I am currently trying to set up refbase. I am a new user not very used to php (my primary language is java), but I am giving a hand to persons who don't understand computer science and yet need refbase.
I came today across this issue, which led me to constat that the $HeaderString is too much encoded. I had to edit a file (see below) to get it working.
Could someone review it and tell me if it was the right thing to do?
Thanks
This is broken in the SVN bleeding edge branch. In the current implementation, $HeaderString is user-modifiable, so it must be escaped for security. The short-term fix would be to remove the RSS/history links. This reduces functionality slightly, but these features are not heavily used. The longer term fix may be to reimplement that function to securely restore that functionality, but we've not decided whether they're worth brining back.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the quick reply. Actually I had to use the bleeding edge branch because the current release don't seem to be compatible with any recent MySQL database I have tested. Aside from replacing TYPE=MyISAM by ENGINE=MyISAM which got the setup working, I also had problems with the search engine who was not working at all. The SQL query was the only one working. This is why I tried with bleeding edge.
Do you think there will be a release for 0.9.7 anytime soon? It has been more than two years and half since last release..
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I am currently trying to set up refbase. I am a new user not very used to php (my primary language is java), but I am giving a hand to persons who don't understand computer science and yet need refbase.
I came today across this issue, which led me to constat that the $HeaderString is too much encoded. I had to edit a file (see below) to get it working.
Could someone review it and tell me if it was the right thing to do?
Thanks
This is broken in the SVN bleeding edge branch. In the current implementation, $HeaderString is user-modifiable, so it must be escaped for security. The short-term fix would be to remove the RSS/history links. This reduces functionality slightly, but these features are not heavily used. The longer term fix may be to reimplement that function to securely restore that functionality, but we've not decided whether they're worth brining back.
Thanks for the quick reply. Actually I had to use the bleeding edge branch because the current release don't seem to be compatible with any recent MySQL database I have tested. Aside from replacing TYPE=MyISAM by ENGINE=MyISAM which got the setup working, I also had problems with the search engine who was not working at all. The SQL query was the only one working. This is why I tried with bleeding edge.
Do you think there will be a release for 0.9.7 anytime soon? It has been more than two years and half since last release..