Twocents security

A place to report and discuss bugs - please mention CMSimple-version, server, platform and browser version
ustalo
Posts: 164
Joined: Mon Aug 16, 2010 7:42 am
Location: Russia
Contact:

Re: Twocents security

Post by ustalo » Tue Oct 26, 2021 5:52 pm

on site with transit i get errors http://www.sima.spb.ru

Uncaught Error: Call to a member function store() on null in /home/users/9/9119416450/domains/sima.spb.ru/cmsimple/cms.php:1350
Stack trace:
#0 /home/users/9/9119416450/domains/sima.spb.ru/index.php(6): include()
#1 {main}
thrown in /home/users/9/9119416450/domains/sima.spb.ru/cmsimple/cms.php on line 1350
Aleksei

lck
Posts: 2963
Joined: Wed Mar 23, 2011 11:43 am
Contact:

Re: Twocents security

Post by lck » Tue Oct 26, 2021 6:03 pm

ustalo wrote:
Tue Oct 26, 2021 5:50 pm
if i change code
$su = utf8_substr(urldecode($su), 0, $cf['uri']['length']);
site stop works
all menu get 404
Yes, I have confirmed that. So don't change anything in the cms.php.
Wait and see what Christoph (cmb) has to say.
„Bevor du den Pfeil der Wahrheit abschießt, tauche die Spitze in Honig!“   👉 Ludwig's XH-Templates for MultiPage & OnePage

lck
Posts: 2963
Joined: Wed Mar 23, 2011 11:43 am
Contact:

Re: Twocents security

Post by lck » Tue Oct 26, 2021 6:07 pm

ustalo wrote:
Tue Oct 26, 2021 5:52 pm
on site with transit i get errors http://www.sima.spb.ru

Uncaught Error: Call to a member function store() on null in /home/users/9/9119416450/domains/sima.spb.ru/cmsimple/cms.php:1350
Stack trace:
#0 /home/users/9/9119416450/domains/sima.spb.ru/index.php(6): include()
#1 {main}
thrown in /home/users/9/9119416450/domains/sima.spb.ru/cmsimple/cms.php on line 1350
But this has nothing to do with Twocents and Cryptographp. That was already the case before. My guess here is Register_XH.

Simply create the guestbook on a level 1 page and it should work.
„Bevor du den Pfeil der Wahrheit abschießt, tauche die Spitze in Honig!“   👉 Ludwig's XH-Templates for MultiPage & OnePage

olape
Posts: 2731
Joined: Fri Mar 13, 2015 8:47 am
Contact:

Re: Twocents security

Post by olape » Tue Oct 26, 2021 6:14 pm

ustalo wrote:
Tue Oct 26, 2021 7:23 am
Exuse my bad& horrible English
it does not works on ciryllic
on site with latin translit it help
but it is not right solution. because change ciryllic to translit on many sites not human decision.

http://www.sima.spb.ru/?Nachalo/skazatmz_paru_slov
I think this would be exactly the right way though.
You should use $tx['urichar']['org'] and $tx['urichar']['new'] to display the URLs in Latin letters (lower case).
That should solve your problem for now I think.

I still think that a solution like urlify would be a good idea for XH.
Gruß Olaf, Plugins for CMSimple_XH

Ich habe schon lange den Verdacht, dass so viele so eifrig auf Gender, Trans und Queer machen:
Weil sie für das Fachliche ganz einfach zu doof sind.

ustalo
Posts: 164
Joined: Mon Aug 16, 2010 7:42 am
Location: Russia
Contact:

Re: Twocents security

Post by ustalo » Tue Oct 26, 2021 6:23 pm

i will look closely next days
thanks
Aleksei

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Twocents security

Post by cmb » Tue Oct 26, 2021 9:41 pm

ustalo wrote:
Tue Oct 26, 2021 7:23 am
Exuse my bad& horrible English
No need to apologize! :)
ustalo wrote:
Tue Oct 26, 2021 7:16 am
no fix
error 404
Sorry for the confusion! This is a bug in Cryptographp_XH (and probably some other plugins). Quick-fix: replace this line with:

Code: Select all

        global $su;

        $rest = array_slice($this->params, 1);
        return "$su&" . preg_replace('/=(?=&|$)/', '', http_build_query($rest, '', '&'));
(and remove the previously suggested fix in cms.php)
ustalo wrote:
Tue Oct 26, 2021 5:52 pm
on site with transit i get errors http://www.sima.spb.ru

Uncaught Error: Call to a member function store() on null in /home/users/9/9119416450/domains/sima.spb.ru/cmsimple/cms.php:1350
Stack trace:
#0 /home/users/9/9119416450/domains/sima.spb.ru/index.php(6): include()
#1 {main}
thrown in /home/users/9/9119416450/domains/sima.spb.ru/cmsimple/cms.php on line 1350
With an unmodified cms.php of CMSimple_XH 1.7.5, this should be line 1345, but that should not happen because the the guard on the line before. Unless you have modified this code, this might be a PHP bug. Do you have OPcache enabled (see Settings → Info → PHP Info)?
olape wrote:
Tue Oct 26, 2021 6:14 pm
You should use $tx['urichar']['org'] and $tx['urichar']['new'] to display the URLs in Latin letters (lower case).
[…]

I still think that a solution like urlify would be a good idea for XH.
Given that there are even international domain names (IDN) nowadays, I'm not sure about that. I think it's fine to have it optionally, but we should do our best to support non-transliterated page URLs as well.

PS: that Cryptographp_XH issue was filed on 2017-10-27 – happy Birthday! ;)
Christoph M. Becker – Plugins for CMSimple_XH

ustalo
Posts: 164
Joined: Mon Aug 16, 2010 7:42 am
Location: Russia
Contact:

Re: Twocents security

Post by ustalo » Wed Oct 27, 2021 4:57 am

on local server i have

'--enable-opcache' '--enable-intl'

i am far from any code

I put original code cms.php on translit site-captcha works
http://www.sima.spb.ru/?Nachalo/skazatmz_paru_slov
Aleksei

Post Reply