1.2 Released

Discussion in 'News and Announcements' started by renlok, May 21, 2016.

  1. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    I'm totally confused and need direction. Where the umph is the bug tracker page section? I don't go surfing around here. I come in and clicked the new posts and see only a few and don't bother look around. Where am I supposed to post stuff now? I worked a couple of days at tracing the problem with the uploader which reminded me exactly of when I got the Jquery uploader to work, and now, I was told to start posting somewhere else on the one particular issue. That right there made me want to stop working on it and take a break for a few days and let it sit on the back burner. By the way, the uploader issue someone addressed with all of you in a private message is still there. We're going to have to come up with a solution sooner or later.

    I have very little time to be here. Hopefully, I can help with the time I have. I have a few days now but, probably very soon I will be taking another break. Without pani100 around and without testers asking for help, the 2.0 will be stuck in the mud for a very long time and I can see already that it has a few bugs. No offense to everyone here but, the truth is there not many advanced coders here if any helping out. I'm not one but, hope to be one someday and I'm getting better every day.

    I don't even want to start with the bootstrap. I just hope when I find a solution to present that it's on the php or javascripts side.
     
  2. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    What do you think caused the \ to come up in all of the forms in the admin sections? I am glad it's on the back-end. I'm thinking it's something like a preg_replace or str_replace or some kind of replace. I will look around and see.
     
  3. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    Something like this but, not in the location where I found it seems to be a code like we would be looking for.
    PHP:
    str_replace("'""\'"$v);
    I found that in the admin/categoriestrans.php file. The issue might be in the ckeditor itself. I will test this out on the user side too.
     
  4. nay27uk

    nay27uk Super Moderator Staff Member

    Joined:
    Nov 24, 2009
    Messages:
    5,560
    Likes Received:
    542
    Davind on the forum home page the forum index that lists all the forums it is at the top of the page mate directly under the showcase board in its own section.

    bugtrack.jpg
     
  5. nay27uk

    nay27uk Super Moderator Staff Member

    Joined:
    Nov 24, 2009
    Messages:
    5,560
    Likes Received:
    542
    David I have already posted this in the bug tracker mate I will try and move the posts about it into its own new thread.

    Below is what I have already posted to the bug tracker from this thread and I think I have everything covered there.

    http://www.webidsupport.com/bugs/view.php?id=564
    http://www.webidsupport.com/bugs/view.php?id=563
    http://www.webidsupport.com/bugs/view.php?id=562
    http://www.webidsupport.com/bugs/view.php?id=561
    http://www.webidsupport.com/bugs/view.php?id=560
     
  6. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    Well, I accidentally had my theme set to bootstrap. I put a test item and by having the bootstrap them on by accident I found there was no subtitle to display. I switched it over to the default theme and it had the subtitle showing. In both the title and subtitle it changed it to: TEST ITEM DON\'T BUY THIS

    I am thinking this is a form related issue we have fixed in the past. More looking into is called for.

    The description part came out perfectly fine.
     
    Last edited: May 27, 2016
  7. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    Thanks nay27uk!
     
    nay27uk likes this.
  8. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    This problem is probably caused by the change that was done when the magic quotes were removed. Here's what was removed that is showing in this link to the commit in the github
    site. removed all get_magic_quotes_gpc() as min PHP version is now 5.4 so a…
    https://github.com/renlok/WeBid/commit/507f0a445734796a13ccd51d53da054eeee55625

    I'm still using an older PHP version and that might have something to do with it. I'm not sure but, I have seen stuff like the stripslashes have been removed.
     
  9. nay27uk

    nay27uk Super Moderator Staff Member

    Joined:
    Nov 24, 2009
    Messages:
    5,560
    Likes Received:
    542
    No nothing to do with the php version mate same problem here and I have tried it from php 5.4 up to php 7.3
     
  10. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    To fix the forward slash problem that come out like in the admin notes and in other places go to your includes/functions_global.php page and go to about line 222 and change:
    PHP:
    $i addslashes($i);
    To:
    PHP:
    $i stripslashes($i);
    I'm surprised we never saw the problem in a previous versions. I'm thinking the magic_quotes that was there in the older version might of helped prevent it from happening.

    Give that a try and see if it fixes the issue.
     
  11. nay27uk

    nay27uk Super Moderator Staff Member

    Joined:
    Nov 24, 2009
    Messages:
    5,560
    Likes Received:
    542
    David we did see something similar with auction titles on older versions mate or was it category names, I posted a thread somewhere about it that got quite lengthy but no fix was ever found.

    Here ya go mate HERE is my original thread it took me a long time to find it in search but I wonder if it is the same problem and fix as you posted above.
     
    Last edited: May 30, 2016
  12. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    I checked that link. I remember the old guest but, I don't remember the thread. I've never seen this special charracter '´', being used in coding. It doesn't mean it's never been used. I just never have seen it used. pani100 also helped me out with the title problem we had. We at the time even were able to work with mysql_real_escape_string but, Webid 1.2 doesn't use mysql from what I was told. It took me one search but, I found it. There was only 2 results so, lucky me. pani100 was using stripslashes in the title instead of htmlentities for an issue where the title was coming out with & # 40 in the 1.0 version.

    When they removed for the (!get_magic_quotes_gpc()) 1.2 version it was part of the cause of the problem. It's part of what keep addslashes in check. What does addslashes sound like it does? It adds slashes. I also read this in the php.manual that magic_quotes:
    Warning

    This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

    That's why they are removed the magic quotes. Here's the link if you want to read more about Magic Quotes:
    http://php.net/manual/en/security.magicquotes.php

    Here's the old code by the way in case we are looking at it down the road in the future:
    PHP:
    function cleanvars($i$trim false)
        {
            if (
    $trim)
                
    $i trim($i);
            if (!
    get_magic_quotes_gpc())
                
    $i addslashes($i);
            
    $i rtrim($i);
            
    $look = array('&''#''<''>''"''\'''('')''%');
            
    $safe = array('&amp;''&#35;''&lt;''&gt;''&quot;''&#39;''&#40;''&#41;''&#37;');
            
    $i str_replace($look$safe$i);
            return 
    $i;
        }

    We will have to check the other addslashes out. Here's some more showing on github:
    https://github.com/renlok/WeBid/search?utf8=✓&q=addslashes
    I noticed when I looked at my /admin/categoriestrans.php that not one apostrophe was used. Someone avoiding having like in the first section with 40s, 50s & 60s.

    The categories themselves seem to be working in the new version when you add an apostrophe like for an example to 45's.

    I'm still learning how the queries are written with the arrays. I wish I had a full understanding on how it makes it safer and to be able to create queries with the arrays from scratch like Webid 2.0 does. Then maybe I can figure out how to write the queries like for the admin notes like I will show an example how there was a change in the queries below:

    Here's the old query for the 1.1 version on the admin/categories. They used the cleanvars:
    PHP:
    $query "UPDATE " $DBPrefix "categories SET
                cat_name = '" 
    $system->cleanvars($_POST['categories'][$k]) . "',
                cat_colour = '" 
    mysql_escape_string($_POST['colour'][$k]) . "',
                cat_image = '" 
    mysql_escape_string($_POST['image'][$k]) . "'
                WHERE cat_id = " 
    intval($k);
                
    $system->check_mysql(mysql_query($query), $query__LINE____FILE__);
    In the admin/categories for the 1.2 version they didn't use cleanvars:
    PHP:
    $query "UPDATE " $DBPrefix "categories SET
                                cat_name = :name,
                                cat_colour = :colour,
                                cat_image = :image
                                WHERE cat_id = :cat_id"
    ;
                        
    $params = array();
                        
    $params[] = array(':name'$_POST['categories'][$k], 'str');
                        
    $params[] = array(':colour'$_POST['colour'][$k], 'str');
                        
    $params[] = array(':image'$_POST['image'][$k], 'str');
                        
    $params[] = array(':cat_id'$k'int');
                        
    $db->query($query$params);
    See the difference?
     
  13. timw255

    timw255 Active Member

    Joined:
    Jul 7, 2015
    Messages:
    106
    Likes Received:
    42
    Hey guys,

    With regards to the latest issue in the thread, 1.2 introduces a cut-over to parameterized queries instead of manual sanitization/desanitization of user input...meaning cleanvars() probably isn't needed anymore. It was escaping user input, likely, to guard against SQL injection...which we get, for free, with the new parameters.

    While it's a change for the better, we're now tasked with making sure the new way is being implemented correctly in all areas of the code where data is stored and retrieved. The bad: it's something that could affect numerous areas of the application and it may seem like something that has been fixed before. The good: it's easily addressable.

    As someone who's just casually working through bugs and features...I, personally, need everyone that's willing to log issues to keep at it until they're fixed. <---(because I'm not actively testing...just going off of issue reports.)
     
    Last edited: May 30, 2016
    nay27uk likes this.
  14. timw255

    timw255 Active Member

    Joined:
    Jul 7, 2015
    Messages:
    106
    Likes Received:
    42
    I can see that cleanvars() is still used 50 times...and uncleanvars() 59. addslashes() is used a handful of times too...but no stripslashes().

    I'm willing to help sort it but I don't want to start imposing my will without direction. lol.

    I'll wait until there's more of a consensus on what's being discussed over at https://github.com/renlok/WeBid/pull/180
     
  15. timw255

    timw255 Active Member

    Joined:
    Jul 7, 2015
    Messages:
    106
    Likes Received:
    42
    Okie dokie.
    Tossed a pull request to @renlok . Let's see if he's feeling brave enough to merge it. #YOLO

    Anyway, it incorporates the updates for the things in this thread, a couple from the tracker, and a couple I discovered while clicking around...mostly just targeting the admin and creating/editing auctions though.

    Looking forward to feedback!
     
    nay27uk likes this.
  16. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    @timw255 nice job on fixing the install page so an error comes up when the wrong info was added. I just tested it out with fresh page I got from github. It's nice that it comes up. It doesn't specify if it's one or all that are missing. Is there any chance you can make it report an error for what is missing like the old script used to do please? If not then that's cool that you got it the way it is now. I'm sure @nay27uk you got an error to display now if the info is not right on the install form. Here's what the error report looks like on my end.
    Webid Database Install info not correct.png

    That is GREAT that you got it to work like that. I see you are pretty good coder now. Thanks for helping out!
     
    nay27uk likes this.
  17. renlok

    renlok Administrator Staff Member

    Joined:
    Oct 20, 2008
    Messages:
    2,858
    Likes Received:
    330
    Can we keep this thread on topic please
     
    david62311 and nay27uk like this.
  18. nay27uk

    nay27uk Super Moderator Staff Member

    Joined:
    Nov 24, 2009
    Messages:
    5,560
    Likes Received:
    542
    I have to agree with what you said above Dominik.

    There is also the little problem that david posted about in post #35 about the captcha box being back at the top of the page.

    I also notice a big mistake on the register page where the captcha box heading when you have no payment processors or fees or even fees enabled etc set up in admin the captcha box heading says Payment Information surely that is a stray header for Payment Information for when you actually have fees, payment gateways fees enabled ect and when none of those are set up then it should say Verification and Anti Spam or something like that instead, but it definitely should not say Payment Information above a Capture area.

    boot.jpg

    Unfortunately when it comes to BootStrap I get lost in it, I hate how google's BootStrap system is coded, it is one of the hardest themes to work on so unfortunately I cant fix these 2 problems.

    Maybe @super_st would be kind enough to lend a hand with the bootstrap niggles as the bootstrap theme is his little baby so he knows his way around the bootstrap code better than anyone else here does.
     
    Last edited: Jun 2, 2016
  19. timw255

    timw255 Active Member

    Joined:
    Jul 7, 2015
    Messages:
    106
    Likes Received:
    42
    The lastest PR incorporates a couple more stability improvements and makes it possible for people to do automated test installs.

    We're at the point now where, after clicking on practically everything in the admin, the error log was still dry as a bone.
     
    david62311 and nay27uk like this.
  20. nay27uk

    nay27uk Super Moderator Staff Member

    Joined:
    Nov 24, 2009
    Messages:
    5,560
    Likes Received:
    542
    Great work Tim and anyone else working on this
     

Share This Page