Notice: CMSB v2.65 Beta (Mar 31, 2015)

6 posts by 2 authors in: Forums > CMS Builder
Last Post: April 2, 2015   (RSS)

By Dave - March 31, 2015

Hi All, 

We've just released v2.65 beta 2 (beta list members will get an email with a download link shortly). 

This will be the last version before we increase the requirements to PHP 5.4.0+ and MySQL 5.5+.  Servers that do not support those versions will show a notice at the top of the admin menu.

Other than that, this is mostly a maintenance, bug fix and security release with the following minor changes:

  • Security: Added notice to top of "Admin > General" for servers running outdated and unsupported versions of PHP or MySQL
  • Security: Autocomplete on login form is now enabled by default and can be disabled under Admin Menu
  • Security: Added checkbox to toggle "Disable Autocomplete" browser function that saves usernames and passwords
  • User Accounts: Added error checking to prevent admin users from accidentally disabling their own accounts

Also note that we reset "autocomplete" to be on by default so you can use your browsers password saving feature to auto fill the login form.  This can be turned off under Admin Settings.  Also, there should NOT be autocomplete/autofill functionality on add user forms, so if you see your browser doing or not doing autocomplete where it should just let us know!

If you're not already on the beta tester email list and you'd like to help beta test (you must own at least 1 CMSB license) you can sign up here: http://www.interactivetools.com/news/manage.php

Please post any feedback, questions, or bugs you find! Thanks! 

Thanks! :) 

Dave Edis - Senior Developer
interactivetools.com

By ITI - April 1, 2015 - edited: April 1, 2015

Hi Dave

I performed a fresh install of Beta v2.65 this morning and encountered an unnecessary error being logged.

E_NOTICE: Undefined index: QUERY_STRING

xxxxxxxxxxxxxxxxxxxxx\lib\common.php (line 108)

xxxxxxxxxxxxxxxxx/admin.php

You could just suppress it I suppose but I'm not a big fan of suppressing errors.

Line 108: if (sha1($_SERVER['QUERY_STRING']) == '3831b0376dab413292f03dd30523e749bdd3279e') {

A suggestion:

if (isset($_SERVER['QUERY_STRING']) && sha1($_SERVER['QUERY_STRING']) == '3831b0376dab413292f03dd30523e749bdd3279e') {

Glen







http://www.CanadianDomainRegistry.ca







ITI Internetworking Technologies Inc.

By Dave - April 1, 2015

Thanks Glen!

That's really useful.  We generally don't check for QUERY_STRING being set because it's suppose to be always set (even to blank)  So if it's not set on some servers out in the wild we might want to handle that differently.

Do you know if it was it caused through the web or a command-line script (eg cron).  

And can you let me know some specifics from phpinfo? eg: admin.php?menu=admin&action=phpinfo

  • PHP Version
  • Server API
  • _SERVER["SERVER_SOFTWARE"]
  • Operating System  (should be listed on the bottom of admin > general).

>You could just suppress it I suppose but I'm not a big fan of suppressing errors.

Agreed on that point, you'll likely see less suppression in the codebase moving forward, especially since there's now the overhead of custom error handling functions being called.  ...and we're pragmatic, so sometimes you'll still see it. 

Thanks!

Dave Edis - Senior Developer
interactivetools.com

By ITI - April 1, 2015 - edited: April 1, 2015

Hi Dave

This is my very old ITIStudios testing server that is about to be retired in a few weeks or so.

It's a win 2000 Advanced server running IIS ( IIS 5 I think?).

The php (v5.2.17) and the mysql (v5.0.51) versions are not compatible with the newer CMSB versions and didn't bother to mention it because it's not a flaw with 2.65

In the php.ini file "Notify" is part of the error reporting and may be excluded on production servers which could be why you haven't see this before.

The error only occurs when you login and logout otherwise everything is fine.

That being the case we still don't want to log it as an error when it's not.

As part of the test I added this code at line 104

if (isset($_SERVER['QUERY_STRING'])) echo "QUERY_STRING is set"; else echo "QUERY_STRING is not set";

Just to clarify:

When the page loads for the first time "it is not set"

After entering the login credentials and click the Login " button "it is not set"

Normal navigations if fine "is set"

When you click the "logoff" link, "it is not set" (but this is really the same as when the page loads for the first time)

Glen







http://www.CanadianDomainRegistry.ca







ITI Internetworking Technologies Inc.

By Dave - April 2, 2015

Hi Glen, 

Yea, that's super weird because IIS isn't following the standards.  QUERY_STRING is suppose to always be set, even if only to a blank string (RFC 3875 - 4.1.7). 

Anyways, I added "if (isset($_SERVER['QUERY_STRING']) && " to the code as per your suggestion and that will be in the next beta.

Thanks!  And let us know if you spot anything else.  Cheers!

Dave Edis - Senior Developer
interactivetools.com