General ⇒ Announcements ⇒ 9.3.4.1 Bug fix release ⇒ Community Forums ⇒ CPG Dragonfly™ CMS

9.3.4.1 Bug fix release Reply to topic

NanoCaiordo Offline Joined: Jun 29, 2004 Posts: 4308 Location: Italy 0 👍 / 0 👎	Wed Jan 02, 2013 5:39 am Several issues fixed caused by the security fix. Reference dragonflycms.org/Forum...67/#156567 Diffs from 9.3.4.0: code.google.com/p/drag...9918953ce5 code.google.com/p/drag...60b54eb85e .:: I met php the 03 December 2003 :: Unforgettable day! ::. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS Last edited by NanoCaiordo on Wed Nov 13, 2013 3:24 pm; edited 2 times in total
Kinsman Offline Joined: May 29, 2006 Posts: 477 Location: Australia 0 👍 / 0 👎	Wed Jan 02, 2013 12:28 pm Ok did those, and specifically this. `$cat = isset($_POST['cat']) ? $_POST['cat'] : isset($_GET['cat']) ? $_GET['cat'] : 0; $cat = 'mine' === $cat ? USER_ID+FIRST_USER_CAT : (is_numeric($cat) ? intval($cat) : null);` still no "mine" link it seems. www.junglewraiths.net/...p;cat=mine still just goes to gallery main page. its no biggy, as thats not a link we had before anyhow. I also updated our DB to say 9.3.4.1 but am still being nagged to update? Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): 2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0
NanoCaiordo Offline Joined: Jun 29, 2004 Posts: 4308 Location: Italy 0 👍 / 0 👎	Wed Jan 02, 2013 8:58 pm Added new diff to my first post: code.google.com/p/drag...60b54eb85e .:: I met php the 03 December 2003 :: Unforgettable day! ::. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS
Kinsman Offline Joined: May 29, 2006 Posts: 477 Location: Australia 0 👍 / 0 👎	Thu Jan 03, 2013 3:32 am Thanks Nano, as always, you have nailed it! BTW I tried updating cms.init, but after adding the file we get stuck in Maintenance Mode. Any thoughts how we can trick DF into realising its up to date? Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): 2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0
NanoCaiordo Offline Joined: Jun 29, 2004 Posts: 4308 Location: Italy 0 👍 / 0 👎	Thu Jan 03, 2013 4:08 am Revert CPG_NUKE in cmsinit.inc to what db.cms_config_custom.general.Version_Num says .:: I met php the 03 December 2003 :: Unforgettable day! ::. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS
Kinsman Offline Joined: May 29, 2006 Posts: 477 Location: Australia 0 👍 / 0 👎	Thu Jan 03, 2013 6:00 am Thats perfect, thanks. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): 2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0
Ertan Offline Joined: Apr 21, 2004 Posts: 105 Location: Germany 0 👍 / 0 👎	Tue Jan 15, 2013 1:59 pm sry i use an old revision please delete this post thanks nano on some sites the init.inc diff changes make the overview of the gallery not to show up a quick fix solve my problem after the diff changes i insert this: if (!isset($_GET['cat'])) $cat = isset($_POST['cat']) ? $_POST['cat'] : isset($_GET['cat']) ? intval($_GET['cat']) : 0; .: USE THE FORCE :. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
alyssa Offline Joined: Nov 15, 2004 Posts: 872 0 👍 / 0 👎	Wed Jul 24, 2013 10:36 pm NanoCaiordo wrote Revert CPG_NUKE in cmsinit.inc to what db.cms_config_custom.general.Version_Num says Where would I find db.cms_config_custom.general.Version_Num? I just did a fresh install, and it's saying that it is not updated. And I just downloaded the last updated install from the downloads and unzipped it - so it's as updated as it is able to be as far as I know. Nothing has been added to this, as it's not a live site, so it is as bare-bones as you can get as it's brand new. Just changing the updating cmsinit.inc file gets me stuck in Maintenance Mode. cmsinit.inc : `admin edit: don't post files inline` Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): [ Linux / Apache 2.2.8 / MySQL 5.0.45 / PHP 5.2.6 / CPG 8.2b - 9.3.4.1]
alyssa Offline Joined: Nov 15, 2004 Posts: 872 0 👍 / 0 👎	Wed Jul 24, 2013 10:53 pm Also, my init.inc in includes/coppermine shows this: # GET INTs if (!empty($_GET['aid'])) $_GET['aid'] = intval($_GET['aid']); if (!empty($_GET['album'])) $_GET['album'] = intval($_GET['album']); if (!empty($_GET['count'])) $_GET['count'] = intval($_GET['count']); if (!empty($_GET['id'])) $_GET['id'] = intval($_GET['id']); if (!empty($_GET['member_id']))$_GET['member_id']=intval($_GET['member_id']); if (!empty($_GET['page'])) $_GET['page'] = intval($_GET['page']); if (!empty($_GET['pid'])) $_GET['pid'] = intval($_GET['pid']); if (!empty($_GET['pos'])) $_GET['pos'] = intval($_GET['pos']); if (!empty($_GET['rate'])) $_GET['rate'] = intval($_GET['rate']); if (!empty($_GET['size'])) $_GET['size'] = intval($_GET['size']); if (!empty($_GET['slideshow']))$_GET['slideshow']=intval($_GET['slideshow']); if (!empty($_GET['start'])) $_GET['start'] = intval($_GET['start']); if (!empty($_GET['uid'])) $_GET['uid'] = intval($_GET['uid']); if (!empty($_GET['user_id'])) $_GET['user_id'] = intval($_GET['user_id']); # GET PREGs if (!empty($_GET['event'])&& !preg_match('#^[a-z_]+$#', $_GET['event']))$_GET['event'] = null; if (!empty($_GET['meta']) && !preg_match('#^[a-z]+$#', $_GET['meta'])) $_GET['meta'] = null; if (!empty($_GET['mode']) && !preg_match('#^[a-z]+$#', $_GET['mode'])) $_GET['mode'] = null; if (!empty($_GET['opp']) && !preg_match('#^[a-z]+$#', $_GET['opp'])) $_GET['opp'] = null; if (!empty($_GET['sort']) && !preg_match('#^[a-z]{2}$#',$_GET['sort'])) $_GET['sort'] = null; if (!empty($_GET['type']) && !preg_match('#^[a-z]+$#', $_GET['type'])) $_GET['type'] = null; if (!empty($_GET['what']) && !preg_match('#^[a-z]+$#', $_GET['what'])) $_GET['what'] = null; # GET STRs if (!empty($_GET['picfile']) && false !== strpos($_GET['picfile'], '..')) $_GET['picfile'] = null; if (!empty($_GET['startdir'])&& false !== strpos($_GET['startdir'], '..'))$_GET['startdir'] = null; # POST INTs if (!empty($_POST['aid'])) $_POST['aid'] = intval($_POST['aid']); if (!empty($_POST['album'])) $_POST['album'] = intval($_POST['album']); if (!empty($_POST['category']))$_POST['category']=intval($_POST['category']); if (!empty($_POST['cid'])) $_POST['cid'] = intval($_POST['cid']); if (!empty($_POST['cid1'])) $_POST['cid1'] = intval($_POST['cid1']); if (!empty($_POST['cid2'])) $_POST['cid2'] = intval($_POST['cid2']); if (!empty($_POST['id'])) $_POST['id'] = intval($_POST['id']); if (!empty($_POST['page'])) $_POST['page'] = intval($_POST['page']); if (!empty($_POST['pid'])) $_POST['pid'] = intval($_POST['pid']); if (!empty($_POST['pos'])) $_POST['pos'] = intval($_POST['pos']); if (!empty($_POST['user_id'])) $_POST['user_id'] = intval($_POST['user_id']); instead of: ... 146 146 147 147 # GET INTs 148 148 if (isset($_GET['album'])) $_GET['album'] = intval($_GET['album']); 149 - if (isset($_GET['cat'])) $_GET['cat'] = intval($_GET['cat']); 150 149 if (isset($_GET['pos'])) $_GET['pos'] = intval($_GET['pos']); 151 150 if (isset($_GET['pid'])) $_GET['pid'] = intval($_GET['pid']); 152 151 if (!empty($_GET['aid'])) $_GET['aid'] = intval($_GET['aid']); ... 174 173 175 174 # POST INTs 176 175 if (isset($_POST['album'])) $_POST['album'] = intval($_POST['album']); 177 - if (isset($_POST['cat'])) $_POST['cat'] = intval($_POST['cat']); 178 176 if (isset($_POST['pos'])) $_POST['pos'] = intval($_POST['pos']); 179 177 if (!empty($_POST['aid'])) $_POST['aid'] = intval($_POST['aid']); 180 178 if (!empty($_POST['category']))$_POST['category']= intval($_POST['category']); ... ALL mine say "if (!empty(" and not "if (isset(" plus it is missing the cat line ... so I am wondering if the first download isn't the most recent version maybe? Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): [ Linux / Apache 2.2.8 / MySQL 5.0.45 / PHP 5.2.6 / CPG 8.2b - 9.3.4.1]
Kinsman Offline Joined: May 29, 2006 Posts: 477 Location: Australia 0 👍 / 0 👎	Thu Jul 25, 2013 1:40 am Where would I find db.cms_config_custom.general.Version_Num? is displayed as your version in the admin panel I think, if not browse your database with phpmyadmin to see what it says. Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS): 2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0
All times are UTC Post new topic Reply to topic Forum Index ⇒ Announcements Page 1 of 1