed, 13 Oct 2004 16:02:51 -0700, Aric Caley <gre...@pe...> wrote: > I have an idea for a website. I would need to have articles refer to > polls; each article would in fact have its own poll that would show > inside of it. Also, I would like for the polls to have start and end > times. How hard would it be to modify phpslash to do this? We found this to be interesting to implement. Would you jump to the IRC channel and talk about it? #phpslash irc.freenode.net We are thinking about allowing poll_id to be passed from the URL, and somehow mapping story_id to poll_id... that way when you go to the story, it should update the story page (article.php) and pull the right poll from the poll system -- ----)(----- Luis M System Administrator LatinoMixed.com "We think basically you watch television to turn your brain off, and you work on your computer when you want to turn your brain on" -- Steve Jobs in an interview for MacWorld Magazine 2004-Feb No .doc: http://www.fsf.org/philosophy/no-word-attachments.es.html |
From: Aric C. <gre...@pe...> - 2004-10-13 23:03:05
|
I have an idea for a website. I would need to have articles refer to polls; each article would in fact have its own poll that would show inside of it. Also, I would like for the polls to have start and end times. How hard would it be to modify phpslash to do this? |
From: Aric C. <gre...@pe...> - 2004-10-13 15:34:52
|
Just wanted to let anybody know, that with Cygwin you can easily install and run a complete KDE envirionment in windows, and kcachegrind comes with it (IE you dont need to compile it). xdebug is also easy to install. All together, pretty cool stuff. Joe Stewart wrote: >On Fri, Oct 08, 2004 at 09:24:15AM -0700, Aric Caley wrote: > > >>Pretty cool. Can I do this in windows? I understand you can run KDE >>with Cygwin, and then I guess I could compile kcachegrind myself in >>cygwin? Would I also have to run Apache and PHP in Cygwin (rather than >>the native Windows versions) in order for this to work? >> >> >> > >Have no idea about the kde stuff on windows. If there is a valgrind >utility for windows, you might get the same functionality. > >There are binary xdebug php modules for windows at xdebug.org. So you >should be OK there. > >The xdebug profiler generates files in valgrind's format. > >Joe > > > >>Joe Stewart wrote: >> >> >> >>>Since email traffic has picked up, I thought a few more might be >>>interested in this screenshot: >>> >>> http://www.php-slash.org/downloads/kcachegrind1.gif >>> >>> >>>It was generated using Xdebug and kcachegrind. >>> >>>Here is another screenshot showing the profiler output: >>> >>> http://www.php-slash.org/downloads/kcachegrind2.gif >>> >>>Joe >>> >>> >>> |
From: Joe S. <joe...@us...> - 2004-10-08 16:47:04
|
On Fri, Oct 08, 2004 at 09:24:15AM -0700, Aric Caley wrote: > Pretty cool. Can I do this in windows? I understand you can run KDE > with Cygwin, and then I guess I could compile kcachegrind myself in > cygwin? Would I also have to run Apache and PHP in Cygwin (rather than > the native Windows versions) in order for this to work? > Have no idea about the kde stuff on windows. If there is a valgrind utility for windows, you might get the same functionality. There are binary xdebug php modules for windows at xdebug.org. So you should be OK there. The xdebug profiler generates files in valgrind's format. Joe > Joe Stewart wrote: > > >Since email traffic has picked up, I thought a few more might be > >interested in this screenshot: > > > > http://www.php-slash.org/downloads/kcachegrind1.gif > > > > > >It was generated using Xdebug and kcachegrind. > > > >Here is another screenshot showing the profiler output: > > > > http://www.php-slash.org/downloads/kcachegrind2.gif > > > >Joe > > > > > >------------------------------------------------------- > >This SF.net email is sponsored by: IT Product Guide on ITManagersJournal > >Use IT products in your business? Tell us what you think of them. Give us > >Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out > >more > >http://productguide.itmanagersjournal.com/guidepromo.tmpl > >_______________________________________________ > >Phpslash-devel mailing list > >Php...@li... > >https://lists.sourceforge.net/lists/listinfo/phpslash-devel > > > > > > > |
From: Aric C. <gre...@pe...> - 2004-10-08 16:25:40
|
Pretty cool. Can I do this in windows? I understand you can run KDE with Cygwin, and then I guess I could compile kcachegrind myself in cygwin? Would I also have to run Apache and PHP in Cygwin (rather than the native Windows versions) in order for this to work? Joe Stewart wrote: > Since email traffic has picked up, I thought a few more might be > interested in this screenshot: > > http://www.php-slash.org/downloads/kcachegrind1.gif > > > It was generated using Xdebug and kcachegrind. > > Here is another screenshot showing the profiler output: > > http://www.php-slash.org/downloads/kcachegrind2.gif > > Joe > > > ------------------------------------------------------- > This SF.net email is sponsored by: IT Product Guide on ITManagersJournal > Use IT products in your business? Tell us what you think of them. Give us > Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out > more > http://productguide.itmanagersjournal.com/guidepromo.tmpl > _______________________________________________ > Phpslash-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > > > |
From: Joe S. <joe...@us...> - 2004-10-08 11:01:08
|
On Fri, Oct 08, 2004 at 02:49:20AM -0400, Luis M wrote: > commenting those out in config.php didn't do it? i thought that's all > you needed to do. Did you check config.ini.php ? > I've never tried doing that. Check with us in #phpslash IRC channel > during EST day time hours :-) Joe, Mike and I are always there. > > > On Thu, 07 Oct 2004 15:49:23 -0400, Matt Wiseman <tro...@sh...> wrote: > > > > Thanks I'll get on that! In the mean time, is there an easy way to turn > > things off? > > > > I need to disable login comment out the Login navbar entries in config.php. > > an Add story from the navbar, > > and need to kill > > off the comments system.. I THOUGHT I killed comments in config.php, > > but alas they're still there. > > Comment out the Submission module in config.ini.php. Just commenting out the link in the navbar would allow the submission.php url to still work. Same for Comment except as Peter said there are a few links in the templates to the comments. Joe > > -- > > Matt "TrollBoy" Wiseman > > ------------------------- > > WebMaster: Shoggoth.net > > WebMonkey: Chaosium.com > > All around weirdo > > > > > > > -- > ----)(----- > Luis M > System Administrator > LatinoMixed.com > > "We think basically you watch television to turn your brain off, and > you work on your computer when you want to turn your brain on" -- > Steve Jobs in an interview for MacWorld Magazine 2004-Feb > > No .doc: http://www.fsf.org/philosophy/no-word-attachments.es.html > |
From: Peter C. <li...@cr...> - 2004-10-08 10:35:40
|
AFAIK, you can disable commenting functionality from config.ini.php, but there are a few places where you have to remove comment stuff (blocks, links) from the templates. I think that's mostly been done in the ShankZen skin. I've set up a few sites with the comment system complete removed, so it is possible. P |
From: Luis M <le...@gm...> - 2004-10-08 06:49:32
|
commenting those out in config.php didn't do it? i thought that's all you needed to do. Did you check config.ini.php ? I've never tried doing that. Check with us in #phpslash IRC channel during EST day time hours :-) Joe, Mike and I are always there. On Thu, 07 Oct 2004 15:49:23 -0400, Matt Wiseman <tro...@sh...> wrote: > > Thanks I'll get on that! In the mean time, is there an easy way to turn > things off? > > I need to disable login an Add story from the navbar, and need to kill > off the comments system.. I THOUGHT I killed comments in config.php, > but alas they're still there. > > -- > Matt "TrollBoy" Wiseman > ------------------------- > WebMaster: Shoggoth.net > WebMonkey: Chaosium.com > All around weirdo > > -- ----)(----- Luis M System Administrator LatinoMixed.com "We think basically you watch television to turn your brain off, and you work on your computer when you want to turn your brain on" -- Steve Jobs in an interview for MacWorld Magazine 2004-Feb No .doc: http://www.fsf.org/philosophy/no-word-attachments.es.html |
From: Joe S. <joe...@us...> - 2004-10-07 16:11:31
|
Anyone got any bugs that need fixing before starting a Release Candidate? Here is what I've got so far: - [ 1034553 ] [0.8] - Title is not correct for Articles - [ 1034554 ] [0.8] - Title is not correct if no section forced. - [ 1035199 ] [0.8] - upgrade script doesn't upgrade all sections. It only upgrades the sections that exist in a default installation. Need to gather all sections and install new blocks. - No printer friendly choice for articles yet. - Anybody created a printer css? This may require a change that would allow css switching from the url. Probably could pretty much be done already. The previous method wouldn't be as straight forward because the article generation doesn't dictate what the rest of the page looks like. - Need to get away from god/password in the setup wizard. A screen in the wizard setting the username/password should work OK. - How many skins should be in the release? Most available are simply ported from other applications and not maintained too well. We've got: ShankZen Funkatronic basic basiccurves default - hasn't been maintained and I'm not interested in spending time with it. Chime in with your thoughts or any other changes needed before 0.8 release. If you can take any of these on that would be great. I've got an idea of how to solve the page title issue and will try to get that done. Joe |