General ⇒ Announcements ⇒ 9.3.4.1 Bug fix release ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexAnnouncements

9.3.4.1 Bug fix release Reply to topic


Several issues fixed caused by the security fix.

Reference dragonflycms.org/Forum...67/#156567

Diffs from 9.3.4.0:
code.google.com/p/drag...9918953ce5

code.google.com/p/drag...60b54eb85e

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS

Last edited by NanoCaiordo on Wed Nov 13, 2013 3:24 pm; edited 2 times in total


Ok did those, and specifically this.

$cat = isset($_POST['cat']) ? $_POST['cat'] : isset($_GET['cat']) ? $_GET['cat'] : 0; $cat = 'mine' === $cat ? USER_ID+FIRST_USER_CAT : (is_numeric($cat) ? intval($cat) : null);

still no "mine" link it seems.

www.junglewraiths.net/...p;cat=mine

still just goes to gallery main page.

its no biggy, as thats not a link we had before anyhow.

I also updated our DB to say 9.3.4.1 but am still being nagged to update?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


Added new diff to my first post:
code.google.com/p/drag...60b54eb85e

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Thanks Nano, as always, you have nailed it! Smile

BTW I tried updating cms.init, but after adding the file we get stuck in Maintenance Mode.

Any thoughts how we can trick DF into realising its up to date?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


Revert CPG_NUKE in cmsinit.inc to what db.cms_config_custom.general.Version_Num says

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Thats perfect, thanks. Smile

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


sry i use an old revision
please delete this post





thanks nano

on some sites the init.inc diff changes

make the overview of the gallery not to show up

a quick fix solve my problem
after the diff changes i insert this:

if (!isset($_GET['cat']))
$cat = isset($_POST['cat']) ? $_POST['cat'] : isset($_GET['cat']) ? intval($_GET['cat']) : 0;

.: USE THE FORCE :.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


NanoCaiordo wrote
Revert CPG_NUKE in cmsinit.inc to what db.cms_config_custom.general.Version_Num says


Where would I find db.cms_config_custom.general.Version_Num?

I just did a fresh install, and it's saying that it is not updated. Sad And I *just* downloaded the last updated install from the downloads and unzipped it - so it's as updated as it is able to be as far as I know. Nothing has been added to this, as it's not a live site, so it is as bare-bones as you can get as it's brand new.

Just changing the updating cmsinit.inc file gets me stuck in Maintenance Mode.


cmsinit.inc :

admin edit: don't post files inline

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
[ Linux / Apache 2.2.8 / MySQL 5.0.45 / PHP 5.2.6 / CPG 8.2b - 9.3.4.1]


Also, my init.inc in includes/coppermine shows this:

# GET INTs if (!empty($_GET['aid'])) $_GET['aid'] = intval($_GET['aid']); if (!empty($_GET['album'])) $_GET['album'] = intval($_GET['album']); if (!empty($_GET['count'])) $_GET['count'] = intval($_GET['count']); if (!empty($_GET['id'])) $_GET['id'] = intval($_GET['id']); if (!empty($_GET['member_id']))$_GET['member_id']=intval($_GET['member_id']); if (!empty($_GET['page'])) $_GET['page'] = intval($_GET['page']); if (!empty($_GET['pid'])) $_GET['pid'] = intval($_GET['pid']); if (!empty($_GET['pos'])) $_GET['pos'] = intval($_GET['pos']); if (!empty($_GET['rate'])) $_GET['rate'] = intval($_GET['rate']); if (!empty($_GET['size'])) $_GET['size'] = intval($_GET['size']); if (!empty($_GET['slideshow']))$_GET['slideshow']=intval($_GET['slideshow']); if (!empty($_GET['start'])) $_GET['start'] = intval($_GET['start']); if (!empty($_GET['uid'])) $_GET['uid'] = intval($_GET['uid']); if (!empty($_GET['user_id'])) $_GET['user_id'] = intval($_GET['user_id']); # GET PREGs if (!empty($_GET['event'])&& !preg_match('#^[a-z_]+$#', $_GET['event']))$_GET['event'] = null; if (!empty($_GET['meta']) && !preg_match('#^[a-z]+$#', $_GET['meta'])) $_GET['meta'] = null; if (!empty($_GET['mode']) && !preg_match('#^[a-z]+$#', $_GET['mode'])) $_GET['mode'] = null; if (!empty($_GET['opp']) && !preg_match('#^[a-z]+$#', $_GET['opp'])) $_GET['opp'] = null; if (!empty($_GET['sort']) && !preg_match('#^[a-z]{2}$#',$_GET['sort'])) $_GET['sort'] = null; if (!empty($_GET['type']) && !preg_match('#^[a-z]+$#', $_GET['type'])) $_GET['type'] = null; if (!empty($_GET['what']) && !preg_match('#^[a-z]+$#', $_GET['what'])) $_GET['what'] = null; # GET STRs if (!empty($_GET['picfile']) && false !== strpos($_GET['picfile'], '..')) $_GET['picfile'] = null; if (!empty($_GET['startdir'])&& false !== strpos($_GET['startdir'], '..'))$_GET['startdir'] = null; # POST INTs if (!empty($_POST['aid'])) $_POST['aid'] = intval($_POST['aid']); if (!empty($_POST['album'])) $_POST['album'] = intval($_POST['album']); if (!empty($_POST['category']))$_POST['category']=intval($_POST['category']); if (!empty($_POST['cid'])) $_POST['cid'] = intval($_POST['cid']); if (!empty($_POST['cid1'])) $_POST['cid1'] = intval($_POST['cid1']); if (!empty($_POST['cid2'])) $_POST['cid2'] = intval($_POST['cid2']); if (!empty($_POST['id'])) $_POST['id'] = intval($_POST['id']); if (!empty($_POST['page'])) $_POST['page'] = intval($_POST['page']); if (!empty($_POST['pid'])) $_POST['pid'] = intval($_POST['pid']); if (!empty($_POST['pos'])) $_POST['pos'] = intval($_POST['pos']); if (!empty($_POST['user_id'])) $_POST['user_id'] = intval($_POST['user_id']);


instead of:

... 146 146 147 147 # GET INTs 148 148 if (isset($_GET['album'])) $_GET['album'] = intval($_GET['album']); 149 - if (isset($_GET['cat'])) $_GET['cat'] = intval($_GET['cat']); 150 149 if (isset($_GET['pos'])) $_GET['pos'] = intval($_GET['pos']); 151 150 if (isset($_GET['pid'])) $_GET['pid'] = intval($_GET['pid']); 152 151 if (!empty($_GET['aid'])) $_GET['aid'] = intval($_GET['aid']); ... 174 173 175 174 # POST INTs 176 175 if (isset($_POST['album'])) $_POST['album'] = intval($_POST['album']); 177 - if (isset($_POST['cat'])) $_POST['cat'] = intval($_POST['cat']); 178 176 if (isset($_POST['pos'])) $_POST['pos'] = intval($_POST['pos']); 179 177 if (!empty($_POST['aid'])) $_POST['aid'] = intval($_POST['aid']); 180 178 if (!empty($_POST['category']))$_POST['category']= intval($_POST['category']); ...


ALL mine say "if (!empty(" and not "if (isset(" plus it is missing the cat line ... so I am wondering if the first download isn't the most recent version maybe?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
[ Linux / Apache 2.2.8 / MySQL 5.0.45 / PHP 5.2.6 / CPG 8.2b - 9.3.4.1]


Where would I find db.cms_config_custom.general.Version_Num?

is displayed as your version in the admin panel I think, if not browse your database with phpmyadmin to see what it says.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0

All times are UTC


Jump to: