View Issue Details

IDProjectCategoryView StatusLast Update
0015370phpList 3 applicationRepetitionpublic23-05-12 21:04
Reporteradrian15 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product VersionFuture developments 
Target VersionFixed in Version 
Summary0015370: svn revision 1703 inspired from 2.10.10 initial patches
DescriptionThese are a collection of patches that fixes the problems described on H2B2 post on the New stable version - 2.10.10 thread on the forum (http://forums.phplist.com/viewtopic.php?f=9&t=24494). [^]

Actually the 16th patch has not been implemented because it involved a security risk and the 3rd patch is saved into a separated folder because it removed the accesscheck.php call which I think it is also a security risk.

This is an update so that the patches work in svn revision 1703.

Some of these patches have not been implemented because of security issues or some doubts that I had.

Currently patches that have been implemented are:

      1. 'View list members' does only allow viewing the first page of 50 users on the list

      4. Delete bounce operation doesn't work from 'view a bounce' page

      5. 15287. FCKeditor doesn't load when opening the 'send a message' page.

      6. Date criteria does not work (included in 5)

      7. Subject and From turn to Gibberish when saved not in English

      8. View templates generates a blank page

      9. Using the [SIGNATURE] place holder inserts signature twice

      12.htmlemail checkbox info not kept when adding individual user

      13.Forward feature incompatible with < PHP 5.1.0 because of "htmlspecialchars_decode" function

      14.Database error 1064 on installation or upgrade to 2.10.10

      15.Commandline cron not working
TagsNo tags attached.

Relationships

parent of 0015282 resolveduser4540 v2.10.10: 'View list members' does only allow viewing the first page of 50 users on the list 
parent of 0015286 resolvedmichiel delete bounce operation doesn't work from 'view a bounce' page 

Activities

30-11-09 20:37

 

svn_r1703_patch_01_view_more_than_50_members_on_the_list.patch (880 bytes)
diff -urN svn_r1703_sin_punto_svn_aplicar_template_ownership/phplist/public_html/lists/admin/members.php svn_r1703_tem_owner_parches_iniciales/phplist/public_html/lists/admin/members.php
--- svn_r1703_sin_punto_svn_aplicar_template_ownership/phplist/public_html/lists/admin/members.php	2009-11-28 15:19:03.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales/phplist/public_html/lists/admin/members.php	2009-11-28 18:04:39.000000000 +0100
@@ -221,7 +221,8 @@
   print "$total ".$GLOBALS['I18N']->get("Users on this list")."<p>";
   $offset = 0;
   if ($total > MAX_USER_PP) {
-    if (isset($start) && $start) {
+  if (isset($_GET['start']) && (int) $_GET['start'] > 0) {
+      $start = (int) $_GET["start"]; 
       $listing = $GLOBALS['I18N']->get("Listing user")." $start ".$GLOBALS['I18N']->get("to")." " . ($start + MAX_USER_PP);
       $offset = $start;
     } else {

30-11-09 20:37

 

svn_r1703_patch_04_delete_bounce_does_not_work_from_view_a_bounce.patch (1,081 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_01/phplist/public_html/lists/admin/bounce.php svn_r1703_tem_owner_parches_iniciales_04/phplist/public_html/lists/admin/bounce.php
--- svn_r1703_tem_owner_parches_iniciales_01/phplist/public_html/lists/admin/bounce.php	2009-11-28 17:08:04.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_04/phplist/public_html/lists/admin/bounce.php	2009-11-28 18:33:42.000000000 +0100
@@ -15,7 +15,11 @@
   $delete = 0;
 }
 $useremail = isset($_GET["useremail"]) ? $_GET["useremail"] : '';
-
+$deletebounce = isset($_GET["deletebounce"]) ? $_GET["deletebounce"] : ''; #BUGFIX #15286 - nickyoung
+$amount = isset($_GET["amount"]) ? $_GET["amount"] : ''; #BUGFIX #15286 - CS2 
+$unconfirm = isset($_GET["unconfirm"]) ? $_GET["unconfirm"] : ''; #BUGFIX #15286 - CS2 
+$maketext = isset($_GET["maketext"]) ? $_GET["maketext"] : ''; #BUGFIX #15286 - CS2 
+$deleteuser = isset($_GET["deleteuser"]) ? $_GET["deleteuser"] : '';  #BUGFIX #15286 - CS2 
 if (!$id && !$delete) {
   Fatal_Error($GLOBALS['I18N']->get('NoRecord'));
   exit;

30-11-09 20:37

 

svn_r1703_patch_05_fckeditor_not_load_send_message_and_06_date_criteria_does_not_work.patch (1,846 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_04/phplist/public_html/lists/admin/send_core.php svn_r1703_tem_owner_parches_iniciales_05/phplist/public_html/lists/admin/send_core.php
--- svn_r1703_tem_owner_parches_iniciales_04/phplist/public_html/lists/admin/send_core.php	2009-11-28 17:08:04.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_05/phplist/public_html/lists/admin/send_core.php	2009-11-28 18:47:54.000000000 +0100
@@ -517,7 +517,6 @@
     $operator = $_POST["criteria_operator"];
     if (is_array($_POST["criteria_values"])) {
       $values = join(", ",$_POST["criteria_values"]);
-      $values = cleanCommaList($values);
     } else {
       $values = $_POST["criteria_values"];
     }
@@ -892,7 +891,7 @@
         } else {
           $where_clause .= ' in (';
         }
-        $where_clause .= cleanCommaList($crit_data["values"]) . ") )";
+        $where_clause .= $crit_data["values"] . ") )"; #BUGFIX 15283 (h2b2) part 2/2 
         $subqueries[$i]['query'] = sprintf('select userid from %s
         where attributeid = %d and
         value %s in (%s) ',$GLOBALS['tables']['user_attribute'],
@@ -1067,13 +1066,13 @@
   $maincontent .= '
   <tr><td>'.Help("subject").' '.$GLOBALS['I18N']->get("Subject").':</td>
     <td><input type=text name="msgsubject"
-    //value="'.htmlentities(iconv('ISO-8859-1','UTF-8',$subject),ENT_QUOTES,'UTF-8').'" size=40></td></tr>
+    value="'.htmlentities($subject,ENT_QUOTES,'UTF-8').'" size=40></td></tr>
   <tr>
     <td colspan=2>
     </td></tr>
   <tr><td>'.Help("from").' '.$GLOBALS['I18N']->get("fromline").':</td>
     <td><input type=text name=from
-    value="'.htmlentities(iconv('ISO-8859-1','UTF-8',$from),ENT_QUOTES,'UTF-8').'" size=40></td></tr>
+   value="'.htmlentities($from,ENT_QUOTES,'UTF-8').'" size=40></td></tr>
   <tr><td colspan=2>
 
   </td></tr>';

30-11-09 20:37

 

svn_r1703_patch_07_subject_from_gibberish.patch (927 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_05/phplist/public_html/lists/admin/send_core.php svn_r1703_tem_owner_parches_iniciales_07/phplist/public_html/lists/admin/send_core.php
--- svn_r1703_tem_owner_parches_iniciales_05/phplist/public_html/lists/admin/send_core.php	2009-11-28 18:47:54.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_07/phplist/public_html/lists/admin/send_core.php	2009-11-28 18:56:46.000000000 +0100
@@ -1063,6 +1063,13 @@
   $forwardcontent = $tmp;
 
   $scheduling_content = '<table>';
+  $utf8_subject = $subject;
+  $utf8_from = $from;
+  if (strcasecmp($GLOBALS['strCharSet'], 'utf-8') <> 0) {
+     $utf8_subject = iconv($GLOBALS['strCharSet'],'UTF-8',$utf8_subject);
+     $utf8_from = iconv($GLOBALS['strCharSet'],'UTF-8',$utf8_from);
+  }
+
   $maincontent .= '
   <tr><td>'.Help("subject").' '.$GLOBALS['I18N']->get("Subject").':</td>
     <td><input type=text name="msgsubject"

30-11-09 20:37

 

svn_r1703_patch_08_view_templates_blank_page.patch (921 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_07/phplist/public_html/lists/admin/viewtemplate.php svn_r1703_tem_owner_parches_iniciales_08/phplist/public_html/lists/admin/viewtemplate.php
--- svn_r1703_tem_owner_parches_iniciales_07/phplist/public_html/lists/admin/viewtemplate.php	2009-11-28 17:08:04.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_08/phplist/public_html/lists/admin/viewtemplate.php	2009-11-28 19:00:29.000000000 +0100
@@ -15,7 +15,7 @@
   print '<p>'.PageLink2("template&id=".$_GET["id"],$GLOBALS['I18N']->get('BackEditTemp')).'</p>';
 } else {
   ob_end_clean();
-  print previewTemplate($id,$_SESSION["logindetails"]["id"],nl2br($GLOBALS['I18N']->get('TempSample')));
+ print previewTemplate($_GET['id'],$_SESSION["logindetails"]["id"],$GLOBALS['I18N']->get('TempSample'));
 }
 } else print $GLOBALS['I18N']->get('You do not have enough permissions to view this template.');
 ?>

30-11-09 20:37

 

svn_r1703_patch_09_signature_twice.patch (1,404 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_08/phplist/public_html/lists/admin/sendemaillib.php svn_r1703_tem_owner_parches_iniciales_09/phplist/public_html/lists/admin/sendemaillib.php
--- svn_r1703_tem_owner_parches_iniciales_08/phplist/public_html/lists/admin/sendemaillib.php	2009-11-28 18:58:29.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_09/phplist/public_html/lists/admin/sendemaillib.php	2009-11-28 19:20:45.000000000 +0100
@@ -269,7 +269,7 @@
   ### @@@TODO don't use forward and forward form in a forwarded message as it'll fail
 
   #0013076: Blacklisting posibility for unknown users
-  foreach (array("forwardform","subscribe","preferences","unsubscribe","signature", 'blacklist') as $item) {
+  foreach (array("forwardform","subscribe","preferences","unsubscribe", 'blacklist') as $item) {
     # hmm str_ireplace and stripos would be faster, presumably, but that's php5 only
     if (PHP5) {
       if (stripos($htmlmessage,'['.$item.']')) {
@@ -357,7 +357,7 @@
   if (eregi("\[SIGNATURE\]",$htmlmessage))
     $htmlmessage = eregi_replace("\[SIGNATURE\]",$html["signature"],$htmlmessage);
   elseif ($html["signature"])
-    $htmlmessage .= '<br />'.$html["signature"];
+    $htmlmessage = addHTMLFooter($htmlmessage, ''. $html["signature"]);
   if (eregi("\[FOOTER\]",$textmessage))
     $textmessage = eregi_replace("\[FOOTER\]",$text["footer"],$textmessage);
   else

30-11-09 20:38

 

svn_r1703_patch_12_i_prefer_html_import_no_effect.patch (867 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_09/phplist/public_html/lists/admin/import1.php svn_r1703_tem_owner_parches_iniciales_12/phplist/public_html/lists/admin/import1.php
--- svn_r1703_tem_owner_parches_iniciales_09/phplist/public_html/lists/admin/import1.php	2009-11-28 18:58:29.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_12/phplist/public_html/lists/admin/import1.php	2009-11-28 19:48:10.000000000 +0100
@@ -214,7 +214,7 @@
 =======*/
           $query = sprintf('INSERT INTO %s (email,entered,confirmed,uniqid,htmlemail) values("%s",now(),%d,"%s","%s")',
 // >>>>>>> .merge-right.r1462
-          $tables["user"],$email,$notify != "yes",$uniqid,$htmlemail);
+          $tables["user"],$email,$notify != "yes",$uniqid,$_POST['htmlemail']);
           $result = Sql_query($query);
           $userid = Sql_Insert_Id($tables['user'], 'id');
 

30-11-09 20:38

 

svn_r1703_patch_13_htmlemail_checkbox_not_kept_add_one_user.patch (906 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_12/phplist/public_html/lists/admin/members.php svn_r1703_tem_owner_parches_iniciales_13/phplist/public_html/lists/admin/members.php
--- svn_r1703_tem_owner_parches_iniciales_12/phplist/public_html/lists/admin/members.php	2009-11-28 18:58:29.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_13/phplist/public_html/lists/admin/members.php	2009-11-28 19:52:49.000000000 +0100
@@ -165,7 +165,7 @@
     = ' insert into %s (email, entered, confirmed, htmlemail, uniqid)'
     . ' values(?, current_timestamp, 1, ?, ?)';
     $query = sprintf($query, $tables['user']);
-    $result = Sql_Query_Params($query, array($email, $htmlemail, getUniqid()));
+    $result = Sql_Query_Params($query, array($email, $_POST['htmlemail'], getUniqid()));
     $userid = Sql_Insert_Id($tables['user'], 'id');
     $query
     = ' insert into %s (userid, listid, entered)'

30-11-09 20:38

 

svn_r1703_patch_14_forward_feature_incompatible_before_php_5.1.0.patch (787 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_13/phplist/public_html/lists/index.php svn_r1703_tem_owner_parches_iniciales_14/phplist/public_html/lists/index.php
--- svn_r1703_tem_owner_parches_iniciales_13/phplist/public_html/lists/index.php	2009-11-28 18:58:29.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_14/phplist/public_html/lists/index.php	2009-11-28 19:57:57.000000000 +0100
@@ -807,6 +807,11 @@
 }
 
 ########################################
+if (!function_exists("htmlspecialchars_decode")) {
+   function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) {
+       return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style)));
+   }
+}
 function forwardPage($id) {
   global $data, $tables, $envelope;
   $ok = true;

30-11-09 20:38

 

svn_r1703_patch_15_database_error_1064_installation_upgrade_2.10.10.patch (760 bytes)
diff -urN svn_r1703_tem_owner_parches_iniciales_14/phplist/public_html/lists/admin/connect.php svn_r1703_tem_owner_parches_iniciales_15/phplist/public_html/lists/admin/connect.php
--- svn_r1703_tem_owner_parches_iniciales_14/phplist/public_html/lists/admin/connect.php	2009-11-28 18:58:29.000000000 +0100
+++ svn_r1703_tem_owner_parches_iniciales_15/phplist/public_html/lists/admin/connect.php	2009-11-28 20:02:33.000000000 +0100
@@ -1057,7 +1057,12 @@
 }
 
 function cleanCommaList($list) {
-  return join(',',cleanArray(split(',',$list)));
+   foreach ($list as $key=>$value) {
+      if(!$value) {
+         array_splice($list, $key, 1);  //Remove null value from array
+      }
+   }
+  return $list;
 }
 
 function formatDateTime ($datetime,$short = 0) {

michiel

23-05-12 21:04

manager   ~0051616

I checked, and these seem resolved on the trunk code.