Feedback to: Help us test the release candidate for the upcoming 4.0.7

wet · 2008-11-24 13:12:49

sthmtc wrote:

So could this be a bug? I never had any issues upgrading Textpattern in that particular environment.

No, but it could be a timing issue.

Bloke · 2008-11-24 13:15:05

wet wrote:

it requires percent-encoded filenames …which might impose a security risk.

That’s fair enough but I wonder if this will cause other problems. Like, if two entire-cyrillic filenames (except extension) are uploaded and they are both identical types (e.g. .doc) the second will overwrite the first — or error out, not sure which — because they will both try to write to the same file site.com/files/.doc.

Also, when serving a file via /file_download, can’t the ID be used to verify (or even get) the filename from the DB at download time? If the true sanitized filename is kept internal to the DB and not used to determine the actual file path to download, the one in the site.com/file_download/id/some-name-here is just for show; could that be displayed unescaped or is that ultra complicated? (I really don’t know).

The downside to only using the ID is of course that it’s easily guessable and anything could be written after the ID’s slash. But the same is true of the filename now (it can be fairly easily guessed if you have a rigid naming convention) so from that side of things it’s not secure.

When you say security risks do you mean someone could percent encode the equivalent of ../../../passwd as the filename to retrieve and TXP would go ahead and grab it, ignoring the ID and the database check? Just curious what the risk is: I’m not particularly well versed in this arena (sorry if I’m being thick / naive).

Last edited by Bloke (2008-11-24 13:38:11)

sirblackheart · 2008-11-24 13:19:34

My question is. Is it possible to write something like this:

<txp:article_custom id='<txp:glz_custom_field name="AutorenOderWerke" />'>
	<txp:title />
	<txp:body />
	<txp:article_custom id='<txp:glz_custom_field name="Werk" />'>
		<txp:body />
	</txp:article_custom>
</txp:article_custom>

I’m calling this in a single article view. It should get the first article id from the main article, and the second article id from the article called with the first id…
sorry for my bad english

wet · 2008-11-24 13:43:40

This is possible.

sirblackheart · 2008-11-24 13:48:55

wet schrieb:

This is possible.

.p Sorry, my error, forgott a / in on tag…
This is realy cool, i already love the new version of txp
Thx for this great cms platform

graeme · 2008-11-24 18:53:01

wet/sthmtc

I temporarily see the same load_order problem when updating a clean install of 4.0.6. The problem fixes itself when I next login into the admin interface – I guess this is when the update scripts are run.

jstubbs · 2008-11-24 18:54:21

Robert, I am seeing a small error after upgrading a live site from 4.06 to 4.07rc1. The /images folder was not touched when upgrading, but I notice that not all of the images are displayed in the Images tab, but they do exist in the /images folder.

For example, I have images up to #773 in the folder, but only up to #695 in the images tab. ?

johnstephens · 2008-11-24 19:09:25

I’m updating an installation that uses Kevin’s rebranding mod. What’s the best way to merge changes to Textpattern’s UI CSS file without losing the custom design?

zoltandragon · 2008-11-24 19:47:53

I don’t know how and why, but I had serious problem with the <txp:else /> tag: I use it in the <head> to output various kinds of descriptions when on different sections, and I have never had any problem with it until the upgrade (oh, yes, it is an upgrade from 4.0.6). Mysteriously, the problem causes the right sidebar and the footer (all that follows the main content) disappear… If I don’t have the tag on the page, everything works fine… Have you encountered any comparably strange behaviour?

maniqui · 2008-11-24 19:52:19

zoltandragon, could you post the original code (the working one on 4.0.6)? thanks

zoltandragon · 2008-11-24 20:01:17

Sorry, here it is:

<txp:if_individual_article>
<meta name="description" content="<txp:page_title /> / <txp:rss_auto_excerpt words="40" overrideexcerpt="1" striptags="1" showlinkwithexcerpt="0" stripbreakstabs="1" excerptwraptag="" ending="…" />" />
<meta name="keywords" content="<txp:keywords />" />
<txp:else />
<meta name="description" content="some content goes here" />
</txp:if_individual_article>

What I don’t quite understand is how it affects the layout… and throws tag parse errors concerning <txp:else /> (this is the only instance of the tag on the page)

ruud · 2008-11-24 21:45:48

Posting the resulting parse errors and the tag trace would help.

Textpattern CMS

Textpattern CMS support forum

#73 2008-11-24 13:12:49

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#74 2008-11-24 13:15:05

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#75 2008-11-24 13:19:34

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#76 2008-11-24 13:43:40

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#77 2008-11-24 13:48:55

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#78 2008-11-24 18:53:01

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#79 2008-11-24 18:54:21

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#80 2008-11-24 19:09:25

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#81 2008-11-24 19:47:53

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#82 2008-11-24 19:52:19

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#83 2008-11-24 20:01:17

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

#84 2008-11-24 21:45:48

Re: Feedback to: Help us test the release candidate for the upcoming 4.0.7

Board footer