Advanced search  

News:

cpg1.5.44 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.42 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: w3c validation for "<"  (Read 3474 times)

0 Members and 1 Guest are viewing this topic.

flapane

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: it
  • Offline Offline
  • Gender: Male
  • Posts: 249
    • Flavio's page
w3c validation for "<"
« on: June 15, 2012, 05:42:27 PM »

While waiting to solve the resizing thing using Imagemagik, I noticed that there are a few errors which involve the sql char "<".

Quote
Line 717, Column 65: character "<" is the first character of a delimiter but occurred as data

[2] => DELETE FROM `flapanec_db`.cpg132_sessions WHERE time < 1339770630 AND remember = 0 [bridge/coppermine.inc.php:247] (0 ms)

This message may appear in several cases:

    You tried to include the "<" character in your page: you should escape it as "&lt;"
    You used an unescaped ampersand "&": this may be valid in some contexts, but it is recommended to use "&amp;", which is always safe.
    Another possibility is that you forgot to close quotes in a previous tag.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: w3c validation for "<"
« Reply #1 on: July 02, 2012, 02:21:12 PM »

That's just the debug output which is usually disabled for the public. However, to create valid HTML code for even that cases, open include/functions.inc.php, find
Code: [Select]
    echo "USER: ";
    echo $debug_underline;
    print_r($USER);
    echo $debug_separate;
    echo "USER DATA:";
    echo $debug_underline;
    print_r($USER_DATA);
    echo $debug_separate;
    echo "Queries:";
    echo $debug_underline;
    print_r($queries);
    echo $debug_separate;
    echo "GET :";
    echo $debug_underline;
    print_r($superCage->get->_source);
    echo $debug_separate;
    echo "POST :";
    echo $debug_underline;
    print_r($superCage->post->_source);
    echo $debug_separate;
    echo "COOKIE :";
    echo $debug_underline;
    print_r($superCage->cookie->_source);
    echo $debug_separate;

    if ($superCage->cookie->keyExists('PHPSESSID')) {
        echo "SESSION :";
        echo $debug_underline;
        if(!isset($_SESSION)){
            session_id($superCage->cookie->getAlnum('PHPSESSID'));
            session_start();
        }
        print_r($_SESSION);
        echo $debug_separate;
    }
and replace with
Code: [Select]
    echo "USER: ";
    echo $debug_underline;
    echo htmlentities(print_r($USER, true));
    echo $debug_separate;
    echo "USER DATA:";
    echo $debug_underline;
    echo htmlentities(print_r($USER_DATA, true));
    echo $debug_separate;
    echo "Queries:";
    echo $debug_underline;
    echo htmlentities(print_r($queries, true));
    echo $debug_separate;
    echo "GET :";
    echo $debug_underline;
    echo htmlentities(print_r($superCage->get->_source, true));
    echo $debug_separate;
    echo "POST :";
    echo $debug_underline;
    echo htmlentities(print_r($superCage->post->_source, true));
    echo $debug_separate;
    echo "COOKIE :";
    echo $debug_underline;
    echo htmlentities(print_r($superCage->cookie->_source, true));
    echo $debug_separate;

    if ($superCage->cookie->keyExists('PHPSESSID')) {
        echo "SESSION :";
        echo $debug_underline;
        if(!isset($_SESSION)){
            session_id($superCage->cookie->getAlnum('PHPSESSID'));
            session_start();
        }
        echo htmlentities(print_r($_SESSION, true));
        echo $debug_separate;
    }

Please report the results. I haven't checked for any side-effects yet.
Logged

flapane

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: it
  • Offline Offline
  • Gender: Male
  • Posts: 249
    • Flavio's page
Re: w3c validation for "<"
« Reply #2 on: July 02, 2012, 06:24:45 PM »

Fixed, thanks. The error disappeared and the debug panel keeps working.
I guess it might be included in the next release.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15268
Re: w3c validation for "<"
« Reply #3 on: July 04, 2012, 10:54:03 AM »

Committed change in SVN revision 8457.
Logged
Pages: [1]   Go Up
 

Page created in 0.072 seconds with 20 queries.