Thank you, Robert for pointing this out, and thank you, Sheepcontrol for working on the fix.
I wanted to point out that the 2 lines of code that were previously added to the config.php file, and now are listed for the dbfuctions.php file:
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
May help with the SQL injection issue, but they throw off some of the site functionality. A member of my site emailed me to let me know that when she was trying to add a challenge, the site wouldn't save the characters she was trying to tie to the challenge. I checked, and she was correct. It looks like any input that comes from a box where multiple options can be chosen is being disregarded (for ex. in the advanced search it won't use selected classtypes to include/exclude).
UPDATE: zip-archive attached with the modified files.
Updated package is postponed, also, until this fix has become somewhat stable.
Sheep, I think you are great to tackle this problem but I'm confused... is there an attachment on your post or not? I see a paperclip on the header like there is an attachment but I could find no link. I will attempt to manually alter my files, but if I do, will I screw something up? Seems like there are some unpredictable results.
******************************************
Mucking around in eFiction since circa 2001 (ver. 1.0)
Now running v.3
Thank you, Robert for pointing this out, and thank you, Sheepcontrol for working on the fix.
I wanted to point out that the 2 lines of code that were previously added to the config.php file, and now are listed for the dbfuctions.php file:
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);May help with the SQL injection issue, but they throw off some of the site functionality. A member of my site emailed me to let me know that when she was trying to add a challenge, the site wouldn't save the characters she was trying to tie to the challenge. I checked, and she was correct. It looks like any input that comes from a box where multiple options can be chosen is being disregarded (for ex. in the advanced search it won't use selected classtypes to include/exclude).
Darn, that's what I was fearing. Well, as I said, I don't know the code very well, ok, scratch that as well - I need to finish v5 ASAP 🙁
Darn, that's what I was fearing. Well, as I said, I don't know the code very well, ok, scratch that as well - I need to finish v5 ASAP 🙁
Hey I'm ready to beta test v5 whenever you are ready. :agree:
******************************************
Mucking around in eFiction since circa 2001 (ver. 1.0)
Now running v.3
I'm getting a bunch of reports from authors stating that "rn" is being added to each line since I applied the hotfix. Here's an example:
http://www.adastrafanfic.com/viewstory.php?sid=2061&chapter=37
No matter what I do on the HTML editor side, I cannot remove those characters. They persist over and over.
-- jb
Archive: Ad Astra Star Trek Fanfiction Archive
Version: 3.5.3
Skin: One of Kali's, but I'm not sure. It's been heavily modded.
PHP: 5.0
MySQL: 5.5
Can I get a post of Step 3 so I can back out the changes?
-- Jb
EDIT: Nevermind. I found it and edited it out.
Archive: Ad Astra Star Trek Fanfiction Archive
Version: 3.5.3
Skin: One of Kali's, but I'm not sure. It's been heavily modded.
PHP: 5.0
MySQL: 5.5
Darn, that's what I was fearing. Well, as I said, I don't know the code very well, ok, scratch that as well - I need to finish v5 ASAP 🙁
Hey I'm ready to beta test v5 whenever you are ready. :agree:
I'd also be up for doing any beta testing when you are ready.
http://www.FicSavers.Com
http://www.HPFanFicArchive.Com
http://www.FavoritesTracker.Org
Can I get a post of Step 3 so I can back out the changes?
-- Jb
EDIT: Nevermind. I found it and edited it out.
So it'd good now?
It seems to be. Once I backed out the config.php changes, all of the weird extra characters disappeared when I did the hand-edits to the HTML input editor.
-- jb
Archive: Ad Astra Star Trek Fanfiction Archive
Version: 3.5.3
Skin: One of Kali's, but I'm not sure. It's been heavily modded.
PHP: 5.0
MySQL: 5.5
I am very willing too to help with beta testing, anything you need
why is nothing ever easy?
url: http://www.pretendercentre.com/missingpieces/
php: 5.2.5 msql: 5.0.45-community
efic version: 3.4.3 latest patches: yes
bridges: none mods: challenges, displayword, beta-search
Changes haven been included in the latest release, 3.5.5
Topic locked.