Author |
Message |
Coldy
Hangin' Around
Joined: Apr 24, 2004
Posts: 48
Location: Austria
|
Posted:
Sat Aug 15, 2020 8:31 am |
|
Hello,
I've found two bugs in the current Raven version.
In the mainfile there are curly braces in lines 1741 and 1743 (function encode_mail), which are no longer supported under PHP 7.4.
I noticed this through a content encoding error during a new test-installation.
And the reviews have an error with the character output in function alpha.
Numbers are displayed here instead of letters.
The
Code:foreach ($alphabet as $ltr => $value) {
|
should be replaced by:
Code:foreach ($alphabet as $ltr) {
|
Coldy |
|
|
|
|
neralex
Site Admin
Joined: Aug 22, 2007
Posts: 1774
|
Posted:
Sun Aug 16, 2020 1:17 am |
|
Hey Coldy,
thank you - just added to the github-repo!
Reviews: [ Only registered users can see links on this board! Get registered or login! ]
mainfile: [ Only registered users can see links on this board! Get registered or login! ]
Danke, Cheers! |
_________________ Github: RavenNuke |
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6433
|
Posted:
Sun Aug 23, 2020 2:09 pm |
|
Hi neralex, I'm *finally* ready for some php 7.x testing. Which version is most stable with RN? Should I just use 7.4 to get performance improvements or should I expect more issues with 7.4? |
_________________ I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG |
|
|
|
neralex
|
Posted:
Mon Aug 24, 2020 12:03 pm |
|
Hi Kevin, stable for RN25x is php 7.3.x but I guess there are more issues with php 7.4.x as known. The goal is to get it ready for 7.4
I'm struggling currently with a big SQL-issue with specialchars based on the db-collation after switching from a mysql-serrver to maria-db, which is used since more than a year in debian and other known linux-distributions. This issue is also present here on this RPS. For example german specialchars (umlauts) in forum-posts are stored as ? in the database and I guess this is based on the collations of old db-table-fields after different imports back in the days. With a new installation it works fine but each imported database fails on the forums-posts like this: [ Only registered users can see links on this board! Get registered or login! ] |
|
|
|
|
kguske
|
Posted:
Mon Aug 24, 2020 12:34 pm |
|
I found the same issue when I imported to a test MariaDB on XAMPP from a production MySQL. |
|
|
|
|
kguske
|
Posted:
Mon Aug 24, 2020 12:54 pm |
|
After testing a few custom modules, it's working pretty well so far. Looking at some simple mods to enable a responsive theme... |
|
|
|
|
Coldy
|
Posted:
Tue Aug 25, 2020 3:08 am |
|
The changes between 7.3 and 7.4 (current 7.4.9) are manageable.
But I can't tell how far the Ravennuke core is concerned. |
|
|
|
|
papamike
Theme Guru
Joined: Jan 11, 2006
Posts: 170
|
Posted:
Mon Aug 31, 2020 6:21 pm |
|
Hi Kguske (Kevin), I have edited most of the mods and have responsive themes over at [ Only registered users can see links on this board! Get registered or login! ] |
|
|
|
|
neralex
|
Posted:
Thu Nov 05, 2020 2:02 pm |
|
I found some issues while testing PHP 7.4.12:
mainfile.php: Trying to access array offset on value of type null
[ Only registered users can see links on this board! Get registered or login! ]
modules/Your_Account/includes/ui-l10bbforums.php: Trying to access array offset on value of type null
[ Only registered users can see links on this board! Get registered or login! ]
modules/Your_Account/includes/ui-0headlines.php: Array and string offset access syntax with curly braces is deprecated
[ Only registered users can see links on this board! Get registered or login! ]
modules/Your_Account/public/userinfo.php: Trying to access array offset on value of type null
[ Only registered users can see links on this board! Get registered or login! ]
includes/SimplePie/idn/idna_convert.class.php: Array and string offset access syntax with curly braces is deprecated
[ Only registered users can see links on this board! Get registered or login! ]
The master-branch on Github is updated! The changes are working also with prior versions of php7.
Can someone please re-test the changes with a own local test environment like XAMPP or WAMP? |
|
|
|
|
Doulos
Life Cycles Becoming CPU Cycles
Joined: Jun 06, 2005
Posts: 732
|
Posted:
Sat Feb 27, 2021 2:39 pm |
|
Has the insert image function been disabled?
[imgleft]https:doulos.us/test/cl.jpg[/imgleft]
[imgright]https:doulos.us/test/cl.jpg[/imgright]
[img]https:doulos.us/test/cl.jpg[/img]
(edited)
|
|
|
|
|
neralex
|
Posted:
Mon Mar 01, 2021 12:48 pm |
|
Nope! You missed the double-slash after the double-point in your URLs. |
|
|
|
|
Doulos
|
Posted:
Mon Mar 01, 2021 6:31 pm |
|
I can't believe I did that. Thanks. |
|
|
|
|
kguske
|
Posted:
Sun Mar 07, 2021 8:52 am |
|
I'm getting ready to replace it, but on php 5.4, this happens:
PHP Parse error: syntax error, unexpected T_FUNCTION in modules/Forums/viewtopic.php on line 1289, which is
function ($m1) use ($orig_word, $replacement_word)
in the code below:
Code: //
// Replace naughty words
//
if (count($orig_word)) {
$post_subject = preg_replace($orig_word, $replacement_word, $post_subject);
if ($user_sig != '') {
$user_sig = preg_replace_callback(
'#(?!<.*)(?<!\w)([A-Za-z0-9_-]+)(?!\w|[^<>]*>)#i',
function ($m1) use ($orig_word, $replacement_word) {
return preg_replace($orig_word, $replacement_word, $m1[1]);
},
$user_sig
);
}
$message = preg_replace_callback(
'#(?!<.*)(?<!\w)([A-Za-z0-9_-]+)(?!\w|[^<>]*>)#i',
function ($m2) use ($orig_word, $replacement_word) {
return preg_replace($orig_word, $replacement_word, $m2[1]);
},
$message
);
}
|
Is this an issue with 5.4? |
|
|
|
|
neralex
|
Posted:
Sun Mar 07, 2021 9:43 am |
|
kguske, yes there were some issues with the e-modifier in the preg_replace function in php 7x. Here you can find the related commit: [ Only registered users can see links on this board! Get registered or login! ] and here you can find some explanations: [ Only registered users can see links on this board! Get registered or login! ] | [ Only registered users can see links on this board! Get registered or login! ] |
|
|
|
|
kguske
|
Posted:
Sun Mar 07, 2021 10:25 am |
|
Changed to 7.3, and now all the modules are showing as not found. Very strange as I was able to change another domain without this issue. Have you seen that? |
|
|
|
|
kguske
|
Posted:
Sun Mar 07, 2021 10:34 am |
|
The module $name is getting cleared by check_html function:
$name = addslashes(check_html(trim($name), 'nohtml')); //Fixes SQL Injection
because I hadn't updated the kses.php file... |
|
|
|
|
neralex
|
Posted:
Sun Mar 07, 2021 12:16 pm |
|
I'm glad you were able to solve it. There are a lot of changed files to get it ready for php7. |
|
|
|
|
kguske
|
Posted:
Sun Mar 07, 2021 7:44 pm |
|
The nice thing about running multiple sites using the same software and a modified config file to connect the site's database is that you update all the sites at once.
The bad thing about this approach is that you find all the errors on all the sites (pretty quickly...).
Lots of undefined constants and ereg in the extra modules, blocks, etc...fun! |
|
|
|
|
kguske
|
Posted:
Tue Mar 09, 2021 8:25 am |
|
The News module uses the TCPDF class to support viewing a story in PDF format. The class in RN is very outdated, and displays errors under PHP 7.x. The class is actively maintained and has many updates specifically for PHP 7.
You can (and probably should) disable this in the News config, but that simply removes the link to the printpdf.php file. Bots and others can still access it, and so I removed that file from public access.
If others want to continue using this, we might consider updating the class. The last release was December 2020, but there have been php 7.4 updates after that release.
My recommendation: remove this capability and the associated class & files (classes/tcpdf) from RN.
Code:PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /classes/tcpdf/tcpdf.php on line 20655
PHP Warning: chr() expects parameter 1 to be int, string given in /classes/tcpdf/tcpdf.php on line 7179
|
|
|
|
|
|
neralex
|
Posted:
Tue Mar 09, 2021 1:25 pm |
|
Thanks for reporting this! Never noticed new issues with this class since the early php7-fixes. I updated the new class-files from the tcpdf-repo on Github after some local tests. Please re-download the package from the master-branch on Github, replace the whole folder: /classes/tcpdf and give it a try. I uploaded the new class-files also here on RPS. |
|
|
|
|
kguske
|
Posted:
Fri Mar 19, 2021 6:30 am |
|
Seeing a few warnings from nukesentinel.php on this line (479):
Code: if (isset($name) && !preg_match('/^name=' . $name . '/i', $pg) && stristr($nsnst_const['script_name'], 'modules.php')) { $mod_check = 1; }
|
The errors are:
Code:PHP Warning: preg_match(): Unknown modifier 'n' in /includes/nukesentinel.php on line 479
PHP Warning: preg_match(): Unknown modifier 'd' in /includes/nukesentinel.php on line 479
PHP Warning: preg_match(): Unknown modifier 't' in /includes/nukesentinel.php on line 479
PHP Warning: preg_match(): Compilation failed: unmatched closing parenthesis at offset 11 in /public_html/includes/nukesentinel.php on line 479
|
Looks like the invalid modifier is in the $name variable. Maybe we should use a cleaned value of $name, and assume it's a script attack if $name doesn't match the cleaned version? I have a few modules with _ in the name (e.g. Your_Account) and one with - (PHP-Nuke_HOWTO) but the values after these characters don't correspond to some of the unknown modifiers identified above (d, t), so I assume these are resulting from attacks.
Stripping out the characters below from the $name value would also prevent the compilation warning.
Code:[
]
^
$
\
.
(
)
?
*
+
{
}
,
|
Thoughts? |
|
|
|
|
neralex
|
Posted:
Sat Mar 20, 2021 1:44 am |
|
Something like this?
php Code:$name = 'Your_Account';
$bad_string = '_[-k ]^g$u\s.(k)? *e+/{},';
$name = $name.$bad_string;
function clean_string($string) {
// Remove all characters except A-Z, a-z, 0-9, dots, hyphens and spaces
return preg_replace('/[^A-Za-z0-9\-_]/', '', $string);
}
echo '<p>'. clean_string($name) . '</p>';
|
Result: Your_Account_-kguske |
|
|
|
|
kguske
|
Posted:
Sat Mar 20, 2021 7:35 am |
|
Nice! I'll give that a try and see how it works.
We might want to call it function preg_clean_string to avoid possible conflicts with other functions with a different purpose. But if it's only in the nukesentinel.php file, that shouldn't be a problem. |
|
|
|
|
hicuxunicorniobestbuildpc
The Mouse Is Extension Of Arm
Joined: Aug 13, 2009
Posts: 1123
|
Posted:
Fri Mar 26, 2021 5:53 am |
|
Yes but we got 3 lines with the same code.
3x Code:if (isset($name) && !preg_match('/^name=' . $name . '/i', $pg) && stristr($nsnst_const['script_name'], 'modules.php')) { $mod_check = 1; }
|
|
|
|
|
|
neralex
|
Posted:
Wed May 05, 2021 12:02 pm |
|
FYI: just switched RPS to php 7.4.x, works like a charm! |
|
|
|
|
|