Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Feedback for the Textpattern 4.4.0 release
updates went smoothly for me so far, so thx for that!
i do have a question about the new htaccess in /files though:
# Inhibit directory listing
Options -Indexesmhm, i use +Indexes and fancy indexing sometimes in /files … shouldn’t i?
but the second directive is much more difficult:
# Inhibit direct file downloads
RedirectMatch 403 .*i use direct links to files on a regular basis. there is no other way sometimes, e.g. when you want to stream MP3s or video. in which circumstances might i end up with a vulnerable site?
cheers, -f
Offline
Re: Feedback for the Textpattern 4.4.0 release
funtoosh wrote:
i use direct links to files on a regular basis. there is no other way sometimes, e.g. when you want to stream MP3s or video. in which circumstances might i end up with a vulnerable site?
I think that’s why Robert renamed the .htaccess file to .htaccess-dist, so that it wouldn’t break sites that depend on direct download links. [Based on this thread and the versioning check-in comments]
I’ve run podcast sites pretty well using only Textpattern’s download links and link tags, so blocking direct downloads is no problem for me.
Offline
Re: Feedback for the Textpattern 4.4.0 release
john, thx for pointing me in the right drection, hadn’t seen that thread. will go to sleep untroubled now ;-}
Offline
Re: Feedback for the Textpattern 4.4.0 release
merz1 wrote:
No big deal but why did the preview url change?
The old preview method had security implications.
Offline
Re: Feedback for the Textpattern 4.4.0 release
Thanks Robert, only one minor point which comes to my mind:
Bloke Stef, as the new preview URL still shows the article ID … Are those security implications maybe still valid for your short url plug-in?
Get all online mentions of Textpattern via OPML subscription: TXP Info Sources: Textpattern RSS feeds as dynamic OPML
Offline
Re: Feedback for the Textpattern 4.4.0 release
gomedia wrote:
Is there any advice on whether we need to do anything with the newly added (but commented-out) line in .htaccess:
#ErrorDocument 403 default
johnstephens wrote:
I’ve upgraded a bunch of sites without uncommenting this line. What is it that this does, exactly?
Aha! Apologies for polluting this thread with a question Google was able to resolve. I found the answer here.
Offline
#91 2011-04-10 11:57:49
- ax
- Plugin Author
- From: Germany
- Registered: 2009-08-19
- Posts: 165
Re: Feedback for the Textpattern 4.4.0 release
Textile may not be the latest version
Offline
Re: Feedback for the Textpattern 4.4.0 release
merz1 wrote:
Are those security implications maybe still valid for your short url plug-in?
Not as far as I can tell. You can’t short URL to a non-live (or non-sticky) article. Unless I’ve missed something?
Last edited by Bloke (2011-04-10 19:14:04)
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Online
Re: Feedback for the Textpattern 4.4.0 release
I am getting a Fatal error: Call to undefined function strftime() error on a 4.0.4 TXP install suddenly. Any ideas where this is called and why the error might appear?
Also get Fatal error: Call to undefined function strftime() on the Users tab while the Prefs tab does not display anything underneath the DST enabled setting. Nothing changed on the web host side (apparently) so trying to track this down.
Offline
Re: Feedback for the Textpattern 4.4.0 release
4.0.4 or 4.4.0? Please post full diagnostics.
Offline
Re: Feedback for the Textpattern 4.4.0 release
Hi Ruud, yes sorry it was 4.4.0. The site is live and not operational by myself, I am just helping out. The owner says they didn’t do anything and the web host says the same, but suddenly the site is down with that error message.
I can’t see diagnostics – only Fatal error: Call to undefined function gmstrftime() in /home/site/public_html/textpattern/include/txp_diag.php on line 480. To be exact, the pre-flight check works and returns:
The following PHP functions (which may be necessary to run Textpattern) are disabled on your server: proc_close, proc_get_status, proc_terminate, myshellexec, shell, system_exec, posix_getpwuid, posix_getgrgid, posix_kill, ssh2_exec, pcntl_exec, ini_restoreThen the error message above and nothing else. Prefs tab returns data up to DST enabled? and nothing more.
Front page of the site returns the error Fatal error: Call to undefined function strftime() in /home/site/public_html/textpattern/lib/txplib_misc.php on line 1375
Not seen this before. Tried replacing the PHP files noted but that did not work.
Offline
Re: Feedback for the Textpattern 4.4.0 release
Upload a file called test.php with these contents:
<?php
setlocale(LC_TIME, 'en_US');
echo strftime("%b %d %Y %H:%M:%S", mktime(20, 0, 0, 12, 31, 98)) . "\n";
echo gmstrftime("%b %d %Y %H:%M:%S", mktime(20, 0, 0, 12, 31, 98)) . "\n";
?>If that doesn’t show 2 dates, you contact the webhost.
Offline