Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest sNews - sNews 1.7 - with its own forums - for discussion and user mods.

Pages: 1 ... 3 4 [5] 6 7 ... 10

Author Topic: sNews 1.4 - General Bugs and Comments  (Read 69701 times)

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • “I'm a self-made man and worships my creator.”
    • p-ahlqvist.com
sNews 1.4 - General Bugs and Comments
« Reply #60 on: February 01, 2006, 03:17:31 pm »

If possible problems with XSS attacks (have no grounds for this, but neva' the less)... could this be something to consider ???

http://cyberai.com/inputfilter/

Patric.
Logged
"It's only dead fish that goes with the flow... "
Updated

Luka

  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 36
  • Posts: 1717
    • http://www.snewscms.com
sNews 1.4 - General Bugs and Comments
« Reply #61 on: February 01, 2006, 03:23:43 pm »

The key is to filter < > " and # so no javascript could be entered under comments.

I'm thinking htmlspecialchars...
Logged

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • “I'm a self-made man and worships my creator.”
    • p-ahlqvist.com
sNews 1.4 - General Bugs and Comments
« Reply #62 on: February 01, 2006, 04:18:00 pm »

;) possibly a little easier, right ?

Just thought I would try to contribute, even though I don't know what I'm, talking about, hehe...
Logged
"It's only dead fish that goes with the flow... "
Updated

George Antoniadis

  • Sr. Member
  • ****
  • Karma: 0
  • Posts: 479
sNews 1.4 - General Bugs and Comments
« Reply #63 on: February 01, 2006, 06:24:38 pm »

luka there are some stuff you can't do when using htmlspecialchars...
1. only works after 4.3 or something
2. we won't be able to insert images, links etc...
3. if you use htmlspecialchars before you insert the post in SQL then editing the articles would be pretty difficult I think...

why not use strip_tags?
Logged
How I feel like I'm starless, I'm ready to fade now.
And how I feel like I'm starless, I'm hopeless and greyed out.

Luka

  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 36
  • Posts: 1717
    • http://www.snewscms.com
sNews 1.4 - General Bugs and Comments
« Reply #64 on: February 01, 2006, 06:48:24 pm »

Quote from: analyzerx
luka there are some stuff you can't do when using htmlspecialchars...
1. only works after 4.3 or something
2. we won't be able to insert images, links etc...
3. if you use htmlspecialchars before you insert the post in SQL then editing the articles would be pretty difficult I think...

why not use strip_tags?

OK I agree, but I was reffering only to comments post. We want to be able to insert Javascript into our articles.

Analyzerx, do you have some time to work on sNews? I have only two hands...
Logged

albert

  • Sr. Member
  • ****
  • Karma: 0
  • Posts: 405
    • http://www.oswt.co.uk/
sNews 1.4 - General Bugs and Comments
« Reply #65 on: February 01, 2006, 06:59:05 pm »

Hi

SQL injection will only Apply to  Comments only. As this is the only way that this can be done wth sNews.
Unless it can be injected via the Search Form or Contact us.

Adding artcals is done by admin so he won't do it :)

So this is it...

I did see if I could add some injections in my 1.4b and all ok. Need more testers for this plus a list of know  injected code
so we all can check out as well..

Albert

Quote from: Luka
The key is to filter < > " and # so no javascript could be entered under comments.

I'm thinking htmlspecialchars...
Logged
Albert
http://snews.awddesign.co.uk/snews/ site: v1.3
http://snews.awddesign.co.uk/           site: v1.2 http://www.awddesign.co.uk/
“Putting together the largest collection of sNews 1.5 designs. Coming very soon :)

George Antoniadis

  • Sr. Member
  • ****
  • Karma: 0
  • Posts: 479
sNews 1.4 - General Bugs and Comments
« Reply #66 on: February 01, 2006, 07:10:21 pm »

Luka just tell what I can do to help! ^_^
I'm a student that doesn't go to college so... :P I've got plenty of time ;)
Logged
How I feel like I'm starless, I'm ready to fade now.
And how I feel like I'm starless, I'm hopeless and greyed out.

George Antoniadis

  • Sr. Member
  • ****
  • Karma: 0
  • Posts: 479
sNews 1.4 - General Bugs and Comments
« Reply #67 on: February 02, 2006, 12:53:59 am »

BUG:
When posting 2 articles with the same SEF url everything gets messy! ^_^
like:
http://analyzerx.noodles.gr/~projects/sNews/1.4_BETA+install_1.0_BETA/home/test/

both articles have the SEF url test ... and all hell freezes over...
I can't do anything to them now! ^_^ (not from the snews admin place)

so I think there should be a check if the sef url allready exists... ;)
Logged
How I feel like I'm starless, I'm ready to fade now.
And how I feel like I'm starless, I'm hopeless and greyed out.

bryn

  • Hero Member
  • *****
  • Karma: 2
  • Posts: 934
    • http://www.cssugly.com
sNews 1.4 - General Bugs and Comments
« Reply #68 on: February 02, 2006, 07:04:08 am »

just tested this on your test site 'a'..did you manage to fix it 'cos I couldn't replicate the problem..posted two articles with the same SEF url..all it seems to do is give you the option to edit both articles..

..but yes an option to check would be handy ;)
Logged
Over 1,000 posts of joy, sNews is not only brilliant, but fun too! thanks guys :D

George Antoniadis

  • Sr. Member
  • ****
  • Karma: 0
  • Posts: 479
sNews 1.4 - General Bugs and Comments
« Reply #69 on: February 02, 2006, 10:31:52 am »

I fixed it but it was something stupid *I* had done...
really sorry for this and thank you bryn!!!!
Logged
How I feel like I'm starless, I'm ready to fade now.
And how I feel like I'm starless, I'm hopeless and greyed out.

bryn

  • Hero Member
  • *****
  • Karma: 2
  • Posts: 934
    • http://www.cssugly.com
sNews 1.4 - General Bugs and Comments
« Reply #70 on: February 02, 2006, 08:12:53 pm »

glad you got it sorted mate ;D
Logged
Over 1,000 posts of joy, sNews is not only brilliant, but fun too! thanks guys :D

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • “I'm a self-made man and worships my creator.”
    • p-ahlqvist.com
sNews 1.4 - General Bugs and Comments
« Reply #71 on: February 03, 2006, 02:38:22 pm »

Ok, here's a question for you, as I know this has been discussed before, but I can't follow you going deep into tech stuff ;)...

If I have a 1_4beta installation, can you post a javascript in my comments field and it runs on my site ??? Is 1_4beta secure... ?

Patric.
Logged
"It's only dead fish that goes with the flow... "
Updated

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • “I'm a self-made man and worships my creator.”
    • p-ahlqvist.com
sNews 1.4 - General Bugs and Comments
« Reply #72 on: February 03, 2006, 05:44:20 pm »

@ Luka

You know that rss thingy you commented ?

Would this do:

In the global settings:
Code: [Select]
$s['RSS_description'] = "The yourURL.com news feed"; // RSS: Brief description for RSS feed
$s['RSS_language'] = "en-us"; // RSS: Language of RSS Feed
$s['RSS_char_encoding'] = "ISO-8859-15"; // RSS Character encoding for feed (default ISO-8859-15)
$s['RSS_ttl'] = "480"; // RSS: Time-To-Live (recommended refresh interval for readers, minutes)
$s['RSS_date_format'] = "r"; // Date and time format for RSS (PHP syntax, eg. "Y-m-d H:i:s")
$s['RSS_no_of_items'] = "10"; // Number of articles in RSS feed

And replacement in the snews.php:
Code: [Select]
// RSS FEED
function rss()
{
   $db = mysql_connect(s('dbhost'),s('dbuname'),s('dbpass'));
   mysql_select_db(s('dbname')) or die(s('dberror'));
   // get ten articles from center position sorted by date
   $query = "SELECT * FROM " .s('prefix'). "articles WHERE position = 1 ORDER BY date DESC LIMIT 0 , " . s(RSS_no_of_items);
   $result = mysql_query($query);
   $filename = "rss.xml";

   $header = "n";
   $header .= "";
   $header .= "";
   $header .= "" . s(website_title) . "";
   $header .= "" . s(website) . "";
   $header .= "" . s(RSS_description) . "";
   $header .= "" . s(RSS_language) . "";
   $header .= "" . s(RSS_ttl) . "";

   $footer = "
";
   $footer .= "
";

   $items  = "";
   while ($r = mysql_fetch_assoc($result))
   {
      $patterns[0] = "/&/";
      $patterns[1] = "/      $patterns[2] = "/>/";

      $replacements[0] = "&";
      $replacements[1] = "<";
      $replacements[2] = ">";

      $description = preg_replace($patterns, $replacements, stripslashes($r['text']));

      $date = date(s('RSS_date_format'), strtotime($r['date']));

      $items .= "";
      $items .= "". $r['title'] ."";
      $items .= "". $date ."";
      $items .= "". $description ."";
      $items .= "". s(website) ."index.php?id=". $r['id'] ."";
      $items .= "
";
      }

   $theFullFeed = $header . $items . $footer;
   $fh = fopen($filename, "w+");
      fwrite($fh, $theFullFeed);
   fclose($fh);

   echo "";
}

This isn't me, hehe...you guessed that, eh ? It's clsc's contrubution in the mods section a bit down...I just changed something in it, not sure what, and that works on /patric_8 and /patric_9. Would it work here in the 1.4beta version... ?

Patric.
Logged
"It's only dead fish that goes with the flow... "
Updated

Luka

  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 36
  • Posts: 1717
    • http://www.snewscms.com
sNews 1.4 - General Bugs and Comments
« Reply #73 on: February 03, 2006, 05:49:50 pm »

It woudn't work because of the links not being converted to sef. Also, this feed won't validate.
I don't know why your feed isn't feeding articles, it works with me...

http://www.solucija.com/rss/
Logged

bramsyuur

  • Hero Member
  • *****
  • Karma: 23
  • Posts: 873
    • http://snews.vietbee.net
sNews 1.4 - General Bugs and Comments
« Reply #74 on: February 03, 2006, 06:08:47 pm »

Not a bug, but I think, for a more acurate translation interface, I have added these 2 line in 'language variables' into 'snews.php':

Code: [Select]
$l['new_articles_label'] = "New articles:";  // Translate into your local language
$l['past_articles_label'] = "Past Articles:";  // Translate into your local language

And I have modified the 'index.php' of sNews14beta like this:
(arround the line 37 & 40)
Search this :

Code: [Select]

New articles:


...

Past articles:



And change to this:
Code: [Select]


....



Possible more to come, I've see looking...
Thanks!
bramsyuur



Logged
La comunidad sNews en tu idioma!
Comunidad sNews en Español
Pages: 1 ... 3 4 [5] 6 7 ... 10