058-014 - KB Injection And Minor Fixes »  Show posts from    to     

Icy Phoenix


Old Patches - 058-014 - KB Injection And Minor Fixes



Mighty Gorgon [ Mon 06 Nov, 2006 02:27 ]
Post subject: 058-014 - KB Injection And Minor Fixes
Hi all,
Knowledge Base hits again...

http://secunia.com/advisories/22177/

http://www.securityfocus.com/bid/20277/references

The BBCode issue was already solved in 058a.


You will find a cumulative patch with all old patched files here:

http://www.icyphoenix.com/dload.php?action=file&file_id=6

Included there is also another version of the portal page, which should be faster than the older.


andrea75 [ Tue 07 Nov, 2006 19:48 ]
Post subject: Re: 058 - 014 - KB Injection And Minor Fixes
Just a question.... now the portal is faster than older, but the calendar block now is not visible. It's an your choice or there is other way to insert it on portal? :0032:


Mighty Gorgon [ Wed 08 Nov, 2006 22:47 ]
Post subject: Re: 058 - 014 - KB Injection And Minor Fixes
andrea75, can you try this?

OPEN blocks_imp_calendar.php

INSERT THIS CODE INSTEAD OF THE DEFAULT ONE
Code: [Hide] [Select]
if(!function_exists(imp_calendar_block_func))
{
function imp_calendar_block_func()
{
global $phpbb_root_path, $phpEx, $template, $images, $lang, $board_config, $userdata, $_GET, $_POST, $db;
global $birthday_week_list, $birthday_today_list;
include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal.' . $phpEx);
}
}

imp_calendar_block_func();


AvrilBoi [ Thu 09 Nov, 2006 14:38 ]
Post subject: Re: 058 - 014 - KB Injection And Minor Fixes
Don't you have just the 014 patch? Because I've some modified files, and it would take so long to compare all the files included in the comulative patch with mines...it would be better to have just the patch number 14... if it is possible... thanx


TheSteffen [ Thu 09 Nov, 2006 14:55 ]
Post subject: Re: 058 - 014 - KB Injection And Minor Fixes
You can use winmerge http://sourceforge.net/projects/winmerge/ ...

It's really a good thing to compare files.


Mighty Gorgon [ Fri 10 Nov, 2006 00:40 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Added an attachment with only new files.


andrea75 [ Fri 10 Nov, 2006 09:33 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Mighty Gorgon wrote: [View Post]
andrea75, can you try this?

OPEN blocks_imp_calendar.php

INSERT THIS CODE INSTEAD OF THE DEFAULT ONE
Code: [Hide] [Select]
if(!function_exists(imp_calendar_block_func))
{
function imp_calendar_block_func()
{
global $phpbb_root_path, $phpEx, $template, $images, $lang, $board_config, $userdata, $_GET, $_POST, $db;
global $birthday_week_list, $birthday_today_list;
include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal.' . $phpEx);
}
}

imp_calendar_block_func();


The calendar is come back, but has wrong events (now shows all events, past and future) and don't shown the birthdays information

cal

But it's not true that no users has a birthday


pepi [ Sat 11 Nov, 2006 15:10 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Hi

Have the same problem with calendar


AvrilBoi [ Sun 12 Nov, 2006 22:56 ]
Post subject: Re: 058 - 014 - KB Injection And Minor Fixes
TheSteffen wrote: [View Post]
You can use winmerge http://sourceforge.net/projects/winmerge/ ...

It's really a good thing to compare files.

I know, infact i was gonna use it to compare files, but if they're too many to compare, it takes long time
Mighty Gorgon wrote: [View Post]
Added an attachment with only new files.

Thank you.


Master Sulu [ Mon 13 Nov, 2006 19:23 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
pepi wrote: [View Post]
Hi

Have the same problem with calendar


I think that the problem is in the new index.php: some parts relating to calendar and birthday are missing.

Check out with winmerge, comparing it with the original index.php.

By the way, after this huge update I have a problem with the album. When i click the medium thumb in order to show off an image in its original size, the image is not entirely loaded, but I can see only a little strip at the top. Any way to fix it??


Mighty Gorgon [ Tue 14 Nov, 2006 01:05 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
The Album problem is not related to this patch.

Try having a look here:
http://www.mightygorgon.com/viewtop...ht=memory+limit

But the same problem has been discussed even on this site.

Regarding the calendar block, can you try this block and please let me know if the block is working fine?


pepi [ Tue 14 Nov, 2006 14:37 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Hi Mighty
does not show the calender box .........
but i have no upload the index.php and bbcode.php from the KB, BBCodes and Portal Fixes
then i habe installed any mods

pepi


jocampo8 [ Wed 15 Nov, 2006 10:06 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Thnx for the Update


Zuker [ Wed 15 Nov, 2006 13:22 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
And the old patch? (de 14 released before)

We have to aplied only this patch? (i've got a test forum where i didn't put any patch)


Master Sulu [ Wed 15 Nov, 2006 14:00 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Mighty Gorgon wrote: [View Post]

You will find a cumulative patch with all old patched files here:

http://www.icyphoenix.com/dload.php?action=file&file_id=6


All patches, from #001 to #014


Zuker [ Wed 15 Nov, 2006 14:22 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
thanks


andrea75 [ Wed 15 Nov, 2006 19:04 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Mighty Gorgon wrote: [View Post]


Regarding the calendar block, can you try this block and please let me know if the block is working fine?


Another error with your files

Quote:
Warning: imp_calendar_block_func(./includes/mini_cal/mini_cal.php): failed to open stream: No such file or directory in c:hostingwebhost4lifememberumbriaforumxsblocksblocks_imp_calendar.php on line 119

Warning: imp_calendar_block_func(./includes/mini_cal/mini_cal.php): failed to open stream: No such file or directory in c:hostingwebhost4lifememberumbriaforumxsblocksblocks_imp_calendar.php on line 119

Warning: imp_calendar_block_func(): Failed opening './includes/mini_cal/mini_cal.php' for inclusion (include_path='.;c:php4pear') in c:hostingwebhost4lifememberumbriaforumxsblocksblocks_imp_calendar.php on line 119


Mighty Gorgon [ Fri 17 Nov, 2006 02:38 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
If you read the error, you will notice the reason why it is not working...

Change the path to mini_cal.php...

Anyway, I've upgraded the attachment with a new one which should work fine...


palomo2 [ Fri 17 Nov, 2006 15:03 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
thanks, finally all resolved...


babbman [ Sat 18 Nov, 2006 14:48 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Does anyone have a solution yet on the calendar showing past events? I've tried the latest bit of code from Mighty Gorgon but that just resulted in an empty calendar block.


andrea75 [ Sat 18 Nov, 2006 17:09 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
For me now works fine again. Thanks MG!


moreteavicar [ Sat 18 Nov, 2006 17:26 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Hmmm... babbman, where are you displaying the calendar block? On the left side or the right side?

If on the left, a long time ago I posted a fix on neclectic's site for minical to be displayed on the left side of portal page. As necletic's site is no longer open to non-registered users, I'll post it again here. (Original post is here).Do not bother with the snaillite section at the bottom!


moreteavicar's minical anywhere fix wrote: 

Ok, have come up with my fixes, as can be seen in my posts on snailsnource. I shall include them all here for completeness. Perhaps this should be included with minical / snailcal / importal install files!

This fix is based on using callite 1.4.7, which includes the latest version of mini_cal_SNAILLITE.

Open root/blocks/blocks_imp_calendar.php

look for

Code: [Hide]
  1. function imp_calendar_block_func()  
  2. {  
  3. global $phpbb_root_path, $phpEx,  
  4.  

in line, after global, add:
Code: [Hide]
  1. $table_prefix,  
  2.  


next find:
Code: [Hide]
  1. include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal.'.$phpEx);  
  2.  

It could also be
Code: [Hide]
  1. include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal2.'.$phpEx);  
  2.  

Which ever it is, comment it out or delete it.

Other posts suggest putting that line in portal.php, but that will mean you only get mini_cal working on the portal page, and depending on where you put it, you don't get the dates being parsed with the events. There is only one file that needs the include line, and that file is pageheader.php file itself.

So, trundle on through your directories and open:

includes/pageheader.php

Look for the IM portal section near the end of the file, starting with
Code: [Hide]
  1. if(!$layout_forum_wide_flag&&$portal_config['portal_header']&&(!defined('HAS_DIED'))&&(!defined('IN_LOGIN')))  
  2. {  
  3. $template->set_filenames(array(  
  4. 'portal_header' => 'portal_page_header.tpl')  
  5. );  
  6.  


Straight after this, add the line:
Code: [Hide]
  1. /* ************************************************************ */  
  2. include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal.'.$phpEx);  
  3. /* ************************************************************* */  
  4.  

What you should have is a section like this:
Code: [Hide]
  1. if(!$layout_forum_wide_flag&&$portal_config['portal_header']&&(!defined('HAS_DIED'))&&(!defined('IN_LOGIN')))  
  2. {  
  3. $template->set_filenames(array(  
  4. 'portal_header' => 'portal_page_header.tpl')  
  5. );  
  6. /* *************************************************************** */  
  7. include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal.'.$phpEx);  
  8. /* *************************************************************** */  
  9. portal_parse_blocks($portal_config['default_portal'], TRUE, 'header');  
  10. $template->assign_var('HEADER_WIDTH', $portal_config['header_width']);  
  11. $template->assign_var('PORTAL_HEADER', portal_assign_var_from_handle($template, 'portal_header'));  
  12. }  
  13.  

And that will guarantee all date variables get parsed before the block is made... so you can stick minical where you want - even in the header!

Then there is one fix required to get the links to work with snaillite. Open mods/ netclectic/mini_cal/mini_cal_SNAILLITE.php

Look for:
Code: [Hide]
  1. $url = append_sid("cal_lite.$phpEx?$day_ref=$s_dd&?$mon_ref=$s_mm&$year_ref=$s_yy&mode=display");  
  2.  

Replace with:
Code: [Hide]
  1. $url = append_sid("cal_lite.$phpEx?&mode=display&cl_d=$s_dd&cl_m=$s_mm&cl_y=$s_yy");  
  2.  

And thats it!


*EDIT* I just noticed MG's equivalent fix which was to put the include line in the blocks_imp_calebdar.php. If that didn't work, then try putting it in page_header as above...


Mighty Gorgon [ Sun 19 Nov, 2006 21:07 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
The new block should work fine...

moreteavicar, are you sure that the new one is working only in the right section?

Anyway I wouldn't add that code to page_header.php... I would add it to index.php instead... but it is the original way we did it, and it is not the best way to go. Too many unuseful SQL for those who are not showing the calendar.


moreteavicar [ Mon 20 Nov, 2006 23:20 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Mighty Gorgon wrote: [View Post]
The new block should work fine...

moreteavicar, are you sure that the new one is working only in the right section?

Anyway I wouldn't add that code to page_header.php... I would add it to index.php instead... but it is the original way we did it, and it is not the best way to go. Too many unuseful SQL for those who are not showing the calendar.


Well, I've not tried your latest fix, but everyone using importal used to have problems with minical in the past - the problem being the order of data being parsed to the block, and the block generation. With the include in index.php (or portal.php), you could only get minical to display correctly on centre and right blocks! This fix ensured it went at the moment of block creation - the assumption is, you will only put this in page_header.php if you intend to use minical!

For a general fix, you could enclose it in an if statement, however, I see no reason why your fix it shouldn't work properly - putting the inclusion in the blockfile... But I do remember on netclectic's site that there was a problem doing it this way... I'll check it out...


moreteavicar [ Mon 20 Nov, 2006 23:32 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
OK, your fix in the calendar blockfile is exactly the same as the default IMPortal calendar block, but nobody could get the links to work properly this way...

Jaz wrote: 
I've found the solution to the missing links !

In blocks_imp_calendar.php

FIND

include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal2.'.$phpEx);

DELETE THIS LINE

In portal.php

FIND

$template->set_filenames( array( 'body' => 'layout/' . $layout_template ) );

BELOW ADD

// MOD MINI CAL BEGIN
include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal2.'.$phpEx);
// MOD MINI CAL END

et voila ! The links and event dates appear on the portal front page.

Original is posted here: http://www.netclectic.com/forums/vi...r=asc&start=560

Jaz's fix, however, didn't work for showing minical on the left side of the page, hence my minor contribution...


Mighty Gorgon [ Tue 21 Nov, 2006 02:44 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
He he he moreteavicar... it seems you don't trust me...

It isn't the "stardard" IM Portal block, you haven't checked accurately what I did.

It tooks me 3 hours to solve this, and I'm quite sure that now the block is working fine under any condition.

Can someone confirm that this block with the new index.php is working fine both on left, right and on any other position please?

I need this to be tested on a forum with many events...


When I have the confirmation that this block is working fine, I'll tell you what the secret is!


moreteavicar [ Tue 21 Nov, 2006 17:07 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
ok, my fault, what I actually meant is the default INTEGRAMOD version calendar block (not the IMPortal one), which has this line:

include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal.' . $phpEx);

Which is what I guess you think is the secret solution. Its not that I don't trust you, its just that, as I said above, this include in blocks_imp_calendar.php didn't work properly, and many people (including myself) had tried this in the past, on Necletic's site and Snail Source's site (the problem being nothing to do with Snail's calendar integration with minical). Its strange, it looks like it should work, but the block template gets parsed before the SQL queries are completed in minical, so it needs to be included earlier...

Unless... you have also modified minical.php... but you've not released a newer file for that, so I think I am right in my revelation of your secret

At the moment I do not use the calendar - I keep meaning to unistall topic calendar and install Snail's callite, as IMHO topic calendar is rubbish (having to post a new topic in order to add an event, whereas callite is a self-contained calendar with a more common sense approach to adding events). This discussion is prompting me to hurry up and make the change


mr-joel-comm [ Wed 22 Nov, 2006 21:40 ]
Post subject: Finding A Good College
I was looking at this article
'Best
Adsense Affiliate Earners: Do They Really Buy Valuable Adsense Keyword
Lists?'
. and was
hoping someone could help me make the right choice.

Your thoughts pleasea


Hakkinen [ Thu 23 Nov, 2006 05:23 ]
Post subject: Respuesta: 058-014 - KB Injection And Minor Fixes
mr-joel-comm wrote: [View Post]
I was looking at this article
'Best
Adsense Affiliate Earners: Do They Really Buy Valuable Adsense Keyword
Lists?'
. and was
hoping someone could help me make the right choice.

Your thoughts pleasea
The attack of the Bots?


moreteavicar [ Fri 24 Nov, 2006 01:00 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Well we are a generally a friendly website mr-joel-comm, so we would like to do our best to help you with your thoughts. Is your life but a keyword? How much do you wish to understand? Have you ever wondered who you really are? Do you ever find that the more you think you know, the more you realise you don't know? If I say I'm lying, am I telling the truth?

I hope these few thoughts are of some help to you. God bless you.


Mighty Gorgon [ Tue 28 Nov, 2006 23:22 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
moreteavicar wrote: [View Post]
ok, my fault, what I actually meant is the default INTEGRAMOD version calendar block (not the IMPortal one), which has this line:

include($phpbb_root_path . 'mods/netclectic/mini_cal/mini_cal.' . $phpEx);

Which is what I guess you think is the secret solution. Its not that I don't trust you, its just that, as I said above, this include in blocks_imp_calendar.php didn't work properly, and many people (including myself) had tried this in the past, on Necletic's site and Snail Source's site (the problem being nothing to do with Snail's calendar integration with minical). Its strange, it looks like it should work, but the block template gets parsed before the SQL queries are completed in minical, so it needs to be included earlier...

Unless... you have also modified minical.php... but you've not released a newer file for that, so I think I am right in my revelation of your secret

At the moment I do not use the calendar - I keep meaning to unistall topic calendar and install Snail's callite, as IMHO topic calendar is rubbish (having to post a new topic in order to add an event, whereas callite is a self-contained calendar with a more common sense approach to adding events). This discussion is prompting me to hurry up and make the change

That is not my "secret" modification... but it seems no one here is reporting back that my block is working fine... I think it is, otherwise someone would have posted that it isn't working...

I'll give you a hint... when you include external files with or within functions you should take care of the GLOBALS assignments...

I won't say more!


danicom [ Wed 29 Nov, 2006 19:11 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
I have applied the patch but it does not work correctly.
You can see my Mini Calendar here http://zm.nu/foro2
I dont have links over the days numbers.
In addition, day 29 is Wednesday, but my calendar show Tuesday.

Thnks
Daniel


Mighty Gorgon [ Fri 08 Dec, 2006 12:21 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
danicom wrote: [View Post]
I have applied the patch but it does not work correctly.
You can see my Mini Calendar here http://zm.nu/foro2
I dont have links over the days numbers.
In addition, day 29 is Wednesday, but my calendar show Tuesday.

Thnks
Daniel

It is strange... the day mismatch I mean...

I'll try to check.

The links over the days are due to a setting I have changed... you can change it too in calendar config file.


danicom [ Wed 13 Dec, 2006 18:52 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Mighty Gorgon wrote: [View Post]

It is strange... the day mismatch I mean...
I'll try to check.
The links over the days are due to a setting I have changed... you can change it too in calendar config file.


Where this the calendar config file? And which it's the option to modify?
Thnks
Daniel


Mighty Gorgon [ Sun 24 Dec, 2006 20:45 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Try to take a look at this file: mini_cal_config.php


danicom [ Tue 26 Dec, 2006 15:01 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Mighty Gorgon wrote: [View Post]
Try to take a look at this file: mini_cal_config.php


I have the file, but, which it's the option to modify?
Thnks & happy new year
Daniel


Mighty Gorgon [ Fri 29 Dec, 2006 11:09 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
Check the commented lines... everything is explained.

Code: [Hide]
  1. // Defines what type of search happens when a user clicks on a date in the calendar  
  2. // possible values:  
  3. // POSTS - will return all posts posted on that date  
  4. // EVENTS - will return all events happening on that date (ONLY SUITABLE FOR EVENTS CALENDAR USERS).  
  5. define('MINI_CAL_DATE_SEARCH', 'POSTS'); 


danicom [ Fri 29 Dec, 2006 11:56 ]
Post subject: Re: 058-014 - KB Injection And Minor Fixes
OK Thnks




Powered by Icy Phoenix