Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: w3c validation for "<"  (Read 9716 times)

0 Members and 1 Guest are viewing this topic.

flapane

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 251
    • Flavio's page
w3c validation for "<"
« on: June 15, 2012, 05:42:27 pm »

While waiting to solve the resizing thing using Imagemagik, I noticed that there are a few errors which involve the sql char "<".

Quote
Line 717, Column 65: character "<" is the first character of a delimiter but occurred as data

[2] => DELETE FROM `flapanec_db`.cpg132_sessions WHERE time < 1339770630 AND remember = 0 [bridge/coppermine.inc.php:247] (0 ms)

This message may appear in several cases:

    You tried to include the "<" character in your page: you should escape it as "&lt;"
    You used an unescaped ampersand "&": this may be valid in some contexts, but it is recommended to use "&amp;", which is always safe.
    Another possibility is that you forgot to close quotes in a previous tag.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: w3c validation for "<"
« Reply #1 on: July 02, 2012, 02:21:12 pm »

That's just the debug output which is usually disabled for the public. However, to create valid HTML code for even that cases, open include/functions.inc.php, find
Code: [Select]
    echo "USER: ";
    echo $debug_underline;
    print_r($USER);
    echo $debug_separate;
    echo "USER DATA:";
    echo $debug_underline;
    print_r($USER_DATA);
    echo $debug_separate;
    echo "Queries:";
    echo $debug_underline;
    print_r($queries);
    echo $debug_separate;
    echo "GET :";
    echo $debug_underline;
    print_r($superCage->get->_source);
    echo $debug_separate;
    echo "POST :";
    echo $debug_underline;
    print_r($superCage->post->_source);
    echo $debug_separate;
    echo "COOKIE :";
    echo $debug_underline;
    print_r($superCage->cookie->_source);
    echo $debug_separate;

    if ($superCage->cookie->keyExists('PHPSESSID')) {
        echo "SESSION :";
        echo $debug_underline;
        if(!isset($_SESSION)){
            session_id($superCage->cookie->getAlnum('PHPSESSID'));
            session_start();
        }
        print_r($_SESSION);
        echo $debug_separate;
    }
and replace with
Code: [Select]
    echo "USER: ";
    echo $debug_underline;
    echo htmlentities(print_r($USER, true));
    echo $debug_separate;
    echo "USER DATA:";
    echo $debug_underline;
    echo htmlentities(print_r($USER_DATA, true));
    echo $debug_separate;
    echo "Queries:";
    echo $debug_underline;
    echo htmlentities(print_r($queries, true));
    echo $debug_separate;
    echo "GET :";
    echo $debug_underline;
    echo htmlentities(print_r($superCage->get->_source, true));
    echo $debug_separate;
    echo "POST :";
    echo $debug_underline;
    echo htmlentities(print_r($superCage->post->_source, true));
    echo $debug_separate;
    echo "COOKIE :";
    echo $debug_underline;
    echo htmlentities(print_r($superCage->cookie->_source, true));
    echo $debug_separate;

    if ($superCage->cookie->keyExists('PHPSESSID')) {
        echo "SESSION :";
        echo $debug_underline;
        if(!isset($_SESSION)){
            session_id($superCage->cookie->getAlnum('PHPSESSID'));
            session_start();
        }
        echo htmlentities(print_r($_SESSION, true));
        echo $debug_separate;
    }

Please report the results. I haven't checked for any side-effects yet.
Logged

flapane

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 251
    • Flavio's page
Re: w3c validation for "<"
« Reply #2 on: July 02, 2012, 06:24:45 pm »

Fixed, thanks. The error disappeared and the debug panel keeps working.
I guess it might be included in the next release.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: w3c validation for "<"
« Reply #3 on: July 04, 2012, 10:54:03 am »

Committed change in SVN revision 8457.
Logged
Pages: [1]   Go Up
 

Page created in 0.03 seconds with 19 queries.