Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2] 3   Go Down

Author Topic: MiniCMS for CPG1.5?  (Read 27412 times)

0 Members and 2 Guests are viewing this topic.

halnat

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 25
Re: MiniCMS for CPG1.5?
« Reply #20 on: December 26, 2009, 02:15:32 pm »

28 files in the minimcms folder that contain the strings $_GET, $_POST or $_SERVER. Just a lot of work to "inspektify"... ;)

Read http://documentation.coppermine-gallery.net/en/dev_superglobals.htm for details in case you're ready to do the job.

I have a version up and running that installs and can display existing content. It needs more work to be able to create new content... anybody else working on this?
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15760
Re: MiniCMS for CPG1.5?
« Reply #21 on: December 26, 2009, 02:25:31 pm »

I have a version up and running that installs and can display existing content. It needs more work to be able to create new content... anybody else working on this?
Please attach that version. Thank you.
Logged

halnat

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 25
Re: MiniCMS for CPG1.5?
« Reply #22 on: December 26, 2009, 11:23:11 pm »

Here comes....

This is an early mock-up port to 1.5.2. There are a number of things that do not work. In fact, there are only two things that I have been able to do with it: I was able to install it as a plug in, and it did display the content that I created in cpg 1.4.x. Creating content is not really possible, as all space characters get filtered away. Everythingbecomesonelargeword.

It may not be as cooperative with anyone else - and please understand that I do not provide support for this version of the port. However, anyone who like to play with fire or would like to contribute to the port is welcome to a test drive  ;)

Maybe someone could help load it up to svn - I'm not familiar with that.

The file was too large to be attached. It can be downloaded from http://www.natvik.com/bfdoc/minicms.zip
Logged

football-pics.com

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 27
Re: MiniCMS for CPG1.5?
« Reply #23 on: June 02, 2010, 03:18:21 pm »

No news on a MiniCMS?

A plugin that could show the latest 10 galleries as links (link name = album title) could also help me out
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: MiniCMS for CPG1.5?
« Reply #24 on: June 02, 2010, 05:43:02 pm »

Respect board rules if you want answers - I already told you so:
Not a valid support request (board rules).
Logged

Ludo

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 706
    • E+GiElle
Re: MiniCMS for CPG1.5?
« Reply #25 on: June 12, 2010, 10:57:27 am »

This is an early mock-up port to 1.5.2. There are a number of things that do not work. In fact, there are only two things that I have been able to do with it: I was able to install it as a plug in, and it did display the content that I created in cpg 1.4.x. Creating content is not really possible, as all space characters get filtered away. Everythingbecomesonelargeword.
Finally I took halnat's work over, and it seems I made it out to get MiniCMS work properly on 1.5.6, by simply replacing Inspekt's getAlnum method with getRaw (disapproved, I know, but still the only way I found to make it work). There are still some minor issues, but I'm confident to fix them soon.
« Last Edit: June 12, 2010, 11:03:13 am by Ludo »
Logged

football-pics.com

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 27
Re: MiniCMS for CPG1.5?
« Reply #26 on: June 12, 2010, 12:12:59 pm »

great news... thanks. When will it be available?
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15760
Re: MiniCMS for CPG1.5?
« Reply #27 on: June 12, 2010, 01:30:21 pm »

Instead using getAlNum or getRaw, we should us getMatched allowing alphanumeric characters, number and some other digits like whitespace and punctuation marks, or validate the input after using getRaw.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: MiniCMS for CPG1.5?
« Reply #28 on: June 12, 2010, 05:53:06 pm »

As Αndré suggested you're allowed to use getRaw if you sanitize the data afterwards really thoroughly.
Logged

Ludo

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 706
    • E+GiElle
Re: MiniCMS for CPG1.5?
« Reply #29 on: June 14, 2010, 03:41:48 pm »

Instead using getAlNum or getRaw, we should us getMatched allowing alphanumeric characters, number and some other digits like whitespace and punctuation marks, or validate the input after using getRaw.
Speaking about FCKEditor output, isn't it already sanitized enough by the editor itself?
Logged

Ludo

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 706
    • E+GiElle
Re: MiniCMS for CPG1.5?
« Reply #30 on: June 14, 2010, 03:44:21 pm »

great news... thanks. When will it be available?
You'd better subscribe this topic  ;D
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: MiniCMS for CPG1.5?
« Reply #31 on: June 15, 2010, 07:42:26 am »

Speaking about FCKEditor output, isn't it already sanitized enough by the editor itself?
I have no idea, sorry.
Logged

schnurzeltier

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: MiniCMS for CPG1.5?
« Reply #32 on: June 21, 2010, 03:18:19 pm »

great news... thanks. When will it be available?

Hi there, some new's about this?
Greetings
Bernd
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: MiniCMS for CPG1.5?
« Reply #33 on: June 21, 2010, 03:51:41 pm »

No. There's absolutely no sense in replying to this thread asking for updates. As far as I can see nobody is working on this. If you want it badly, start working on it. Do as suggested per board rules in the future and post a link to your gallery.
Logged

Ludo

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 706
    • E+GiElle
Re: MiniCMS for CPG1.5?
« Reply #34 on: June 22, 2010, 09:07:30 am »

As far as I can see nobody is working on this.

Finally I took halnat's work over, and it seems I made it out to get MiniCMS work properly on 1.5.6, by simply replacing Inspekt's getAlnum method with getRaw (disapproved, I know, but still the only way I found to make it work). There are still some minor issues, but I'm confident to fix them soon.
« Last Edit: June 22, 2010, 09:14:53 am by Ludo »
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15760
Re: MiniCMS for CPG1.5?
« Reply #35 on: June 22, 2010, 12:25:29 pm »

Where do we find your work, Ludo?
Logged

Ludo

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 706
    • E+GiElle
Re: MiniCMS for CPG1.5?
« Reply #36 on: June 23, 2010, 10:26:04 am »

On my pendrive, so far :P
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: MiniCMS for CPG1.5?
« Reply #37 on: August 12, 2010, 07:25:20 am »

If it is so hard to port this plugin because of the many places where you have to sanitize user inout, maybe you should circumvent the issues that using Inspekt imposes on coders in the first place. This will of course ruin the additional level of security and will make the code less well-designed, but for a port that big you might want to use the approach that extrabigmehdi used in his Joomla bridge for cpg1.5.x:
Concerning the code used in my bridge, I guess I'm not respecting the "spirit" of the  "Inspekt package" . I  got to access directly to stored superglobals with "_source" property  (especially $COOKIE) before calling Joomla .
So basically what Mehdi does is re-globalize all input that Inspekt de-globalized in the first place. Not a nice thing to do and definitely not something that should be performed lightheartedly, but given the issues that exist for this particular plugin maybe the interessted porters should take a look at that approach.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15760
Re: MiniCMS for CPG1.5?
« Reply #38 on: November 08, 2010, 10:06:38 am »

I'll port MiniCMS now, as Ludo hasn't published his port.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15760
Re: MiniCMS for CPG1.5?
« Reply #39 on: November 08, 2010, 11:44:46 am »

Added halnat's version to the svn repository and applied several fixes.

As far I can judge it's currently possible to add, delete and move entries.
« Last Edit: November 08, 2010, 12:17:14 pm by Αndré »
Logged
Pages: 1 [2] 3   Go Up
 

Page created in 0.064 seconds with 20 queries.