Menu
▾
▴
phpwebsite-developers — For our development team.
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
(1) |
Mar
(265) |
Apr
(166) |
May
(25) |
Jun
(17) |
Jul
(20) |
Aug
(47) |
Sep
(6) |
Oct
(14) |
Nov
(66) |
Dec
(64) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(109) |
Feb
(64) |
Mar
(34) |
Apr
(23) |
May
(64) |
Jun
(9) |
Jul
(13) |
Aug
(6) |
Sep
(33) |
Oct
(272) |
Nov
(67) |
Dec
(75) |
| 2003 |
Jan
(264) |
Feb
(244) |
Mar
(171) |
Apr
(119) |
May
(54) |
Jun
(93) |
Jul
(51) |
Aug
(48) |
Sep
(14) |
Oct
(49) |
Nov
(47) |
Dec
(15) |
| 2004 |
Jan
(13) |
Feb
(27) |
Mar
(18) |
Apr
(44) |
May
(35) |
Jun
(24) |
Jul
(39) |
Aug
(142) |
Sep
(35) |
Oct
(34) |
Nov
(49) |
Dec
(24) |
| 2005 |
Jan
(60) |
Feb
(71) |
Mar
(19) |
Apr
(27) |
May
(68) |
Jun
(4) |
Jul
(30) |
Aug
(10) |
Sep
(23) |
Oct
(24) |
Nov
(13) |
Dec
(6) |
| 2006 |
Jan
(4) |
Feb
(46) |
Mar
(64) |
Apr
(18) |
May
(16) |
Jun
(37) |
Jul
(7) |
Aug
(19) |
Sep
(9) |
Oct
(8) |
Nov
(3) |
Dec
(23) |
| 2007 |
Jan
(25) |
Feb
(21) |
Mar
(32) |
Apr
(36) |
May
(12) |
Jun
(1) |
Jul
(7) |
Aug
(15) |
Sep
(13) |
Oct
(1) |
Nov
|
Dec
|
| 2008 |
Jan
(3) |
Feb
(5) |
Mar
(1) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(2) |
Aug
(7) |
Sep
|
Oct
(5) |
Nov
(1) |
Dec
|
| 2009 |
Jan
(7) |
Feb
(1) |
Mar
|
Apr
|
May
(1) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(3) |
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|
From: Shaun M. <sh...@ae...> - 2004-09-15 22:22:24
|
Have a look at the Notes module as an example. In particular the inc/runtime.php file. That file is needed to get something on the front page. Shaun aegis design - http://www.aegisdesign.co.uk |
|
From: Dwight F. <dw...@op...> - 2004-09-15 19:48:32
|
I'm *very* new to phpwebsite, but am impressed. I am trying to learn how to write a module .. and get it displayed on the main page. Much like the Calendar module I want it to sit off in it's own little box with it's own little display. What I want to do is be able to upload club newsletters (PDF files) to the web server and then have a module that will make the latest newsletter available on the main page. I also want to have a link that will bring up another (larger) page that lists all newsletters in date order. Finally, I know I could do much of this with some simple blocks that are edited each time a new newsletter is available, but I want to be able to have this all work without having to change any code. In other words, I want to just upload the latest newsletter (following some standard naming conventions) and have the "Right Thing (tm)" be done. I already have the PHP code in place to sort through the list of newsletter files and, using their names, create the desired list. This was done for another home-brew PHP based site .. the site I would really like to switch over to using PHPWebSite. I just need to (a) wrap this behavior up in a module and (b) present it on the site. I already have worked over the "Skeleton" module to create a "Newsletter" module, and have gotten it to install and run. It still just has the stock standard skeleton code in it .. but with new names. I intend to adjust that code to include my newsletter functionality once I have the basics understood. What isn't clear to me is how a module (like Calendar) gets presented in it's own box on the main page. Can someone clear this up for me? If this is a FAQ and I should go RTFM, I'm happy to do so. Just tell me the FM to go R and I'm off and running. I've searched, though, and have yet to find anything that clears this up for me. :) -- Dwight (PHPWebSite newbie) |
|
From: Ryan R. <to...@gm...> - 2004-09-15 01:45:03
|
Just wondering if you guys were aware that the Web CVS Annotation won't function. Not sure if this is a result of the CVS downtime from a few weeks ago or not, but wanted to let you guys know. http://res1.stddev.appstate.edu/horde/chora/annotate.php/phpwebsite094/index.php?rev=1.18 Thanks, Ryan Roland Systems Developer Indiana University |
|
From: Shaun M. <sh...@ae...> - 2004-09-09 23:33:15
|
On 9 Sep 2004, at 22:27, Don Seiler wrote: > I was ready to test version 0.10.0 of phpwsbb, Isn't that a little confusing to humans though? ie. is 0.10 > 0.9? Go on, have the balls to call it 1.0. ;-) Shaun aegis design - http://www.aegisdesign.co.uk |
|
From: Wendall C. <wen...@to...> - 2004-09-09 22:40:39
|
Don, I've ran into this before with minor version changes. It is freaky at times the way things are. Some version numbers will not boost at all. I think I ran into this for 0.3.x or 0.2.x on rssfeeds. I'll update my local cvs and test against a couple things as well. Wendall On Thu, 2004-09-09 at 14:54, Don Seiler wrote: > Thanks to rhalff who pointed me to: > > http://us2.php.net/manual/en/function.version-compare.php > > I've tested it and it works great, the user comments show it to be > pretty robust. > > I've taken the liberty of changing Boost.php to use it. Note that all > module developers should be using as well in their update.php when > checking their own versions. > > Don. > > On 16:27 Thu 09 Sep , Don Seiler wrote: > > I was ready to test version 0.10.0 of phpwsbb, however boost didn't > > think it was an update. I had feared this but had never come to an > > 0.10.0 to see it in action. Anyway it looks like this is the check in > > boost: > > > > if ($version && $version > $moduleInfo["version"]) > > > > Obviously we shouldn't be doing a numerical comparison here. I'm not > > sure if we can force an alphabetical comparison or if that is even right > > as well. I have to rush off now but thought I'd throw this out and see > > if anyone gets a fix before I do. > > > > This needs to be corrected otherwise you limit yourself to single-digit > > minor/patch versions. > > > > Don. > > > > -- > > Don Seiler > > do...@se... > > > > Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFC87F041 > > Fingerprint: 0B56 50D5 E91E 4D4C 83B7 207C 76AC 5DA2 FC87 F041 -- "Only the ideas that we really live have any value." --Hermann Hesse (Demian) |
|
From: Don S. <do...@se...> - 2004-09-09 21:54:50
|
Thanks to rhalff who pointed me to: http://us2.php.net/manual/en/function.version-compare.php I've tested it and it works great, the user comments show it to be pretty robust. I've taken the liberty of changing Boost.php to use it. Note that all module developers should be using as well in their update.php when checking their own versions. Don. On 16:27 Thu 09 Sep , Don Seiler wrote: > I was ready to test version 0.10.0 of phpwsbb, however boost didn't > think it was an update. I had feared this but had never come to an > 0.10.0 to see it in action. Anyway it looks like this is the check in > boost: >=20 > if ($version && $version > $moduleInfo["version"]) >=20 > Obviously we shouldn't be doing a numerical comparison here. I'm not > sure if we can force an alphabetical comparison or if that is even right > as well. I have to rush off now but thought I'd throw this out and see > if anyone gets a fix before I do. >=20 > This needs to be corrected otherwise you limit yourself to single-digit > minor/patch versions. >=20 > Don. >=20 > --=20 > Don Seiler > do...@se... >=20 > Public Key: http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xFC87F= 041 > Fingerprint: 0B56 50D5 E91E 4D4C 83B7 207C 76AC 5DA2 FC87 F041 --=20 Don Seiler do...@se... Public Key: http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xFC87F041 Fingerprint: 0B56 50D5 E91E 4D4C 83B7 207C 76AC 5DA2 FC87 F041 |
|
From: Don S. <do...@se...> - 2004-09-09 21:49:58
|
I was ready to test version 0.10.0 of phpwsbb, however boost didn't
think it was an update. I had feared this but had never come to an
0.10.0 to see it in action. Anyway it looks like this is the check in
boost:
if ($version && $version > $moduleInfo["version"])
Obviously we shouldn't be doing a numerical comparison here. I'm not
sure if we can force an alphabetical comparison or if that is even right
as well. I have to rush off now but thought I'd throw this out and see
if anyone gets a fix before I do.
This needs to be corrected otherwise you limit yourself to single-digit
minor/patch versions.
Don.
--=20
Don Seiler
do...@se...
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xFC87F041
Fingerprint: 0B56 50D5 E91E 4D4C 83B7 207C 76AC 5DA2 FC87 F041
|
|
From: Wendall C. <wen...@to...> - 2004-09-07 22:26:08
|
I think it wouldn't hurt to test these methods. At least find the quirks that need fixed for each. Wendall On Mon, 2004-09-06 at 11:26, Mike Noyes wrote: > Everyone, > Should we test phpWebSite release candidates using CGI, FastCGI, and/or > suexec/suphp in addition to mod_php? > > http://www.fastcgi.com/ > http://www.suphp.org/ -- "Only the ideas that we really live have any value." --Hermann Hesse (Demian) |
|
From: Shaun M. <sh...@ae...> - 2004-09-07 19:54:26
|
On 5 Sep 2004, at 18:47, Shaun Savage wrote: > Hi > > I am haveing major problems installing phpwebsite-0.9.3-4 on Linux > fedora core 2 > . I am using apache-2.0.50, mysql-3.23.58, (postgres does not setup > at all) php-4.3.8. That's an odd combo. IME you'd be better off with Apache 1.3 and MySQL 4.0.x. Apache 1.3 because it's tried and trusted. MySQL 4.0.x because it has particularly good advantages for caching dynamically generated content. Plus avoid safe_mode if possible. Shaun aegis design - http://www.aegisdesign.co.uk |
|
From: M. F. <md...@gm...> - 2004-09-07 17:47:44
|
This is due to phpWebSite using more than 8 MB of RAM that is default set in php.ini depening on thhe modules you have loaded. As stated in the installation FAQ found at: http://phpwebsite.appstate.edu/index.php?module=faq&FAQ_op=view&FAQ_id=18 Q: What does this error mean? Fatal error: Allowed memory size of n bytes exhausted (tried to allocate n bytes) in Unknown on line n A: PhpWebSite currently has a hefty memory requirement which we hope to fix in our 0.9.4 release. Until then you can resolve the issue by uncommenting the line shown below. It is located at the top of the Core.php file in the core/ directory of phpWebSite. /* Uncomment this line to attempt to use a higher memory limit */ ini_set("memory_limit", "12M"); You may even want to set it to 16M Update: 11/11/03 Memory requirements will drop significantly upon the release of 0.9.3-2. On Sun, 05 Sep 2004 10:47:56 -0700, Shaun Savage <sa...@sa...> wrote: > Hi > > I am haveing major problems installing phpwebsite-0.9.3-4 on Linux > fedora core 2 > . I am using apache-2.0.50, mysql-3.23.58, (postgres does not setup at > all) php-4.3.8. > > The hardware is athlon with 512M RAM, 120D HD. > > the config page works, all the modules install, but when I go to "youe > install" I get int the error log file. > -------- > [client 127.0.0.1] PHP Fatal error: Allowed memory size of 8388608 > bytes exhausted (tried to allocate 3840 bytes) in > /var/www/pws/lib/pear/Mail.php on line 87, referer: > http://www.tuxclub.org/setup/setup.php > ------ ----- Snip Snip--- |
|
From: Daniel W. <dan...@pa...> - 2004-09-07 07:44:44
|
I did a bit of searching and couldn't find anything about it, but are there any plans for some sort of email validation when users sign up? I get at least one bounced registration email each day from people who either don't know their own email or can't type very well. I think it would be helpful if there was a setting where you can specify to have accounts deleted that have not been validated after x days. Daniel |
|
From: Mike N. <mh...@us...> - 2004-09-06 18:19:03
|
Everyone,
Should we test phpWebSite release candidates using CGI, FastCGI, and/or
suexec/suphp in addition to mod_php?
http://www.fastcgi.com/
http://www.suphp.org/
--
Mike Noyes <mhnoyes at users.sourceforge.net>
http://sourceforge.net/users/mhnoyes/
SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs
|
|
From: Shaun S. <sa...@sa...> - 2004-09-05 17:48:39
|
Hi I am haveing major problems installing phpwebsite-0.9.3-4 on Linux fedora core 2 . I am using apache-2.0.50, mysql-3.23.58, (postgres does not setup at all) php-4.3.8. The hardware is athlon with 512M RAM, 120D HD. the config page works, all the modules install, but when I go to "youe install" I get int the error log file. -------- [client 127.0.0.1] PHP Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 3840 bytes) in /var/www/pws/lib/pear/Mail.php on line 87, referer: http://www.tuxclub.org/setup/setup.php ------ this tells me there is a loop somewhere. I have install postnuke and phpnuke to fix the problem but they don' have a calendar. php_info ------------- System Linux servit.savages.net 2.6.8-1.521 #1 Mon Aug 16 09:01:18 EDT 2004 i686 Build Date Jul 16 2004 09:26:27 Configure Command './configure' '--host=i386-redhat-linux' '--build=i386-redhat-linux' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-ncurses' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-regex=system' '--with-xml' '--with-expat-dir=/usr' '--with-dom=shared,/usr' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-xmlrpc=shared' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-pear=/usr/share/pear' '--with-imap=shared' '--with-imap-ssl' '--with-kerberos' '--with-ldap=shared' '--with-mysql=shared,/usr' '--with-pgsql=shared' '--with-snmp=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit' '--enable-bcmath' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mcal' '--enable-mbstring=shared' '--enable-mbstr-enc-trans' '--enable-mbregex' '--with-apxs2=/usr/sbin/apxs' Server API Apache 2.0 Handler Virtual Directory Support disabled Configuration File (php.ini) Path /etc/php.ini Scan this dir for additional .ini files /etc/php.d additional .ini files parsed /etc/php.d/ldap.ini, /etc/php.d/mbstring.ini, /etc/php.d/mysql.ini, /etc/php.d/odbc.ini, /etc/php.d/pgsql.ini PHP API 20020918 PHP Extension 20020429 Zend Extension 20021010 Debug Build no Thread Safety disabled Registered PHP Streams php, http, ftp, https, ftps, compress.bzip2, compress.zlib Zend logo This program makes use of the Zend Scripting Language Engine: Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies PHP Credits Configuration PHP Core Directive Local Value Master Value allow_call_time_pass_reference Off Off allow_url_fopen On On always_populate_raw_post_data Off Off arg_separator.input & & arg_separator.output & & asp_tags Off Off auto_append_file no value no value auto_prepend_file no value no value browscap no value no value default_charset no value no value default_mimetype text/html text/html define_syslog_variables Off Off disable_classes no value no value disable_functions no value no value display_errors Off Off display_startup_errors Off Off doc_root no value no value docref_ext no value no value docref_root no value no value enable_dl On On error_append_string no value no value error_log no value no value error_prepend_string no value no value error_reporting 2047 2047 expose_php On On extension_dir /usr/lib/php4 /usr/lib/php4 file_uploads On On gpc_order GPC GPC highlight.bg #FFFFFF #FFFFFF highlight.comment #FF8000 #FF8000 highlight.default #0000BB #0000BB highlight.html #000000 #000000 highlight.keyword #007700 #007700 highlight.string #DD0000 #DD0000 html_errors On On ignore_repeated_errors Off Off ignore_repeated_source Off Off ignore_user_abort Off Off implicit_flush Off Off include_path .:/usr/share/pear .:/usr/share/pear log_errors On On log_errors_max_len 1024 1024 magic_quotes_gpc Off Off magic_quotes_runtime Off Off magic_quotes_sybase Off Off max_execution_time 30 30 max_input_time 60 60 memory_limit 8M 8M open_basedir no value no value output_buffering no value no value output_handler no value no value post_max_size 8M 8M precision 14 14 register_argc_argv On On register_globals Off Off report_memleaks On On safe_mode Off Off safe_mode_exec_dir no value no value safe_mode_gid Off Off safe_mode_include_dir no value no value sendmail_from no value no value sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i serialize_precision 100 100 short_open_tag On On SMTP localhost localhost smtp_port 25 25 sql.safe_mode Off Off track_errors Off Off unserialize_callback_func no value no value upload_max_filesize 2M 2M upload_tmp_dir no value no value user_dir no value no value variables_order EGPCS EGPCS xmlrpc_error_number 0 0 xmlrpc_errors Off Off y2k_compliance On On apache2handler Apache Version Apache/2.0.50 (Fedora) Apache API Version 20020903 Server Administrator web...@sa... Hostname:Port localhost:0 User/Group apache(48)/48 Max Requests Per Child: 4000 - Keep Alive: off - Max Per Connection: 100 Timeouts Connection: 300 - Keep-Alive: 15 Virtual Server Yes Server Root /etc/httpd Loaded Modules core prefork http_core mod_so mod_access mod_auth mod_auth_anon mod_auth_dbm mod_auth_digest util_ldap mod_auth_ldap mod_include mod_log_config mod_env mod_mime_magic mod_cern_meta mod_expires mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav mod_status mod_autoindex mod_asis mod_info mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_imap mod_actions mod_speling mod_userdir mod_alias mod_rewrite mod_proxy proxy_ftp proxy_http proxy_connect mod_cache mod_suexec mod_disk_cache mod_file_cache mod_mem_cache mod_cgi mod_auth_pgsql mod_perl sapi_apache2 mod_python mod_ssl Directive Local Value Master Value engine 1 1 last_modified 0 0 xbithack 0 0 Apache Environment Variable Value HTTP_HOST localhost HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803 HTTP_ACCEPT text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5 HTTP_ACCEPT_ENCODING gzip,deflate HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7 HTTP_KEEP_ALIVE 300 HTTP_CONNECTION keep-alive HTTP_COOKIE PHPSESSID=5d7ca64a47c5498239b918f6d873607c PATH /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin SERVER_SIGNATURE <address>Apache/2.0.50 (Fedora) Server at localhost Port 80</address> SERVER_SOFTWARE Apache/2.0.50 (Fedora) SERVER_NAME localhost SERVER_ADDR 127.0.0.1 SERVER_PORT 80 REMOTE_ADDR 127.0.0.1 DOCUMENT_ROOT /var/www/html SERVER_ADMIN web...@sa... SCRIPT_FILENAME /var/www/html/info.php REMOTE_PORT 34577 GATEWAY_INTERFACE CGI/1.1 SERVER_PROTOCOL HTTP/1.1 REQUEST_METHOD GET QUERY_STRING no value REQUEST_URI /info.php SCRIPT_NAME /info.php HTTP Headers Information HTTP Request Headers HTTP Request GET /info.php HTTP/1.1 Host localhost User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803 Accept text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300 Connection keep-alive Cookie PHPSESSID=5d7ca64a47c5498239b918f6d873607c HTTP Response Headers X-Powered-By PHP/4.3.8 Connection close Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 bcmath BCMath support enabled bz2 BZip2 Support Enabled BZip2 Version 1.0.2, 30-Dec-2001 calendar Calendar support enabled ctype ctype functions enabled curl CURL support enabled CURL Information libcurl/7.11.1 OpenSSL/0.9.7a ipv6 zlib/1.2.1.1 dba DBA support enabled Supported handlers cdb cdb_make db4 inifile flatfile dbx dbx support enabled dbx version 1.0.0 supported databases MySQL ODBC PostgreSQL Microsoft SQL Server FrontBase Oracle 8 (oci8) Sybase-CT Directive Local Value Master Value dbx.colnames_case lowercase lowercase dio dio support enabled exif EXIF Support enabled EXIF Version 1.4 $Id: exif.c,v 1.118.2.27 2003/12/17 09:08:37 helly Exp $ Supported EXIF Version 0220 Supported filetypes JPEG,TIFF ftp FTP support enabled gd GD Support enabled GD Version bundled (2.0.23 compatible) FreeType Support enabled FreeType Linkage with freetype GIF Read Support enabled JPG Support enabled PNG Support enabled WBMP Support enabled XBM Support enabled gettext GetText Support enabled gmp gmp support enabled iconv iconv support enabled iconv implementation glibc iconv library version 2.3.3 Directive Local Value Master Value iconv.input_encoding ISO-8859-1 ISO-8859-1 iconv.internal_encoding ISO-8859-1 ISO-8859-1 iconv.output_encoding ISO-8859-1 ISO-8859-1 ldap LDAP Support enabled RCS Version $Id: ldap.c,v 1.130.2.10 2004/06/01 21:05:33 iliaa Exp $ Total Links 0/unlimited API Version 2004 Vendor Name OpenLDAP Vendor Version 20129 mbstring Multibyte Support enabled Japanese support enabled Simplified chinese support enabled Traditional chinese support enabled Korean support enabled Russian support enabled Multibyte (japanese) regex support enabled mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1. Directive Local Value Master Value mbstring.detect_order no value no value mbstring.encoding_translation Off Off mbstring.func_overload 0 0 mbstring.http_input pass pass mbstring.http_output pass pass mbstring.internal_encoding ISO-8859-1 no value mbstring.language neutral neutral mbstring.substitute_character no value no value mysql MySQL Support enabled Active Persistent Links 0 Active Links 0 Client API version 3.23.58 MYSQL_MODULE_TYPE external MYSQL_SOCKET /var/lib/mysql/mysql.sock MYSQL_INCLUDE -I/usr/include/mysql MYSQL_LIBS -L/usr/lib/mysql -lmysqlclient Directive Local Value Master Value mysql.allow_persistent On On mysql.connect_timeout 60 60 mysql.default_host no value no value mysql.default_password no value no value mysql.default_port no value no value mysql.default_socket no value no value mysql.default_user no value no value mysql.max_links Unlimited Unlimited mysql.max_persistent Unlimited Unlimited mysql.trace_mode Off Off odbc ODBC Support enabled Active Persistent Links 0 Active Links 0 ODBC library unixODBC ODBC_INCLUDE -I/usr/include ODBC_LFLAGS -L/usr/lib ODBC_LIBS -lodbc Directive Local Value Master Value odbc.allow_persistent On On odbc.check_persistent On On odbc.default_db no value no value odbc.default_pw no value no value odbc.default_user no value no value odbc.defaultbinmode return as is return as is odbc.defaultlrl return up to 4096 bytes return up to 4096 bytes odbc.max_links Unlimited Unlimited odbc.max_persistent Unlimited Unlimited openssl OpenSSL support enabled OpenSSL Version OpenSSL 0.9.7a Feb 19 2003 overload User-Space Object Overloading Support enabled pcre PCRE (Perl Compatible Regular Expressions) Support enabled PCRE Library Version 4.5 01-December-2003 pgsql PostgreSQL Support enabled PostgreSQL(libpq) Version 7.4.2 Multibyte character support enabled SSL support enabled Active Persistent Links 0 Active Links 0 Directive Local Value Master Value pgsql.allow_persistent On On pgsql.auto_reset_persistent Off Off pgsql.ignore_notice Off Off pgsql.log_notice Off Off pgsql.max_links Unlimited Unlimited pgsql.max_persistent Unlimited Unlimited posix Revision $Revision: 1.51.2.2 $ pspell PSpell Support enabled session Session Support enabled Registered save handlers files user Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /var/lib/php/session /var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid Off Off shmop shmop support enabled sockets Sockets Support enabled standard Regex Library Bundled library enabled Dynamic Library Support enabled Path to sendmail /usr/sbin/sendmail -t -i Directive Local Value Master Value assert.active 1 1 assert.bail 0 0 assert.callback no value no value assert.quiet_eval 0 0 assert.warning 1 1 auto_detect_line_endings 0 0 default_socket_timeout 60 60 safe_mode_allowed_env_vars PHP_ PHP_ safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry user_agent no value no value tokenizer Tokenizer Support enabled wddx WDDX Support enabled WDDX Session Serializer enabled xml XML Support active XML Namespace Support active EXPAT Version expat_1.95.7 yp YP Support enabled zlib ZLib Support enabled Compiled Version 1.2.1.1 Linked Version 1.2.1.1 Directive Local Value Master Value zlib.output_compression Off Off zlib.output_compression_level -1 -1 zlib.output_handler no value no value Additional Modules Module Name sysvsem sysvshm Environment Variable Value SSH_AGENT_PID 2208 HOSTNAME servit.savages.net DESKTOP_STARTUP_ID no value SHELL /bin/bash TERM xterm HISTSIZE 1000 GTK_RC_FILES /etc/gtk/gtkrc:/home/savages/.gtkrc-1.2-gnome2 WINDOWID 37748805 QTDIR /usr/lib/qt-3.3 USER savages LS_COLORS no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: GNOME_KEYRING_SOCKET /tmp/keyring-NWn0ho/socket SSH_AUTH_SOCK /tmp/ssh-exNc2160/agent.2160 KDEDIR /usr SESSION_MANAGER local/servit.savages.net:/tmp/.ICE-unix/2160 MAIL /var/spool/mail/savages DESKTOP_SESSION default PATH /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin INPUTRC /etc/inputrc PWD /etc/httpd/conf LANG en_US.UTF-8 GDMSESSION default SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass HOME /root SHLVL 4 GNOME_DESKTOP_SESSION_ID Default LOGNAME savages LESSOPEN |/usr/bin/lesspipe.sh %s DISPLAY :0.0 G_BROKEN_FILENAMES 1 COLORTERM gnome-terminal XAUTHORITY /root/.xauthTKgpHT _ /sbin/initlog PHP Variables Variable Value _REQUEST["PHPSESSID"] 5d7ca64a47c5498239b918f6d873607c _COOKIE["PHPSESSID"] 5d7ca64a47c5498239b918f6d873607c _SERVER["HTTP_HOST"] localhost _SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803 _SERVER["HTTP_ACCEPT"] text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 _SERVER["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5 _SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate _SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.7 _SERVER["HTTP_KEEP_ALIVE"] 300 _SERVER["HTTP_CONNECTION"] keep-alive _SERVER["HTTP_COOKIE"] PHPSESSID=5d7ca64a47c5498239b918f6d873607c _SERVER["PATH"] /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin _SERVER["SERVER_SIGNATURE"] <address>Apache/2.0.50 (Fedora) Server at localhost Port 80</address> _SERVER["SERVER_SOFTWARE"] Apache/2.0.50 (Fedora) _SERVER["SERVER_NAME"] localhost _SERVER["SERVER_ADDR"] 127.0.0.1 _SERVER["SERVER_PORT"] 80 _SERVER["REMOTE_ADDR"] 127.0.0.1 _SERVER["DOCUMENT_ROOT"] /var/www/html _SERVER["SERVER_ADMIN"] web...@sa... _SERVER["SCRIPT_FILENAME"] /var/www/html/info.php _SERVER["REMOTE_PORT"] 34577 _SERVER["GATEWAY_INTERFACE"] CGI/1.1 _SERVER["SERVER_PROTOCOL"] HTTP/1.1 _SERVER["REQUEST_METHOD"] GET _SERVER["QUERY_STRING"] no value _SERVER["REQUEST_URI"] /info.php _SERVER["SCRIPT_NAME"] /info.php _SERVER["PHP_SELF"] /info.php _SERVER["PATH_TRANSLATED"] /var/www/html/info.php _SERVER["argv"] Array ( ) _SERVER["argc"] 0 _ENV["SSH_AGENT_PID"] 2208 _ENV["HOSTNAME"] servit.savages.net _ENV["DESKTOP_STARTUP_ID"] no value _ENV["SHELL"] /bin/bash _ENV["TERM"] xterm _ENV["HISTSIZE"] 1000 _ENV["GTK_RC_FILES"] /etc/gtk/gtkrc:/home/savages/.gtkrc-1.2-gnome2 _ENV["WINDOWID"] 37748805 _ENV["QTDIR"] /usr/lib/qt-3.3 _ENV["USER"] savages _ENV["LS_COLORS"] no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: _ENV["GNOME_KEYRING_SOCKET"] /tmp/keyring-NWn0ho/socket _ENV["SSH_AUTH_SOCK"] /tmp/ssh-exNc2160/agent.2160 _ENV["KDEDIR"] /usr _ENV["SESSION_MANAGER"] local/servit.savages.net:/tmp/.ICE-unix/2160 _ENV["MAIL"] /var/spool/mail/savages _ENV["DESKTOP_SESSION"] default _ENV["PATH"] /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin _ENV["INPUTRC"] /etc/inputrc _ENV["PWD"] /etc/httpd/conf _ENV["LANG"] en_US.UTF-8 _ENV["GDMSESSION"] default _ENV["SSH_ASKPASS"] /usr/libexec/openssh/gnome-ssh-askpass _ENV["HOME"] /root _ENV["SHLVL"] 4 _ENV["GNOME_DESKTOP_SESSION_ID"] Default _ENV["LOGNAME"] savages _ENV["LESSOPEN"] |/usr/bin/lesspipe.sh %s _ENV["DISPLAY"] :0.0 _ENV["G_BROKEN_FILENAMES"] 1 _ENV["COLORTERM"] gnome-terminal _ENV["XAUTHORITY"] /root/.xauthTKgpHT _ENV["_"] /sbin/initlog |
|
From: Jim W. <spi...@us...> - 2004-09-03 14:52:22
|
Shaun Murray said: > > On 3 Sep 2004, at 14:29, Jim Wilson wrote: > > > > Hmmmm...it just occurred to me that we could parse and remove > > "module=" (like > > an obscene word). > > > > If we did, then users wouldn't be able to create links or images that > included module=, so no links to stuff on your own site or to other > phpwebsite sites as well as quite possibly on other CMS systems that > have module= in the url. > Oh right...but of course such links are a potential security issue since a low tech admin could unknowingly click on a posted link that executes something bad. This might be the worse of two evils decision for some installations. Maybe parsing for a list of the op values (e.g. "=delete") would be better. Best, Jim |
|
From: Matthew M. <ma...@tu...> - 2004-09-03 13:57:34
|
On Fri, 2004-09-03 at 09:47, Shaun Murray wrote: > Does this mean the PEAR HTML_BBCodeParser needs changing or are the > security changes to go into phpwebsite enough? They should be enough. The image tag clean up happens after the bb tags are translated into html. -- Matthew McNaney Internet Systems Architect Electronic Student Services Appalachian State University Phone: 828-262-6493 http://phpwebsite.appstate.edu http://ess.appstate.edu |
|
From: Shaun M. <sh...@ae...> - 2004-09-03 13:50:16
|
On 3 Sep 2004, at 14:29, Jim Wilson wrote: > > Hmmmm...it just occurred to me that we could parse and remove > "module=" (like > an obscene word). > If we did, then users wouldn't be able to create links or images that included module=, so no links to stuff on your own site or to other phpwebsite sites as well as quite possibly on other CMS systems that have module= in the url. Shaun aegis design - http://www.aegisdesign.co.uk |
|
From: Shaun M. <sh...@ae...> - 2004-09-03 13:47:16
|
On 3 Sep 2004, at 12:54, Matthew McNaney wrote: >> we can lock out all html tags from normal users leaving them just >> with BBCode? That would solve a great many of these types of security >> issues. > > Quick note: the hack works with BBCode as well > [img]index.php?module=users&doevil=1[/img] Oh well, there goes that plan. Does this mean the PEAR HTML_BBCodeParser needs changing or are the security changes to go into phpwebsite enough? In the meantime, In /conf/BBCodeParser.ini filters = Basic,Extended,Links,Images,Lists,Email needs to change to filters = Basic,Extended,Links,Lists,Email to block out image [img] tags. Shaun aegis design - http://www.aegisdesign.co.uk |
|
From: Jim W. <spi...@us...> - 2004-09-03 13:29:34
|
Matthew McNaney said: > > we can lock out all html tags from normal users leaving them just > > with BBCode? That would solve a great many of these types of security > > issues. > > Quick note: the hack works with BBCode as well > [img]index.php?module=users&doevil=1[/img] > Hmmmm...it just occurred to me that we could parse and remove "module=" (like an obscene word). Best, Jim |
|
From: Matthew M. <ma...@tu...> - 2004-09-03 11:57:21
|
> we can lock out all html tags from normal users leaving them just > with BBCode? That would solve a great many of these types of security > issues. Quick note: the hack works with BBCode as well [img]index.php?module=users&doevil=1[/img] -- Matthew McNaney Internet Systems Architect Electronic Student Services Appalachian State University Phone: 828-262-6493 http://phpwebsite.appstate.edu http://ess.appstate.edu |
|
From: Shaun M. <sh...@ae...> - 2004-09-02 22:04:45
|
On 2 Sep 2004, at 18:00, Matthew McNaney wrote: >> On the surface it doesn't seem like there would be a quick fix to >> solve this >> issue, but I would strongly recommend that individual users make >> edits to >> certain files in order to avoid or limit defacement. > > Another easy "fix" is to remove the <img> tag from your allow_tags > setting in textSettings.php Slightly limiting perhaps. ;-) How about getting that two level textSettings hack Eloi? did in to the code asap so that at least admins can use the full complement of tags and we can lock out all html tags from normal users leaving them just with BBCode? That would solve a great many of these types of security issues. Shaun aegis design - http://www.aegisdesign.co.uk |
|
From: Matthew M. <ma...@tu...> - 2004-09-02 17:03:31
|
> On the surface it doesn't seem like there would be a quick fix to solve this > issue, but I would strongly recommend that individual users make edits to > certain files in order to avoid or limit defacement. Another easy "fix" is to remove the <img> tag from your allow_tags setting in textSettings.php -- Matthew McNaney Internet Systems Architect Electronic Student Services Appalachian State University Phone: 828-262-6493 http://phpwebsite.appstate.edu http://ess.appstate.edu |
|
From: Jim W. <spi...@us...> - 2004-09-02 16:30:11
|
Ummm... scratch that. I see it was a bug. :-) Best, Jim Wilson Jim Wilson said: > Hi Daniel, > > Unfortunately I can't answer this, but you might want to be more specific > about where (in which module) you are seeing the breaks. Also, check the > templates for the module(s) where you are seeing the problem. In a few cases > I've seen hard coded <br /> tags in the module templates and while this might > be what the template designer wanted, it often isn't appropriate. > > Best, > > Jim Wilson > > Daniel Winter said: > > > I have this option turned off: > > > > // Set to TRUE to convert newline characters to html breaks > > $add_breaks = FALSE; > > > > But yet it is still adding <br />... They are not stored like this in the > > DB, just added on output, I'm very confused! What's happening? > > > > Daniel > > -- Jim Wilson - IT Manager Kelco Industries PO Box 160 58 Main Street Milbridge, ME 04658 207-546-7989 - FAX 207-546-2791 http://www.kelcomaine.com |
|
From: Jim W. <spi...@us...> - 2004-09-02 16:17:51
|
Hi Daniel, Unfortunately I can't answer this, but you might want to be more specific about where (in which module) you are seeing the breaks. Also, check the templates for the module(s) where you are seeing the problem. In a few cases I've seen hard coded <br /> tags in the module templates and while this might be what the template designer wanted, it often isn't appropriate. Best, Jim Wilson Daniel Winter said: > I have this option turned off: > > // Set to TRUE to convert newline characters to html breaks > $add_breaks = FALSE; > > But yet it is still adding <br />... They are not stored like this in the > DB, just added on output, I'm very confused! What's happening? > > Daniel |
|
From: Jim W. <spi...@us...> - 2004-09-02 16:14:56
|
Matthew McNaney said: > Here are the details for the what the security patches fix: > > http://www.gulftech.org/?node=research&article_id=00048-08312004 > > Special thanks to Steven. He became the best hacker there is at foiling > my security checks and he was quick to fix module issues. > > I will also explain what James is referring to in his conclusion. > > 0.9.4 will have an authentication key for each user. When you log in, > the key is created from scratch and placed into your session. Thank you for the update. This should work fine, but existing users have a serious problem that they should address in the mentioned RFC 2616 problems. On the surface it doesn't seem like there would be a quick fix to solve this issue, but I would strongly recommend that individual users make edits to certain files in order to avoid or limit defacement. As far as I can tell, this requires disabling some functions for the time being. Below are some notes on how to do this. I've listed the module files and the functions that individuals may want to disable. At the very least one should look very closely at the "users" module functions. The disabled functions could be performed by administering the mod_users tables with a database admin tool. It would be helpful to get feedback on these ideas, or perhaps alternative solutions. For many users waiting for the next release might be too risky. Thanks, Jim Wilson Disable the following functions in the following files. Look for statements like 'case "deleteforum"; and either mangle the command name text (e.g. change "deleteforum" to "zadaweb-was-deleteforum") or comment out the case statement and code following down to the break; statement: mod/users/index.php annointUser castoutUser turnOnAdmin turnOffAdmin deleteGroup deleteUser mod/phpwsbb/class/Manager.php deleteForum deletemessage banusername unbanusername mod/photoalbum/class/Album.php delete mod/pagemaster/index.php delete_page |
|
From: Matthew M. <ma...@tu...> - 2004-09-02 14:38:03
|
Here are the details for the what the security patches fix: http://www.gulftech.org/?node=research&article_id=00048-08312004 Special thanks to Steven. He became the best hacker there is at foiling my security checks and he was quick to fix module issues. I will also explain what James is referring to in his conclusion. 0.9.4 will have an authentication key for each user. When you log in, the key is created from scratch and placed into your session. As you move through the site, the key may be accessed for authorization. For example, say you are an administrator and you click on an Edit link. The authorization key will be added to that Edit link. When you arrive at your destination, your key and the link key will be compared. If they do not match, you are denied access. This key will also automatically be included in form submissions. What this prevents are hacks that embed code. For example, the <img> tag code would be rendered useless because the hacker would be unable to know what your key is going to be when you log in. 0.9.4 also has a security logging feature. If user tries to circumvent phpwebsite's security, it will log their username (if they are logged in), their ip address, what page the attempt came from (if there is a referrer page), and what time the attempt came. Unrelated news: I will attempt to put a working copy of 0.9.4 on the web soon. It is still in alpha status but it will allow me to get better feedback on its operation. -- Matthew McNaney Internet Systems Architect Electronic Student Services Appalachian State University Phone: 828-262-6493 http://phpwebsite.appstate.edu http://ess.appstate.edu |
5 messages has been excluded from this view by a project administrator.
