From 121d52f04b643e0476cab3397c39d557288b7b39 Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Mon, 9 May 2005 12:59:16 +0000 Subject: [PATCH] backports --- docs/NEWS | 14 ++++++++++++++ include/functions.inc.php | 4 ++-- include/tpl/config_local.inc.php | 2 +- index.php | 14 ++++++++++++++ serendipity_config.inc.php | 8 +++++++- 5 files changed, 38 insertions(+), 4 deletions(-) diff --git a/docs/NEWS b/docs/NEWS index b482f04..844374e 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -3,8 +3,17 @@ Version 0.8.1 () ------------------------------------------------------------------------ + * Fix possible XSS when using the templatedropdown or shoutbox + plugins (garvinhicking) + + * Fix pagination of "Entries by Author" (garvinhicking) + * Fix RSS 1.0 missing top-level namespace (garvinhicking) + * Deactivated gzip compression by default, as in certain server + setups it creates problem with double-encoding or missing + ob_gzhandlers. (garvinhicking) + * Allow the serendipity_event_trackback additional trackbacks plugin to send trackbacks even if your entry did not contain at least one link. Also fix not sending trackbacks containing "#" fragments @@ -13,6 +22,11 @@ Version 0.8.1 () * Do not display Sidebar titles if they are not set for the bundled default, kubrick and wp templates (sidebar.tpl) (garvinhicking) + * Fix error "Warning: ob_start(): output handler 'ob_gzhandler' + cannot be used after 'URL-Rewriter'" which can occur on installations + where session.use_trans_sid is activated and Serendipity's gzip + compression is used. (garvinhicking) + * Adjusted checking for "convert" binary in installation for Windows servers. Thanks to BobRock! (garvinhicking) diff --git a/include/functions.inc.php b/include/functions.inc.php index 30c270e..7778358 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -24,7 +24,7 @@ function serendipity_truncateString($s, $len) { function serendipity_gzCompression() { global $serendipity; - if (isset($serendipity['useGzip']) && serendipity_db_bool($serendipity['useGzip']) && function_exists('ob_gzhandler') && extension_loaded('zlib') && serendipity_ini_bool(ini_get('zlib.output_compression')) == false) { + if (isset($serendipity['useGzip']) && serendipity_db_bool($serendipity['useGzip']) && function_exists('ob_gzhandler') && extension_loaded('zlib') && serendipity_ini_bool(ini_get('zlib.output_compression')) == false && serendipity_ini_bool(ini_get('session.use_trans_sid')) == false) { ob_start("ob_gzhandler"); } } @@ -657,7 +657,7 @@ function serendipity_currentURL() { $url = $serendipity['serendipityHTTPPath'] . $serendipity['indexFile'] . '?' . $uri['path'] . $qst; $url = str_replace($serendipity['indexFile'] . '&', '', $url); // Kill possible looped repitions which could occur - return $url; + return strip_tags($url); } function serendipity_getUriArguments($uri, $wildcard = false) { diff --git a/include/tpl/config_local.inc.php b/include/tpl/config_local.inc.php index b10878f..2e90fa6 100644 --- a/include/tpl/config_local.inc.php +++ b/include/tpl/config_local.inc.php @@ -200,7 +200,7 @@ 'title' => INSTALL_USEGZIP, 'description' => INSTALL_USEGZIP_DESC, 'type' => 'bool', - 'default' => true), + 'default' => false), array('var' => 'wysiwyg', 'title' => INSTALL_WYSIWYG, diff --git a/index.php b/index.php index 7aba637..fd98224 100644 --- a/index.php +++ b/index.php @@ -237,6 +237,20 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range include_once(S9Y_INCLUDE_PATH . 'include/genpage.inc.php'); } else if (preg_match(PAT_AUTHORS, $uri, $matches)) { + $_args = $serendipity['uriArguments']; + + /* Attempt to locate hidden variables within the URI */ + foreach ($_args as $k => $v){ + if ($v == PATH_AUTHORS) { + continue; + } + if ($v{0} == 'P') { /* Page */ + $serendipity['GET']['page'] = substr($v, 1); + unset($_args[$k]); + unset($serendipity['uriArguments'][$k]); + } + } + $serendipity['GET']['viewAuthor'] = $matches[1]; $serendipity['GET']['action'] = 'read'; diff --git a/serendipity_config.inc.php b/serendipity_config.inc.php index 22300e9..de89b66 100644 --- a/serendipity_config.inc.php +++ b/serendipity_config.inc.php @@ -221,6 +221,12 @@ if (isset($_SESSION['serendipityAuthorid'])) { serendipity_load_configuration($_SESSION['serendipityAuthorid']); } +// Try to fix some path settings. It seems common users have this setting wrong +// when s9y is installed into the root directory, especially 0.7.1 upgrade users. +if (empty($serendipity['serendipityHTTPPath'])) { + $serendipity['serendipityHTTPPath'] = '/'; +} + /* * Load main language file again, because now we have the preferred language */ @@ -255,7 +261,7 @@ $serendipity['permissionLevels'] = array(USERLEVEL_EDITOR => USERLEVEL_EDITOR_DE if ( (isset($serendipity['autodetect_baseURL']) && serendipity_db_bool($serendipity['autodetect_baseURL'])) || (isset($serendipity['embed']) && serendipity_db_bool($serendipity['embed'])) ) { - $serendipity['baseURL'] = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . $serendipity['serendipityHTTPPath']; + $serendipity['baseURL'] = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : '') . $serendipity['serendipityHTTPPath']; } /* -- 2.39.5