Support Forums - All Posts - XOOPS Web Application System

11

XOOPS Theme Gallery

2009/8/11 8:29
adium
Just popping in
Posts: 99
Since: 2005/1/18

I realize this new theme gallery is still in beta, but after some searching around the site I can't find any info on the progress or anything at all for that matter.

All the files in the gallery are empty zip files, which there are some nice themes in there as well. Specifically some of the admin themes.

Are these themes going to be fixed so they aren't broken links anytime soon?

12

Admin Oxygen theme won't display certain pages

2009/8/11 8:26
adium
Just popping in
Posts: 99
Since: 2005/1/18

I've been going back and forth all night trying to change the permissions on my newbb forum, but everytime I view the page its nothing but a blank white page. I change the admin theme from oxygen to either legacy or default and the page will display.

Not that I go around changing permissions on my forum very often, but it is kinda annoying to have to change the theme in order to get it to work.

Has anyone else noticed this or is it just me? Better question would be, is there a fix for this?

13

Re: Omitting module from Search Results

2009/8/10 0:12
adium
Just popping in
Posts: 99
Since: 2005/1/18

Wow! That easy? Thanks a lot!

14

Omitting module from Search Results

2009/8/9 23:50
adium
Just popping in
Posts: 99
Since: 2005/1/18

I am using extCal just to display a mini-calendar in my sidebar and nothing more. However depending on your search term it will show up in the search results for the site. I would rather it not show up at all and only work as a calendar that sits there and looks pretty.

Any idea on how to do this?

15

Better way to working with and managing SQL databases?

2009/8/2 10:40
adium
Just popping in
Posts: 99
Since: 2005/1/18

You know those modules that you want like 1,000 entries in it, for example a links section, and you have to sit there and enter every single one using the submit.php page?

I have found a better way, using a program (called Navicat) that lets me export my SQL table into an excel file.... or place all my data into an excel file then import it. Problem is, that it only imports by deleting the old table then making a new one. Causing whatever uses that table to be unavailable for the time period you need to upload the new database. This program also limits me to using 255 characters per cell. For a links section, its not a big deal, but for forum entries or blog posts it can create a problem.

I am wondering if anyone uses something similar. I would absolutely love something that functions like excel but works directly with the database online so there is no upload/download crap. Another annoying feature with Navicat is that it doesn't include the column names in the table so you have to type in each name manually before you can import it.

For links and downloads modules this program is great..., but I'm still looking for a little more control.

16

Re: WYSIWYG @ catads module

2009/8/1 3:16
adium
Just popping in
Posts: 99
Since: 2005/1/18

Awesome! Thanks!!!!

17

Re: HTML Editor

2009/7/31 17:52
adium
Just popping in
Posts: 99
Since: 2005/1/18

Quote:

There should be a function called render. In this function is the html-code for the textarea. Just add a blank right before the closing textarea-tag.

There is a function called render but there are no HTML tags in it.

 function render() 
    { 
        $ret = $this->tinymce->render(); 
        $ret .= parent::render(); 
         
        return $ret; 
    }

18

XOOPS Multiple Cross-Site Scripting Vulnerabilities - Security Advisory

2009/7/31 17:45
adium
Just popping in
Posts: 99
Since: 2005/1/18

From: Lists
Date: Fri, 31 Jul 2009 16:05:46 +1000

XOOPS Multiple Cross-Site Scripting Vulnerabilities - Security Advisory - SOS-09-005 Release Date. 31-Jul-2009
Vendor Notification Date. 15-Jun-2009
Product. XOOPS
Platform. Independent
Affected versions. 2.3.3 (verified), possibly others Severity Rating. Medium
Impact. Cookie/credential theft, impersonation, loss of confidentiality Attack Vector. Remote
Solution Status. Vendor patch
CVE reference. Not yet assigned

Details.

XOOPS is a content management system written in PHP. During an application penetration test Sense of Security identified that Input passed to the "op" parameter of viewpmsg.php, and in the query string of user.php are vulnerable to Cross-Site Scripting vulnerabilities. This occurred as a result of the application not properly filtering HTML tags which allowed malicious JavaScript to be embedded. When input is incorrectly validated and not properly sanitised and then displayed in a web page, attackers can trick users into viewing the web page and causing malicious code to be executed.

Proof of Concept.

http://IP/xoops-2.3.3/htdocs/modules/pm/viewpmsg.php?op='">

Solution.

Vendor patch

Discovered by.

Sense of Security

About us.

Sense of Security is a leading provider of IT security and risk management solutions. Our team has expert skills in assessment and assurance, strategy and architecture, and deployment through to ongoing management. We are Australia's premier application security consultancy and trusted IT security advisor to many of the countries largest organisations.

Sense of Security Pty Ltd

Level 3, 66 King St
Sydney NSW 2000
AUSTRALIA

T: +61 (0)2 9290 4444
F: +61 (0)2 9290 4455
W: http://www.senseofsecurity.com.au
E: info_at_senseofsecurity.com.au

The latest version of this advisory can be found at:

http://www.senseofsecurity.com.au/advisories/SOS-09-005.pdf

Other Sense of Security advisories can be found at:

http://www.senseofsecurity.com.au/research/it-security-advisories.php Received on Jul 31 2009

19

Re: WYSIWYG @ catads module

2009/7/31 15:51
adium
Just popping in
Posts: 99
Since: 2005/1/18

Wow..., I have this same issue and this is in the latest 5 search results?

Any chance someone out there has a fix on this yet and I'm just not seeing it?

20

Re: Catads won't show new submissions for 6 hours

2009/7/6 17:05
adium
Just popping in
Posts: 99
Since: 2005/1/18

Answered my own question.

Change submit1.php, Line 239:

$published = strtotime($published) + mktime($now['hours'], $now['minutes'], $now['seconds'], 1, 1, 1970);

to

 $published = strtotime($published) + mktime($now['hours'], $now['minutes'], $now['seconds'], 1, 1, 1970) - 21600;

Simple hack, and now I feel like an idiot! Not as much of an idiot if someone else answered, but still an idiot.

Stats
Goal:	AU$15.00
Due Date:	Jul 31
Gross Amount:	AU$0.00
Net Balance:	AU$0.00
Left to go:	AU$15.00

Forum Index

XOOPS Theme Gallery

Admin Oxygen theme won't display certain pages

Re: Omitting module from Search Results

Omitting module from Search Results

Better way to working with and managing SQL databases?

Re: WYSIWYG @ catads module

Re: HTML Editor

XOOPS Multiple Cross-Site Scripting Vulnerabilities - Security Advisory

Re: WYSIWYG @ catads module

Re: Catads won't show new submissions for 6 hours

Login

Search

Recent Posts

Re: New module: Smartshare

SmartLike (coming)

Re: New module: Weather

Re: XOOPS Custom Field Module

Re: XOOPS Custom Field Module

XOOPS Custom Field Module

Re: New module: Smartshare

Re: New module: Weather

Re: New module: Weather

New module: Weather

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}