#2684 File ajax.php is broken

Security_Hole
closed-out-of-date
5
2015-02-17
2012-07-06
Anonymous
No

Yesterday Thursday the 5 of July 2012 I downloaded the latest production version of WebCalendar (WebCalendar-1.2.5.zip).
When installed the website worked fine until I tried to add a new user.
The original code (which is commented out below in the code extract below) produced the following error on Firefox.

ERROR MESSAGE
<br />
<b>Fatal error</b>: Call to undefined function require_valide_referring_url() in <b>/home/..../webcalendar/ajax.php</b> on line <b>8</b><br />

The code extract below shows the first 48 lines of ajax.php after I modified it to overcome my problem.
The original code is preserved commented out and my one line addition is also commented.
As I understand the problem the function "require_valide_referring_url ()" is being called before the file
'includes/functions.php' is included.
Every other ocassion where the the function "require_valide_referring_url ()" is called has the command "include_once 'includes/init.php';" immediately before the function call.
The second block of code which I commented contains commands that are available in the file 'includes/init.php.'.
Not being one of the developers I do not know if this modification will have a negative effect somewhere else.

<?php
/* $Id: ajax.php,v 1.16.2.8 2012/02/28 02:07:45 cknudsen Exp $
*
* Description
* Description
* This is the handler for Ajax httpXmlRequests.
*/
/*---------------------------------------------------
| DEBUG: 06-July-2012 Edward Crookes
| It seems to me that this code is entirely in
| includes/init.php
|
require_once 'includes/classes/WebCalendar.class';
|
| END of DEBUG code suppression
\---------------------------------------------------*/
/*---------------------------------------------------
| CORRECTION: Added by Edward Crookes 06 July 2012
|
include_once 'includes/init.php';
|
| END of CORRECTION
\---------------------------------------------------*/
require_valide_referring_url ();
/*---------------------------------------------------
| DEBUG: 06-July-2012 Edward Crookes
| It seems to me that this code is entirely in
| includes/init.php
|
$WebCalendar = new WebCalendar ( __FILE__ );

include 'includes/translate.php';
include 'includes/config.php';
include 'includes/dbi4php.php';
include 'includes/formvars.php';
include 'includes/functions.php';

$WebCalendar->initializeFirstPhase ();

include 'includes/' . $user_inc;
include 'includes/access.php';
include 'includes/validate.php';

$WebCalendar->initializeSecondPhase ();
|
| END of DEBUG code suppression
\---------------------------------------------------*/

load_global_settings ();
load_user_preferences ();
$WebCalendar->setLanguage ();

$cat_id = getValue ( 'cat_id', '-?[0-9,\-]*', true );
$name = getPostValue ( 'name' );
$page = getPostValue ( 'page' );

// We're processing edit_remotes Calendar ID field.

==========================================================
Report Bug
Please include all the information below when reporting a bug. Also, please use English rather than English-US.
System Settings
PROGRAM_NAME: WebCalendar v1.2.5 (29 Feb 2012)
SERVER_SOFTWARE: Apache
Web Browser: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1
PHP Version: 5.3.8
Default Encoding:
db_type: sqlite
readonly: N
single_user: N
single_user_login:
use_http_auth: N
user_inc: user.php
ADD_LINK_IN_VIEWS: N
ADMIN_OVERRIDE_UAC: Y
ALLOW_ATTACH: N
ALLOW_ATTACH_ANY: N
ALLOW_ATTACH_PART: N
ALLOW_COLOR_CUSTOMIZATION: Y
ALLOW_COMMENTS: N
ALLOW_COMMENTS_ANY: N
ALLOW_COMMENTS_PART: N
ALLOW_CONFLICTS: N
ALLOW_CONFLICT_OVERRIDE: Y
ALLOW_EXTERNAL_HEADER: N
ALLOW_EXTERNAL_USERS: N
ALLOW_HTML_DESCRIPTION: Y
ALLOW_SELF_REGISTRATION: N
ALLOW_USER_HEADER: N
ALLOW_USER_THEMES: Y
ALLOW_VIEW_OTHER: Y
APPLICATION_NAME: Title
APPROVE_ASSISTANT_EVENT: Y
AUTO_REFRESH: N
AUTO_REFRESH_TIME: 0
BGCOLOR: #FFFFFF
BGREPEAT: repeat fixed center
BOLD_DAYS_IN_YEAR: Y
CAPTIONS: #B04040
CATEGORIES_ENABLED: Y
CELLBG: #C0C0C0
CONFLICT_REPEAT_MONTHS: 6
CUSTOM_HEADER: N
CUSTOM_SCRIPT: N
CUSTOM_TRAILER: N
DATE_FORMAT: LANGUAGE_DEFINED
DATE_FORMAT_MD: LANGUAGE_DEFINED
DATE_FORMAT_MY: LANGUAGE_DEFINED
DATE_FORMAT_TASK: LANGUAGE_DEFINED
DEMO_MODE: N
DISABLE_ACCESS_FIELD: N
DISABLE_CROSSDAY_EVENTS: N
DISABLE_LOCATION_FIELD: N
DISABLE_PARTICIPANTS_FIELD: N
DISABLE_POPUPS: N
DISABLE_PRIORITY_FIELD: N
DISABLE_REMINDER_FIELD: N
DISABLE_REPEATING_FIELD: N
DISABLE_URL_FIELD: Y
DISPLAY_ALL_DAYS_IN_MONTH: N
DISPLAY_CREATED_BYPROXY: Y
DISPLAY_DESC_PRINT_DAY: Y
DISPLAY_END_TIMES: N
DISPLAY_LOCATION: N
DISPLAY_LONG_DAYS: N
DISPLAY_MINUTES: N
DISPLAY_MOON_PHASES: N
DISPLAY_SM_MONTH: Y
DISPLAY_TASKS: N
DISPLAY_TASKS_IN_GRID: N
DISPLAY_UNAPPROVED: Y
DISPLAY_WEEKENDS: Y
DISPLAY_WEEKNUMBER: Y
EMAIL_ASSISTANT_EVENTS: Y
EMAIL_EVENT_ADDED: Y
EMAIL_EVENT_CREATE: N
EMAIL_EVENT_DELETED: Y
EMAIL_EVENT_REJECTED: Y
EMAIL_EVENT_UPDATED: Y
EMAIL_FALLBACK_FROM: youremailhere
EMAIL_HTML: N
EMAIL_MAILER: mail
EMAIL_REMINDER: Y
ENABLE_CAPTCHA: N
ENABLE_GRADIENTS: N
ENABLE_ICON_UPLOADS: N
ENTRY_SLOTS: 144
EXTERNAL_NOTIFICATIONS: N
EXTERNAL_REMINDERS: N
FONTS: Arial, Helvetica, sans-serif
FREEBUSY_ENABLED: N
GENERAL_USE_GMT: Y
GROUPS_ENABLED: N
H2COLOR: #000000
HASEVENTSBG: #FFFF33
IMPORT_CATEGORIES: Y
LANGUAGE: none
LIMIT_APPTS: N
LIMIT_APPTS_NUMBER: 6
LIMIT_DESCRIPTION_SIZE: N
MENU_DATE_TOP: Y
MENU_ENABLED: Y
MENU_THEME: default
MYEVENTS: #006000
NONUSER_AT_TOP: Y
NONUSER_ENABLED: Y
OTHERMONTHBG: #D0D0D0
OVERRIDE_PUBLIC: N
OVERRIDE_PUBLIC_TEXT: Not available
PARTICIPANTS_IN_POPUP: N
PLUGINS_ENABLED: N
POPUP_BG: #FFFFFF
POPUP_FG: #000000
PUBLIC_ACCESS: Y
PUBLIC_ACCESS_ADD_NEEDS_APPROVAL: N
PUBLIC_ACCESS_CAN_ADD: N
PUBLIC_ACCESS_DEFAULT_SELECTED: Y
PUBLIC_ACCESS_DEFAULT_VISIBLE: Y
PUBLIC_ACCESS_OTHERS: Y
PUBLIC_ACCESS_VIEW_PART: N
PUBLISH_ENABLED: Y
PULLDOWN_WEEKNUMBER: N
REMEMBER_LAST_LOGIN: N
REMINDER_DEFAULT: N
REMINDER_OFFSET: 240
REMINDER_WITH_DATE: N
REMOTES_ENABLED: Y
REPORTS_ENABLED: N
REQUIRE_APPROVALS: Y
RSS_ENABLED: N
SELF_REGISTRATION_BLACKLIST: N
SELF_REGISTRATION_FULL: Y
SEND_EMAIL: N
SERVER_TIMEZONE: America/New_York
SERVER_URL: http://doggies-best.de/webcalendar/
SITE_EXTRAS_IN_POPUP: N
SMTP_AUTH: N
SMTP_HOST: localhost
SMTP_PORT: 25
STARTVIEW: month.php
SUMMARY_LENGTH: 80
TABLEBG: #000000
TEXTCOLOR: #000000
THBG: #FFFFFF
THEME: none
THFG: #000000
TIMED_EVT_LEN: D
TIMEZONE: America/New_York
TIME_FORMAT: 12
TIME_SLOTS: 24
TIME_SPACER: »
TODAYCELLBG: #FFFF33
UAC_ENABLED: N
UPCOMING_ALLOW_OVR: N
UPCOMING_DISPLAY_CAT_ICONS: Y
UPCOMING_DISPLAY_LAYERS: N
UPCOMING_DISPLAY_LINKS: Y
UPCOMING_DISPLAY_POPUPS: Y
UPCOMING_EVENTS: N
USER_PUBLISH_ENABLED: Y
USER_PUBLISH_RW_ENABLED: Y
USER_RSS_ENABLED: N
USER_SEES_ONLY_HIS_GROUPS: Y
USER_SORT_ORDER: cal_lastname, cal_firstname
WEBCAL_PROGRAM_VERSION: v1.2.5
WEBCAL_TZ_CONVERSION: Y
WEEKENDBG: #D0D0D0
WEEKEND_START: 6
WEEKNUMBER: #FF6633
WEEK_START: 0
WORK_DAY_END_HOUR: 17
WORK_DAY_START_HOUR: 8

Discussion

  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-06

    File ajax.php as modified to overcome the problem.

     
    Last edit: Anonymous 2014-02-19
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-10

    The cause of this error appears to be due to a call being made to the function require_valide_referring_url() before the functions.php file has been imported. Moving require_valide_referring_url() below the call to functions.php resolves the problem.

     
    Last edit: Anonymous 2016-06-26
  • Craig Knudsen

    Craig Knudsen - 2012-08-22
    • status: open --> open-out-of-date
     
  • Craig Knudsen

    Craig Knudsen - 2012-08-22

    Already fixed in CVS. Will be in 1.2.6 release.

     
  • Craig Knudsen

    Craig Knudsen - 2012-08-22
    • status: open-out-of-date --> closed-out-of-date
     
  • Craig Knudsen

    Craig Knudsen - 2012-08-22

    Already fixed in CVS. Will be in 1.2.6 release.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks