modxcms / evolution Goto Github PK

Line 13 of weblogin.processor.inc.php selects wu.* without defining wu

$ds = $modx->db->select('wu.*', $modx->getFullTableName('web_users'), "wu.id='".$modx->db->escape($id)."'");

« Execution of a query to the database failed - Incorrect table name '' »
SQL > OPTIMIZE TABLE ``modx_database`.`modx_manager_log``

Probably do not need backticks in function optimize
https://github.com/modxcms/evolution/blob/master/manager/includes/extenders/dbapi.mysql.class.inc.php#L619

print_r($row);

Array
(
[id] => 1
[username] => slava-mir
[password] => 7d80ee3e8a2f168e3e407d3e7b953343
[cachepwd] =>
[fullname] =>
)

no variables:

$failedlogins = $row['failedlogincount'];
$blocked = $row['blocked'];
$blockeduntildate = $row['blockeduntil'];
$blockedafterdate = $row['blockedafter'];
$registeredsessionid = $row['sessionid'];
$role = $row['role'];
$lastlogin = $row['lastlogin'];
$nrlogins = $row['logincount'];
$email = $row['email'];

My idea is to add a function like [[FirstChildRedirect]] so the client can let a page redirect to the first child instead of adding an ID every time?

Checkbox on tab Page settings?

$_lang['plugin'] is used instead of $_lang['snippet'] to generate the message used when trying to rename an existing snippet to use the same name as another existing snippet.

I will soon submit a pull request to fix this.

Having got the Rich Text widget itself working (#162), output from it is always preceded by "undefined" in 1.0.12 and 1.0.13RC2. Not a problem with MODX 1.0.10. The difference in the HTML source is within the tinyMCE.init script:

1.0.12 version:

setup : function(ed)
    {
        ed.onPostProcess.add(function(ed, o)
             {
            // State get is set when contents is extracted from editor
            if (o.get)
            {
                        o.content = o.content.replace('<p>');
                        o.content = o.content.replace(/<p>\[([\[\!\~\^])/g, '[$1');
                        o.content = o.content.replace(/([\]\!\~\^])\]<\/p>/g, '$1]');
                   }
            });
    },

1.0.10 version:

setup : function(ed)
    {
       ed.onPostProcess.add(function(ed, o)
          {
             // State get is set when contents is extracted from editor
              if (o.get)
                {
                        o.content = o.content.replace('<p>{{', '{{');
                        o.content = o.content.replace('}}</p>', '}}');
                        o.content = o.content.replace(/<p>\[([\[\!\~\^])/g, '[$1');
                        o.content = o.content.replace(/([\]\!\~\^])\]<\/p>/g, '$1]');
                }
        });
    },

Same tiny_mce.init.js.inc file is being included in both cases. Looks as if something is eating a chunk of script following the first {{ markers.

Widget output is correct when double braces are represented by '{'+'{' etc.

Please update provided /assets/libs

resourse.php ( from https://github.com/AgelxNash/resourse )

When I upload an image with FCK-editor the spaces are not set to - and weird characters...

Héllo hi.jpg --> hello-hi.jpg

There is a fix.

I'm positive you can replace it for the file here: http://tinyurl.com/ccavaxc

manager/media/browser/mcpuk/connectors/php/Commands/FileUpload.php

Issue happens when strict URLS option is enabled and trying access homepage with GET params like this:
http://example.com/?gclid=243432
Also I have urls suffix set to "/" (not sure if this matters)
Explanation:
We have a function sendStrictURI at /manager/includes/document.parser.class.inc.php
The failure happens on line 1301:
if ($requestedURL != $this->config['site_url'])
Note, that $this->config['site_url'] doesn't include query params, while $requestedURL does, because
$requestedURL = "{$scheme}://{$http_host}" . $_SERVER['REQUEST_URI'];
So we have to check the requestedURL without query params I guess.
I have managed to fix this issue replacing at line 1301 this
if ($requestedURL != $this->config['site_url'])
with this
if ("{$scheme}://{$http_host}".$this->config['base_url'] != $this->config['site_url'])

This fix should be more elegant, so I'm not pushing a commit, but please take this bug in consideration. Thanks.

When I use the Rich Text widget for a Rich Text TV to produce an RTE box on the front end, it fails with a parse error (below). Same TV and test resource work OK with MODX 1.0.10 manager files.

Environment: Windows 7 Home Premium 64-bit; Apache 2.4.3; PHP 5.3.25

« MODX Parse Error »
MODX encountered the following error while attempting to parse the requested resource:
« PHP Parse Error »
PHP error debug
Error : array_key_exists(): The first argument should be either a string or an integer
ErrorType[num] : WARNING[2]
File : H:\gotest\manager\includes\document.parser.class.inc.php
Line : 884
Source : if (array_key_exists($matches[1][$i], $this->config))
Basic info
REQUEST_URI : /index.php?id=5
Resource : [5]test rte widget
Referer : http://gotest/manager/index.php?a=1&f=tree
User Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
IP : 192.168.1.19
Benchmarks
MySQL : 0.0220 s (6 Requests)
PHP : 0.0660 s
Total : 0.0880 s
Memory : 2.4157409667969 mb

Backtrace
1 DocumentParser->executeParser()
index.php on line 140
2 DocumentParser->prepareResponse()
manager/includes/document.parser.class.inc.php on line 1568
3 DocumentParser->parseDocumentSource()
manager/includes/document.parser.class.inc.php on line 1658
4 DocumentParser->mergeSettingsContent()
manager/includes/document.parser.class.inc.php on line 1442
5 array_key_exists()
manager/includes/document.parser.class.inc.php on line 884

Just a small thing I noticed,

If I'm correct, and uncheck the weblogin installation it still adds it to the chunks:

WebLoginSideBar

Also on installation when unchecking documentTags, mm_rules has:

// example of how PHP is allowed - check that a TV named documentTags exists before creating rule
if($modx->db->getValue("SELECT COUNT(id) FROM " . $modx->getFullTableName('site_tmplvars') . " WHERE name='documentTags'")) {
mm_widget_tags('documentTags',' '); // Give blog tag editing capabilities to the 'documentTags (3)' TV
}

Should only be:
mm_widget_showimagetvs(); or blanco.

The mm_rules category shouldn't be Js but Manager and Admin ?

FTP still adds modxhost container/map after unchecking on install.
/assets/templates/modxhost/

I have an e-shop on top of MODX - a lot of categories and subcategories - 5 levels deep.
After upgrading pages open veeeery slow or just blank. I have one Wayfinder call on page and when it's deleted - all is just fine. So it's because of Wayfinder. Then I set level=1 - all is just fine, then level=2 - a bit slower, then level=3 - damn slow... and when level=4 - it just dropped dead.

As I mentioned above, all was just fine when I used MODX 1.0.10 and there were no limit for level in Wayfinder-call - and it worked just fine - blazing fast. So I suggested something is broken. I switched back to 1.0.10 and it works well again.

End of report.

When TransAlias is set as lowercase it is still possible to upload uppercase image names.

Are there any plans to migrate MODx Evo to mysqli or PDO? I know that this may be a lot of work, but updating to MODx Revo is not really an option for me. For now I can just tell PHP to hide those messages, but this won't last forever.

« MODX Parse Error » MODX encountered the following error while attempting to parse the requested resource:
« Empty $from parameters in DBAPI::update(). »
Basic info
REQUEST_URI : http://local.modx1013rc3/manager/index.php
Manager action : 302 - Save Template Variable
Referer : http://local.modx1013rc3/manager/index.php?id=19&a=301
User Agent : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:27.0) Gecko/20100101 Firefox/27.0
IP : 127.0.0.1
Benchmarks
MySQL : 0,0013 s (2 Requests)
PHP : 0,0039 s
Total : 0,0052 s
Memory : 0,6793212890625 mb

Backtrace
1 include_once()
manager/index.php on line 885
2 DBAPI->update()
manager/processors/save_tmplvars.processor.php on line 128

Value of default template is ignored.
Fresh install modx 1.0.13 / bugfix (14-04-02)

On line 119:
https://github.com/modxcms/evolution/blob/v1.0.13/assets/snippets/weblogin/websignup.inc.php

should be not 'web_users', but 'web_user_attributes'

Some MM or other issue with using mm_rules and if($id == 1){
Nothing happens, when remove that line the tab is being created.

This happens in the newest developement Evo 1.0.13rc3 (works on older versions, prolly new MM buggy?) MM version 0.6.1b -> (allot of plugin system events stuff is changed)

if($id == 1){
mm_createTab('Banner', 'banner', '', '3', '', '650');
mm_moveFieldsToTab('banner', 'banner');
}

Hoping someone has seen this before & can point out a solution.

Recently a client site [evolution] had been hacked, we cleaned up the malicious files & updated to the latest evo. Never did find out how they got in. [a strange file with encoded string was added to /assets/site/charset10.php ]

Things went smoothly for a while, then they started getting spam form submission, scanned the site, found nothing, but the manager users could not log in any longer. Tried to change the manager password in the database manually and found:

The database user does not have permissions to alter any tables in the database!

no clue as to how that could happen, further, the main manager user's encrypted password was changed to: uncrypt>0878...3852

Any thoughts on this one?

$ds = $modx->db->select('wu.*', $modx->getFullTableName('web_users'), "wu.id='".$modx->db->escape($id)."'"); — not working

$ds = $modx->db->select('wu.*', $modx->getFullTableName('web_users')." wu", "wu.id='".$modx->db->escape($id)."'"); — ok

For all of the details please view the post in the forum here: http://forums.modx.com/thread/89529/possible-template-bug

System updated from 1.0.10 to 1.0.13.
When want to edit the document in manager - I've got this error in Chrome console:
Refused to set unsafe header "Connection"
and edit document area is blank.

Except if the date is in current month which happens to be January.

Example: pub_date = 31-01-2013 (dd-mm-yyyy)

Between 1.0.12 and 1.0.13, this file has had a select statement changed.

On line 201:
https://github.com/modxcms/evolution/blob/v1.0.12/assets/snippets/weblogin/weblogin.processor.inc.php

You can see the table wua only has one field selected, but on line 211 you will need the field internalKey.

And then on line 387, $log->initAndWriteLog will trigger an error because $_SESSION['webInternalKey'] is empty.

Line 201 needs to be updated to select wua.*.

Just updated to to Evo 1.0.12 and found that when you don't have TinyMCE set as your default editor AND you use the QM+ to edit a resource on the frontend, when the editor modal window loads, the CodeMirror [content] field does not refresh with the content markup.

Spend the better half of a day trying to figure this out and think that a solution would be to add the following code before the closing <script> tag in
/assets/plugins/codemirror/codemirror.plugin.php:

// refresh the code CodeMirror
jQuery(function() {
    myCodeMirror.refresh();
});

This essentially tells the codemirror element to refresh once the page is ready

I see the latest version at the moment of tinymce is 3.5.8 while it might give problems with ie11 and should be updated?!

http://tracker.modx.com/issues/10273

Is it possible to update to version TinyMCE 4 ( Version: 4.0.12) or is this a hell of a job?

IE11 is part of windows 8.1.
Using IE11 it does not allow view html source or inserting links in text.

There is an update to TinyMCE 3.5.9 released on 10th Oct 2013 that fixes these:
http://www.tinymce.com/download/download.php

case 1) use of transalias plugin for ressource alias - works as expected
case 2) same settings, config checked for use transalias plugin in fileuploads - result is different, not legal characters in filename are breaking phpthumb etc.

Viewing a ressource in frontend with use of minimal template gives parse error.
(No error with same ressource and use of MODxHost tpl).

Warning: array_merge(): Argument #2 is not an array in /Users/.../Sites/modx1013rc3/www/manager/includes/document.parser.class.inc.php on line 1433
« MODX Parse Error »
MODX encountered the following error while attempting to parse the requested resource:
« PHP Parse Error »
PHP error debug
Error : array_merge(): Argument #2 is not an array
ErrorType[num] : WARNING[2]
File : /Users/.../Sites/modx1013rc3/www/manager/includes/document.parser.class.inc.php
Line : 1433
Source : $documentObject= array_merge($documentObject, $tmplvars);
Basic info
REQUEST_URI : http://local.modx1013rc3/minimal-base.html
Resource : [1]
Referer : http://local.modx1013rc3/manager/index.php
User Agent : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:27.0) Gecko/20100101 Firefox/27.0
IP : 127.0.0.1
Benchmarks
MySQL : 0,0022 s (4 Requests)
PHP : 0,0039 s
Total : 0,0061 s
Memory : 0,93710708618164 mb

Backtrace
1 DocumentParser->executeParser()
index.php on line 144
2 DocumentParser->prepareResponse()
manager/includes/document.parser.class.inc.php on line 1597
3 DocumentParser->getDocumentObject()
manager/includes/document.parser.class.inc.php on line 1618
4 array_merge()
manager/includes/document.parser.class.inc.php on line 1433

Do you plan to move snippets, plugins, modules, core and other libs to outside of documentroot (as in Laravel)?

Планируется ли перенос сниппетов, плагинов, модулей, ядра и прочих библиотек за пределы documentroot (по аналогии с Laravel)?

Some idea;

Would like to have the possibility to add sections (line or dashed) in the document tree. This should be done with the subnav popup. Something like: "Add section dash"

Not valid HTML & CSS
Unnecessary chank - for example "foorer"
Unnecessary code in CSS

I am still receiving this notice when attempting to change a web user's email address on 1.0.12.

An error occurred while attempting to retrieve all users with email

The old tracker system shows that this issue was fixed in 1.0.11 but maybe it was reintroduced in 1.0.12?

Issue found here: http://tracker.modx.com/issues/9989

The site with the issues is updated from older versions, I synced the files twice, once with modification date and once with file size but the issue remains.

Try saving minimal template while no category is assigned:
alert1: "Es wurde keine Ressourcen ID in der Abfrage angegeben!"
followed by alert2: "A possible CSRF attempt was detected. No referer was provided by the server." and loads manager in right managerframe as parent.

Saving with assigned category works as expected.

I have installed evo 1.0.12 and 1.0.13 pre release just today on a server I normally don't work with. There are some header already send messages.

I have the idea it is a very secure server and trowing out messages because of deprecated (standard) plugins etc.

When I check console in Chrome:
event.returnValue is deprecated. Please use the standard event.preventDefault() instead.
(and a mootools error)

Found in:
/assets/plugins/tinymce/tiny_mce/tiny_mce.js
/assets/plugins/managermanager/js/jquery.min.map

I have no knowledge about this stuff but maybe some plugins need a check for deprecated code?

Could be I'm talking rubbish and this server really sucks

When use mm_rules to show a widget on a page like below:

if($content['parent'] == 8 || $id == 8) {
mm_widget_evogallery('5','Images','','3');
}

I see above the iframe some russian text: Управление изображениями
I don't know if this has to do with the module or hardcoded in MODX Evo.
Can't find it in the module files.

Also hardcoded:

Just 10 minutes ago installed (close befor official release of 1.0.13:)

Parse error: syntax error, unexpected '{' in /home/xxx/domains/xxx.org/public_html/assets/plugins/managermanager/mm.inc.php(178) : eval()'d code on line 4

In my install of Evo 1.0.12, sentences with a double column like this :: directly in the description or introtext fields do not show in the front end.
I am using these for meta description and keywords.
This may apply to all similar fields like pagetitle, longtitle etc.
Changing :: to : and it works so a single double column is accepted.

eg
in the backend description field...
we sell widgets :: big company
in the head template...
[[if? &is=[*description*]:!empty &then=<meta name="description" content="[*description*]" />]]
appears blank in the front end...

Anyone know how to fix?

Since the folder assets/cache/ is protected by .htaccess with deny all, there has to be a .htaccess allow all rule in assets/cache/images.

The snippet phpthumb should create this file if it does not exist since it writes the created thumbnails there by default.

Hello,

Just working with the DBAPI to create and close some addtional DB connections and I came across a bug.

Currently, the disconnect() method does not properly update the DBAPI properties $conn and $isConnected. This generates an error if you want to use the same instance of the DBAPI later on after closing the DB connection for a new connection to the same DB. For example:

$dbapi = new DBAPI('localhost', 'some_db', 'some_db_user', '0bfu$c@t3d-pw0rd');
$dbapi->connect();
// get some data;
$dbapi->disconnect();
// do something with the data, then reconnect to get different data
$dbapi->connect();
// MODX parse error!

The problem is ocurring because disconnect() isn't setting $conn to null and $isConnected to false, it's just closing the mysql connection. $conn remains a resource, but since the connection is closed, it can't be used again, but the code in the connect method works, because it is still a resource. Same goes for $isConnected, it remains true, so any code that tries to evaluate this, evaluates it in error.

Anyway, I propose a simple reset within the disconnect() method, change it from this:

function disconnect() {
    @ mysql_close($this->conn);
}

to this:

function disconnect() {
    @ mysql_close($this->conn);
    $this->conn = null;
    $this->isConnected = false;
}

This way everything ends nicely and the DBAPI object can be reused safely for subsequent connections.

Robots.txt add:
Disallow: /assets/packages/
Disallow: /assets/tvs/

1 more thing
When duplicate a resource:
Duplicate of Nameless page

Can "Duplicate of" also be added to transifex ?

As I see, MODxMailer sets additional parameters for iso-8859-1, utf-8 and japanese encodings. Maybe other encodings also need these additional parameters?
And what is $modx->config['mail_charset'] used in MODxMailer? There's no other references to this setting, so maybe it's supposed to be $modx->config['modx_charset']?

Why not default 100% ?

На мастерхосте тариф форсайт, с грустной периодичностью отваливается сайт по 503 ошибке, в логах:
[Fri Oct 04 10:29:28 2013] [warn] [client 149.126.19.74] IO limit exceeded (17), referer: http://www.sitename.ru/manager/index.php?a=1&f=menu
[Fri Oct 04 10:29:28 2013] [warn] [client 149.126.19.74] Resource limit exceeded, access to sitename is temporarily denied, referer: http://www.sitename.ru/manager/index.php?a=1&f=menu
на сайте небольшой каталог. более старые админки работают с в разы большими каталогами без ошибок на том же тарифе.
Может быть в менюшку чего добавили? или таки мои скрипты оптимизировать?)

I would really like to have the "Published" checkbox on the first Tab (General).

• Clients don't use that second tab that much
• It's much faster to publish a page

Dunno what others think about this?

Running 1.0.13 with renamed manager folder:

Undelete Resource command in right-click tree menu gives the following warnings (and still manages to undelete the resource):

Warning: Creating default object from empty value in /home/<usr>/<site>_html/<manager>/processors/undelete_content.processor.php on line 51

Warning: Cannot modify header information - headers already sent by (output started at /home/<usr>/<site>_html/<manager>/processors/undelete_content.processor.php:51) in
/home/<usr>/<site>_html/<manager>/processors/undelete_content.processor.php on line 90

Not working snippets WebLogin and WebSignup.

Предложение по системе кэширования основанной на $_GET

Мне кажется что лучше переде тем как писать в кэш, отсортировать $_GET массив, т.к. URL'ы

site.com/index.html?x=1&y=1
site.com/index.html?y=1&x=1

Закэшируются как два разных файла