Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

Comments last 2 weeks

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

Downloads last 2 weeks

No new files

Welcome to Geeklog Sunday, August 28 2016 @ 09:52 pm EDT

Emailing Geeklog Topics

  • View Printable Version
Geeklog
  • Contributed by:
  • Views:
    3,412
Hi folks,

Using Geeklog 1.3.4 which I\'m thoroughly impressed with, however there\'s just one feature I\'ve not managed to make work correctly as yet - and that\'s the Emailing Topics for User option, I\'ve setup CRON to run the \'emailgeeklogstories\' script as php (which I\'ve corrected the paths etc in) but when the job executes on it\'s daily rotation I\'m emailed the following error from CRON:

#!/usr/local/bin/php -q
Warning: Cannot add header information - headers already sent by
(output started at
/path-to-geeklog/public_html/email.php:2) in
/path-to-geeklog/system/lib-sessions.php on line 150
Warning: Cannot add header information - headers already sent by
(output started at
/path-to-geeklog/public_html/email.php:2) in
/path-to-geeklog/system/lib-sessions.php on line 162

(the paths in the real error are correct, but changed here to path-to-geeklog).

email.php is the modified version of the emailgeeklogstories script (the only modification being the path to geeklog) and it\'s in the public_html folder for the geeklog installation, the line in my crontab looks like this:

0 20 * * * lynx -dump http://geeklog-url/email.php

(again, geeklog-url is actually my domain name in the crontab ;) ).

Anybody have any ideas? Sorry about the lengthy post - I\'m too lame to work this one out for myself, though ;)

Possible CSS vulnerability in search.php

  • View Printable Version
Security
  • Contributed by:
  • Views:
    3,753
I think search.php of geeklog-1.3.x has
possible cross site scripting vulnerability. For example, let put this string as search keyword.

<script>alert(self.location)</script>

This gives alert window when JavaScript is enabled.
Because any HTML tags are transparently displayed in a \"No matchs\" screen, and search.php accept GET method, this can be easily exploitable with manner of ordinary cross site scripting attacks.
<BR>
This simple patch for search.php can prevent this type of attack.

--- search.php Fri Apr 5 01:21:15 2002
+++ search.php.org Mon Apr 8 03:38:07 2002
@@ -264,7 +264,7 @@
$retval .= $searchresults->parse(\'output\',\'searchresults\');
} else {
$retval .= COM_startBlock($LANG09[13])
- . $LANG09[14].\' <b>\'.htmlentities($query).\'</b> \'.$LANG09[15]
+ . $LANG09[14].\' <b>\'.$query.\'</b> \'.$LANG09[15]
. COM_endBlock();
}

New Translations!

  • View Printable Version
Announcements
  • Contributed by:
  • Views:
    3,700
I am happy to announce the addition of two new translations: 1) Russian 2) Portuguese (Brazil) Slowly but surely, Geeklog is starting to mature...the submission of translations is proof of that and we are now up to 8 supported languages! I want to take a minute to thank all of you that have bared through some hard times, bugs, poor code, etc to get us here. A lot of work still needs to be done but we have a great community and good things will continue to follow!

Who's Online

Guest Users: 9

Need Help?

If you need help in setting up or using Geeklog, please see the documentation, the FAQ, the Wiki, try our search page or browse through the Support Forum. Chances are someone else already had the same problem.

More resources are listed on the support page.

If you still can't find an answer, feel free to post in the forum or ask on Gitter in the Geeklog room.

International Support:
[geeklog.info] [GeeklogPolska] [Geeklog Japanese] [Geeklog France] [Geeklog Spain]

Poll

PHP Support for the next version of Geeklog

Which PHP version are you on?

  •  PHP 5.2.x
  •  PHP 5.3.x
  •  PHP 5.4.x
  •  PHP 5.5.x
  •  PHP 5.6.x
  •  PHP 7.0.x
  •  Don't know / other
This poll has 2 more questions.
Results
Other polls | 14 voters | 0 comments