Support Forums - All Posts - XOOPS Web Application System

41

Re: errors and warnings in My Album module

2004/11/22 10:08
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

hi jensclas.

Although the warning abuse you, you don't have to mind it.
I've tested well and I found that the warning is not important.

42

Re: SWF gallery

2004/11/22 10:05
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

hi smyle.

Have you tried the latest myAlbum-P ?

You can make a gallery of swfs like this:

- go to myAlbum-P's preference
- set "jpg|jpeg|gif|png|swf" into "File extensions can be uploaded"
- set blank "MIME Types can be uploaded"

That's all.
Try it!

43

Re: XHLD (Xoops Headlines Duplicate)

2004/11/21 21:18
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Please calm down before writing articles.

xhld already has many users in Japan.
And xhld has already been a stable version.

It never destroy your site althogh I can't see the meaning of "destroy".

p.s. xhld is origined from XoopsHeadLine-Duplicatable instead of "Xoops Headlines Duplicate".
xhld is not "Duplicated XoopsHeadline" at all.

44

Re: Headlines

2004/11/21 9:59
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

XoopsHealine is a too buggy module.

You can try xhld module.
I recommend xhld to all XOOPSers with confidence.

The latest -2.51- is a stable version.

45

Re: The problem with Norton and Xoops

2004/10/10 21:18
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Quote:

Dave_L wrote:
function xoops_refcheck($docheck=1) { [color=ff0000]return true; // disable HTTP_REFERER check[/color] $ref = xoops_getenv('HTTP_REFERER'); if ($docheck == 0) { ... }

This is not a good code.
Better is like this:


function xoops_refcheck($docheck=1)

{

    $ref = xoops_getenv('HTTP_REFERER');

    if ($docheck == 0) {

        return true;

    }

    if ($ref == '') {

        [d]return false;[/d]

        [color=ff0000]return true;[/color]

    }

    if (strpos($ref, XOOPS_URL) !== 0 ) {

        return false;

    }

    return true;

}

The important difference between former hack and latter hack is:

former:
Even when user sends his referer, he is not protected against CSRF.

latter:
A user who sends his referer can be protected against CSRF even if he uses some modules which update/insert via GET.

With this hack, administrators MUST enables his referer.

46

Re: Myalbum module making page 3x times wider than normal

2004/7/27 9:38
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

I have to see your site by myself for advising you.
Tell me the URL.

47

Re: Myalbum module making page 3x times wider than normal

2004/7/26 10:11
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Need some more informations.

Which is the module Daniel's MyAlbum or myAlbum-P?
Which version do you use?
Which view do you want to modify? (index.php, viewcat.php or photo.php)

If you mean photo.php of myAlbum-P, you can specify the size of single view in preferences of the latest myAlbum-P.

48

Re: myAlbum-P 2.8 Error

2004/7/24 6:15
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Quote:

MacKnIss wrote:
This is the error it gives:
XOOPS_URL is not included in your REFERER

This is an error as written.
The user cuts his referer off by NortonInternetSecurity or so on.
The referer check is a mechanism of XOOPS core to prevend from CSRF attacks.
Perhaps, the user can't post into forums, too.

If your site has many beginners, this hack will be a considerable choice.

49

Say good-bye to allow_url_fopen

2004/7/21 7:48
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

The directive "allow_url_fopen" is a useful feature of PHP.
For example, xoopsheadline is depends on "allow_url_fopen".
If you turn "allow_url_fopen" off, you can't use xoopsheadline neither as main and nor as block.

But this feature often cause serious vulnerablities in fact.
I think that "allow_url_fopen On" is a setting which should be avoided as much as "register_globals On".

Scripts using snoopy instead of fopen("http://...","r") can work under "allow_url_fopen Off".
Of course, xoopsheadline can also work under "allow_url_fopen Off" if it is modified as using snoopy.

line 62 in xoopsheadline/class/headlinerenderer.php
old:


if (!$fp = fopen($this->_hl->getVar('headline_rssurl'), 'r')) {

            $this->_setErrors('Could not open file: '.$this->_hl->getVar('headline_rssurl'));

            return false;

        }

        $data = '';

        while (!feof ($fp)) {

            $data .= fgets($fp, 4096);

        }

        fclose ($fp);

new:


// start of snoopy hack

        $error_level_stored = error_reporting() ;

        error_reporting( $error_level_stored & ~ E_NOTICE ) ;

        // includes Snoopy class for remote file access

        require_once(XOOPS_ROOT_PATH."/class/snoopy.php");

        $snoopy = new Snoopy;

        //TIMEOUT 5 second

        $snoopy->read_timeout = 5;                    // timeout on read operations, in seconds

        //URL fetch

        if( ! $snoopy->fetch( $this->_hl->getVar( 'headline_rssurl' ) ) || ! $snoopy->results ) {

            if (!empty($snoopy->error)) {

                $this->_setErrors('Could not open file: '.$this->_hl->getVar('headline_rssurl')."snoopy status=".$snoopy->error);

                return false;

            } else {

                $this->_setErrors('Could not open file: '.$this->_hl->getVar('headline_rssurl'));

                return false;

            }

        }

        $data = $snoopy->results ;

        error_reporting( $error_level_stored ) ;

        // end of snoopy hack

(thx to hokousya & domifara)

I've released a module named as XoopsHeadLine-Duplicatable (xhld).
xhld uses snoopy and modified some points from original.
Of course, xhld is a duplicatable module.
Since this module can be worked independently from xoopsheadline, you can try it at ease.

If you've transferred to xhld or hacked by yourself, add


php_flag allow_url_fopen Off

into .htaccess in XOOPS_ROOT_PATH.
(If you are server's admin, change php.ini and restart httpd)

This modification will make your XOOPS site stronger from attacks.

50

Re: myAlbum and myAlbum-p question

2004/7/17 6:04
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Quote:

Booga wrote:
4 quick questions to get this straight in my head......

1. I can install 2 of the same modules on the same site??

2. rename the module folder??

3. would this also work for mydownloads??

4. I am interested as this would allow me to set different permissions per module.....yes??

Thanks for your time,
Booga.

Did you edit your post?

BTW,
Quote:

4. I am interested as this would allow me to set different permissions per module.....yes??

With Duplicatable modules, the answer is YES, of course.

This is one of the most important purpose that I made "Duplicatable" modules.

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: errors and warnings in My Album module

Re: SWF gallery

Re: XHLD (Xoops Headlines Duplicate)

Re: Headlines

Re: The problem with Norton and Xoops

Re: Myalbum module making page 3x times wider than normal

Re: Myalbum module making page 3x times wider than normal

Re: myAlbum-P 2.8 Error

Say good-bye to allow_url_fopen

Re: myAlbum and myAlbum-p question

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}