User Login    
 + Register
Bookmark and Share
  • Main navigation
Login
Username:

Password:

Remember me



Lost Password?

Register now!







Re: bug in checkReferer in Xoops Core 2.0.10
Home away from home
rank4823bd3e90096.gif
Joined:
2003/11/19 13:01
From Willich, Germany
Group:
Forge Developers
Registered Users
Posts: 156
A nice enhancement for Mozilla-/Firefox-User is the BBCode-extension.

This is for people that are too lazy (like me) typing in the XOOPS-Codes. .

Some codes differ, but this is no problem, because you can make your own tags.

Posted on: 2005/8/25 1:26
_________________
greetz
frankblack
_MD_TRANSFER_DESC _MD_TRANSFER


Re: bug in checkReferer in Xoops Core 2.0.10
Home away from home
rank4823bd3e90096.gif
Joined:
2004/1/5 17:56
From Virginia, USA
Group:
Registered Users
Posts: 364
Quote:
Sorry for one font in the post. How can I distinguish the code snippets (I use Firefox)?


When posting code, its usually best to use the [ code ] ... [ /code ] tags (without spaces). That makes it more readable.

You can use [ color=ff0000 ] ... [ /color ] tags within the code tags to highlight changes.

line 1
[color=ff0000]line 2[/color]
line 3

Posted on: 2005/8/24 20:17
_MD_TRANSFER_DESC _MD_TRANSFER


bug in checkReferer in Xoops Core 2.0.10
Just popping in
rank481e64a60d920.gif
Joined:
2005/5/18 8:23
Group:
Registered Users
Forge Developers
Posts: 18
Hi,

I have just spent more than half a day debugging Xoops in order to make an upgrade to 2.0.13 working.

We have Xoops 2.0.9.2 running in production. I would like to make use of the new editors available in 2.2 so I decided to try to upgrade the development instance. First upgrading to 2.0.13 and then (hopefully) to 2.2.

I applied manually three patches: 2.0.9.2 -> 2.0.10, 2.0.10 -> 2.0.12a and 2.0.12a -> 2.0.13. Afterwards when I went to the homepage, I got error messages concerning system_block_dummy.html in some of the blocks on the homepage. I realized I should probably update the System module in the admin interface (this is my first update of Xoops Core).

The update however failed. After a long and slow debugging I found out that there is one line in class/xoopssecurity.php that causes the trouble. I fixed the line and it works:

/**
* Check the user agent's HTTP REFERER against XOOPS_URL
*
* @param int $docheck 0 to not check the referer (used with XML-RPC), 1 to actively check it
*
* @return bool
**/
function checkReferer($docheck=1)
{
$ref = xoops_getenv('HTTP_REFERER');
if ($docheck == 0) {
return true;
}
if ($ref == '') {
return false;
}
if (strpos($ref, XOOPS_URL) !== 0 ) {
//schalmn: return false;
return true;
}
return true;
}


The problem is really dificult to trace. It causes include/common.php to set the XOOPS_DB_PROXY flag

define('XOOPS_DB_PROXY', 1);

and subsequent attempt to update the module record is rejected by the query method of XoopsMySQLDatabaseProxy.

Looking at the code in the CVS, I see that the problem has been fixed in 2.2. Could the fix be backported to the upgrade patch for 2.0.10? There might be people that don't have debugging tools / experience and for them it's virtually impossible to find the problem (no error message).

Sorry for one font in the post. How can I distinguish the code snippets (I use Firefox)?

Many thanks.

Martin

Posted on: 2005/8/24 12:00
_MD_TRANSFER_DESC _MD_TRANSFER







You can view topic.
You cannot start a new topic.
You cannot reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You cannot post without approval.
You cannot use topic type.
You cannot use HTML syntax.
You cannot use signature.
You cannot create pdf.
You cannot get print page.

[Advanced Search]