coldstone
Global Moderator
member is offline
![[avatar]](http://xergs.doubtfulguest.net/images/avatar.png "[avatar]")
![[homepage]](http://s2.images.proboards.com/buttons/www_sm.gif "[homepage]")
Joined: Aug 2006
Posts: 816
Karma: 18 |  | Gm 1.7.2 Newlines break comments sometimes
« Thread Started on May 24, 2007, 11:09am » | |
Versions Affected: GreyMatter 1.7.2 and 1.7.2.3
Severity: Moderate (reduces comment functionality, workaround stops spam filtering)
Issue Description: When a comment is previewed or commenter verification is turned on, a newline in comment will trigger a security alert. This is because of the way newlines are encoded by Gm, it uses '|*|' to signify a newline.
Resolution: There is a code fix for this issue. Change line 310 of Gm_Web from:
Code:| unless( $name =~ m/^edited/i || $name =~ m/template$/i || $name =~ m/^newentry/i ){ |
|
To:
Code:if( $name =~ m/^edited/i || $name =~ m/template$/i || $name =~ m/^newentry/i ){
## do nothing for now
} elsif( $name =~ m/^newcommentbody/i ){
if( Gm_Utils::hackWebTest( $name ) || Gm_Utils::hackWebTest( $value ) ){
&$errHandler('We don\'t take kindly to that sort of activity here. '.
'Your attempt to break the script has been logged and the administrators have '.
'been notified. <br>');
}
} else { |
|
This issue will be fixed for 1.7.3.
Updated 5/28 per jesper's notes.
| |
|
jesper
New Member
member is offline
![[avatar]](http://hem.bredband.net/jeppz/janne.gif "[avatar]")
Joined: May 2007
Gender: Male 
Posts: 35
Location: Sweden.
Karma: 5 |  | Re: Gm 1.7.2 Newlines break comments sometimes
« Reply #1 on May 25, 2007, 5:28am » | |
This didnt work out for me because line 432 in my file (v1.7.2.3) read:
Code:cat -n Gm_Web.pm|grep 432
432 ## gm_generatecalendar which enters into a loop that depends on |
|
The closest thing i found was at line 308:
Code:| unless( $name =~ m/^edited/i || $name =~ m/template$/i ){ |
|
But after changing the code here i got:
Code:| Undefined subroutine &Gm_Security::hackWebTest called at libs/Gm_Web.pm line 311. |
|
I got around this by changing the the line in your fix from:
Code:| if( Gm_Security::hackWebTest( $name ) || Gm_Security::hackWebTest( $value ) ){ |
|
to:
Code:| if( Gm_Utils::hackWebTest( $name ) || Gm_Utils::hackWebTest( $value ) ){ |
|
And now it seems to work, but since i have no idea what i have just done with the code, i would not recommend anyone to use my solution until the authors have given their respons to this. 
| |
|
Carlos Phelps
Global Moderator
member is offline
Joined: Jan 2007
Gender: Male
Posts: 172
Location: California, USA
Karma: 30 | | Re: Gm 1.7.2 Newlines break comments sometimes
« Reply #2 on May 25, 2007, 9:13am » | |
jesper,
The GM you have installed on your site is the Trace Code Download if you install the standard download http://greymatter.50megs.com/release/gm_1_7_2_3_core.zip all posted bugs and corrections should apply to your site.
|
|
|
coldstone
Global Moderator
member is offline
Joined: Aug 2006
Posts: 816
Karma: 18 | | Re: Gm 1.7.2 Newlines break comments sometimes
« Reply #3 on May 28, 2007, 3:47pm » | |
Thanks jesper, another good catch. The Gm_Security module is new to 1.7.3 and its the same function, just in a more appropriate place. I will modify the original post.
My apologies to people who tried to use the original post, it is based on 1.7.3 code, instead of 1.7.2.
| |
|
![[Home]](http://s2.images.proboards.com/menu/home.gif "[Home]")
![[New Topics]](http://s2.images.proboards.com/menu/topics.png "[New Topics]")
![[Help]](http://s2.images.proboards.com/menu/help.gif "[Help]")
![[Search]](http://s2.images.proboards.com/menu/search.gif "[Search]")
![[Login]](http://s2.images.proboards.com/menu/login.gif "[Login]")
![[Register]](http://s2.images.proboards.com/menu/register.gif "[Register]")
![[Search This Thread]](http://s2.images.proboards.com/search2.gif "[Search This Thread]")
![[Send Topic To Friend]](http://s2.images.proboards.com/buttons/sendtopic.gif "[Send Topic To Friend]")
![[Print]](http://s2.images.proboards.com/buttons/print.gif "[Print]")
Author
Logged