Notice: CMSB v2.65 Beta (Mar 31, 2015)

6 posts by 2 authors in: Forums > CMS Builder
Last Post: April 2, 2015   (RSS)

By Dave - March 31, 2015

Hi All, 

We've just released v2.65 beta 2 (beta list members will get an email with a download link shortly). 

This will be the last version before we increase the requirements to PHP 5.4.0+ and MySQL 5.5+.  Servers that do not support those versions will show a notice at the top of the admin menu.

Other than that, this is mostly a maintenance, bug fix and security release with the following minor changes:

  • Security: Added notice to top of "Admin > General" for servers running outdated and unsupported versions of PHP or MySQL
  • Security: Autocomplete on login form is now enabled by default and can be disabled under Admin Menu
  • Security: Added checkbox to toggle "Disable Autocomplete" browser function that saves usernames and passwords
  • User Accounts: Added error checking to prevent admin users from accidentally disabling their own accounts

Also note that we reset "autocomplete" to be on by default so you can use your browsers password saving feature to auto fill the login form.  This can be turned off under Admin Settings.  Also, there should NOT be autocomplete/autofill functionality on add user forms, so if you see your browser doing or not doing autocomplete where it should just let us know!

If you're not already on the beta tester email list and you'd like to help beta test (you must own at least 1 CMSB license) you can sign up here: http://www.interactivetools.com/news/manage.php

Please post any feedback, questions, or bugs you find! Thanks! 

Thanks! :) 

Dave Edis - Senior Developer
interactivetools.com

By Dave - March 31, 2015

Also, we made some small changes to the config files: .htaccess, .user.ini, and php.ini to help detect which config files are loading.  We'd like to show this in the admin menu in future versions.

We've tested them on a few servers without issue, but if you do get any errors with any of those files, just remove the settings at the bottom of each file under "Identify loaded config files" and then post to let us know.  

The settings look like this:

.htaccess
  php_value highlight.html '#000000; CMSB_CONFIG_HTACCESS'
  php_value date.default_latitude '11.1111 CMSB_CONFIG_HTACCESS'

.user.ini
  highlight.string       = '#DD0000; CMSB_CONFIG_USER_INI'
  date.default_longitude = '33.3333 CMSB_CONFIG_USER_INI'

php.ini
<IfModule mod_php5.c>
  php_value highlight.html '#000000; CMSB_CONFIG_HTACCESS'
  php_value date.default_latitude '11.1111 CMSB_CONFIG_HTACCESS'
</IfModule>

Thanks!

Dave Edis - Senior Developer
interactivetools.com

By ITI - April 1, 2015 - edited: April 1, 2015

Hi Dave

I performed a fresh install of Beta v2.65 this morning and encountered an unnecessary error being logged.

E_NOTICE: Undefined index: QUERY_STRING

xxxxxxxxxxxxxxxxxxxxx\lib\common.php (line 108)

xxxxxxxxxxxxxxxxx/admin.php

You could just suppress it I suppose but I'm not a big fan of suppressing errors.

Line 108: if (sha1($_SERVER['QUERY_STRING']) == '3831b0376dab413292f03dd30523e749bdd3279e') {

A suggestion:

if (isset($_SERVER['QUERY_STRING']) && sha1($_SERVER['QUERY_STRING']) == '3831b0376dab413292f03dd30523e749bdd3279e') {

Glen







http://www.CanadianDomainRegistry.ca







ITI Internetworking Technologies Inc.

By Dave - April 1, 2015

Thanks Glen!

That's really useful.  We generally don't check for QUERY_STRING being set because it's suppose to be always set (even to blank)  So if it's not set on some servers out in the wild we might want to handle that differently.

Do you know if it was it caused through the web or a command-line script (eg cron).  

And can you let me know some specifics from phpinfo? eg: admin.php?menu=admin&action=phpinfo

  • PHP Version
  • Server API
  • _SERVER["SERVER_SOFTWARE"]
  • Operating System  (should be listed on the bottom of admin > general).

>You could just suppress it I suppose but I'm not a big fan of suppressing errors.

Agreed on that point, you'll likely see less suppression in the codebase moving forward, especially since there's now the overhead of custom error handling functions being called.  ...and we're pragmatic, so sometimes you'll still see it. 

Thanks!

Dave Edis - Senior Developer
interactivetools.com

By ITI - April 1, 2015 - edited: April 1, 2015

Hi Dave

This is my very old ITIStudios testing server that is about to be retired in a few weeks or so.

It's a win 2000 Advanced server running IIS ( IIS 5 I think?).

The php (v5.2.17) and the mysql (v5.0.51) versions are not compatible with the newer CMSB versions and didn't bother to mention it because it's not a flaw with 2.65

In the php.ini file "Notify" is part of the error reporting and may be excluded on production servers which could be why you haven't see this before.

The error only occurs when you login and logout otherwise everything is fine.

That being the case we still don't want to log it as an error when it's not.

As part of the test I added this code at line 104

if (isset($_SERVER['QUERY_STRING'])) echo "QUERY_STRING is set"; else echo "QUERY_STRING is not set";

Just to clarify:

When the page loads for the first time "it is not set"

After entering the login credentials and click the Login " button "it is not set"

Normal navigations if fine "is set"

When you click the "logoff" link, "it is not set" (but this is really the same as when the page loads for the first time)

Glen







http://www.CanadianDomainRegistry.ca







ITI Internetworking Technologies Inc.