WB 2.11.0: Issueshttps://project.websitebaker.org/https://project.websitebaker.org/favicon.ico?16699092072017-09-20T11:24:05ZTracking
Redmine Error #58 (Done): Upgrade failes whem template directory is same as module or language directoryhttps://project.websitebaker.org/issues/582017-09-20T11:24:05ZRuudwb@allwww.nl
<p><strong>When doing upgrades...</strong></p>
<p>The install_struct.sql will rebuild the addons table, but it uses a unique constraint on the 'directory' column.<br />It is perfectly fine to have a module in a directory 'abc' and a template in a directory 'abc'.</p>
<p>The line:<br /><pre>
ALTER TABLE `{TABLE_PREFIX}addons` ADD UNIQUE `ident` ( `directory` );
</pre><br />will fail in this case, breaking the import of install_struct.sql.<br />Because of this other tables are not upgraded with this issue as result (failed upgrade): <a class="external" href="https://forum.websitebaker.org/index.php/topic,30477.msg212348.html#msg212348">https://forum.websitebaker.org/index.php/topic,30477.msg212348.html#msg212348</a></p>
<p>A unique index should be done on both fields `type` and `directory` to make it really unique.<br />Unfortunatly trying this solution generates the error:<br /><pre>
ALTER TABLE `addons` ADD UNIQUE INDEX `ident` (`type`, `directory`);
/* SQL error (1071): Specified key was too long; max key length is 1000 bytes */
</pre><br />Both fields are set to VARCHAR (255). Using utf8 these fields can have 765 bytes per field (using utf8mb4 > 1020 bytes)</p>
<p>The fix would be make the fields shorter ( VARCHAR (125) to enable future utfmb4 ) or not to create a unique index on this table.</p> Security #40 (Done): multiple attack vectors [reported by Marek Alaksa from citadelo]https://project.websitebaker.org/issues/402017-03-28T12:51:19ZAnonymous
<p>The 3rd component idna_convert (include/idna_convert/example.php) is vulnerable to Reflected Cross-site scripting because it fails to properly sanitize user-supplied input.</p>
<p><a class="external" href="http://www.citadelo.com/">http://www.citadelo.com/</a></p>
<p>(endusers also can delete the example.com. This file is needed only to fullfill the license by distributing.)</p> Error #37 (Done): rename file-name in page-seetings doesnt work correcthttps://project.websitebaker.org/issues/372017-03-16T17:28:53ZUwe
<p>if i rename the file-name in page-settings, not all subpages get the new file-name for the root-parent in database-field "link" in pages-table.<br />rebuild acceess-files builds then a new folder with the new-builded access-files and another folder with the original root-parent-name</p> Security #6 (Done): Update PHP Mailer to version 5.2.22https://project.websitebaker.org/issues/62017-02-12T21:20:14ZMatthiasinfo@familie-gallas.de
<p><a class="external" href="https://github.com/PHPMailer/PHPMailer">https://github.com/PHPMailer/PHPMailer</a></p>
<p>SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML() is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML() without a $basedir will not import images with relative URLs, and relative URLs containing .. will be ignored.</p>