1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Download Hotaru Cms Core 1.7.3

Main Core code for Hotaru CMS

  1. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    yes, i dont think iframe is allowed in the html parsing of the text even though it is added as a tag. i will check with @valMETNG as i know he has looked at something like this on his site before.
     
  2. valMETNG

    valMETNG Administrator Staff Member Admin

    Has the recommended plugin order changed from this? Users used to be #4 (user signin was #2).
     
  3. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    no , order hasn't changed. i just wanted to get the users plugin as high as possible when troubleshooting since the 2 plugins in play here were users and messaging, I wanted to make sure messaging was below users
     
  4. valMETNG

    valMETNG Administrator Staff Member Admin

    Nothing in my build was quick or easy :)

    Actually, I use getRaw:
    Code:
    $content = sanitize($h->cage->post->getRaw('post_content'), 'tags', $allowable_tags);
    And then run all editor content through a "cleaner" (which still might have some risks that I haven't solved yet):
    Code:
      // removes stuff that messes up ckeditor
       function cleanEditorContent($content)
       {
         if (!$content) { return ''; }
    
         // Unsolved potential XSS risks:
         // <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
         // <IMG SRC=" &#14; javascript:alert('XSS');">
    
         // decodes numeric HTML entities that can be used to do XSS (e.g., <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>) - from https://gist.github.com/mbijon/1098477
         $content = str_replace(array('&amp;'), array('&amp;amp;'), $content);
         $content = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $content);
         $content = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $content);
    
         // convert to proper character set (e.g., é to &eacute;) - from https://stackoverflow.com/questions/7663738/htmlentities-and-e-e-acute
         $in_iso8859encoded = iconv("UTF-8", "ISO-8859-1//TRANSLIT", $content);
         $out_iso8859= htmlentities($in_iso8859encoded, ENT_COMPAT, "ISO-8859-1");
         $content = iconv("ISO-8859-1", "UTF-8", $out_iso8859);
    
         $content = html_entity_decode($content, ENT_COMPAT, 'UTF-8');
    
         // many from https://gist.github.com/mbijon/1098477
         $remove_patterns = array(
           '/<img[^>]*src=[\'\"]?data:image\/[^>]*>/is', // remove base64 images
           '/<iframe[^>]*src=[\'\"]?mhtml/is', // remove mhtml
    //       '#(?:on[a-z]+|xmlns|sandbox)\s*=\s*[\'"\x00-\x20]?[^\'>"]*[\'"\x00-\x20]?\s?#iu', // Remove any attribute starting with "on" or xmlns or sandbox (via http://dev.kohanaframework.org/issues/1787 and http://pkgs.fedoraproject.org/repo/pkgs/php-Kohana/kohana-2.4rc2.zip/32e4729c4f2fc12d206c8a8220f9e463/kohana-2.4rc2.zip)
    //       '#(?:on[a-z]+|xmlns|sandbox)\s*=\s*[\'"\x00-\x20]?[^\'>"]*[\'"\x00-\x20]?\s?#iu'
           '#(<[^>]+?[\x00-\x20"\'])(?:onclick|ondblclick|onmousedown|onmousemove|onmouseover|onmouseout|onmouseup|onkeydown|onkeypress|onkeyup|onabort|onerror|onload|onresize|onscroll|onunload|onblur|onchange|onfocus|onreset|onselect|onsubmit|xmlns|sandbox)[^>]*+>#iu', // Remove any attribute starting with "on" or xmlns or sandbox
           '#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', // Remove javascript: and vbscript: protocols
           '#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu',
           '#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u',
           '#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', // Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
           '#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i',
           '#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#iu',
           '#</*\w+:\w[^>]*+>#i', // Remove namespaced elements (we do not need them)
           '#</*(?:applet|b(?:ase|gsound|link)(?:set)?|i(?:layer)|l(?:ayer|ink)|meta|s(?:cript)|title|xml)[^>]*+>#i', // Remove really unwanted tags
           '!(^(\s*<p>(\s|&nbsp;)*</p>\s*)*|(\s*<p>(\s|&nbsp;)*</p>)*\s*\Z)!em', // from: http://snipplr.com/view/45940/ to trim ending <p></p>
           '#<(\w+)\s[^>]*(class)\s*=\s*[\'"](' . 'loading-bar|activity_items|content' .
      ')[\'"][^>]*>.*</\\1>#isU', // if they paste the scrolling/load more content id list_content, we won't allow that
           '#<(\w+)\s[^>]*(id)\s*=\s*[\'"](' . 'list_content' .
      ')[\'"][^>]*>.*</\\1>#isU', // if they paste the scrolling/load more content id list_content, we won't allow that; from http://www.webdeveloper.com/forum/showthread.php?165278-RESOLVED-PHP-remove-Selected-tags-by-id-or-class
         );
    
         foreach ($remove_patterns as $pattern)
         { $content = $this->filter_autop($content, $pattern); }
    
         $content = trim($content);
    
         $content = str_replace($this->loadCommonVariables('bad_characters'), "", $content);
    
         // double-escape special characters
         $var = $this->loadCommonVariables('escapers');
         $content = str_replace($var['escapers'], $var['replacements'], $content);
    
         // something is really screwy with PHP as to why this is necessary, but it is (see: http://us1.php.net/manual/en/function.addslashes.php#87577)
         $this->content = str_replace('\n', "\n", $this->content);
    
         return $content;
       }
    
    
       // after cleanEditorContent cleans everything up, when we present, we need to do a few things
       function presentEditorContent($content = false)
       {
         if (!$content) { return ''; }
    
         $content = stripcslashes(urldecode($content));
    
         return $content;
       }
    
    
      // Loads common variables used in multiple plugins
       function loadCommonVariables($var)
       {
         $bad_characters = array(chr(13), "<br/>", "<br>", "<p>&nbsp;</p>", "<p><br /></p>", "<p>\t</p>", "<div></div>");
         $escapers =  array("\\",  "/",  "\"",  "\n",  "\r",  "\t", "\x08", "\x0c", "&amp;amp;");
         $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t",  "\\f",  "\\b", "&amp;");
    
         switch ($var)
         {
           case 'bad_characters':
             // used for stripping out from ckeditor; may need to add back into bad_characters: chr(10)
             return $bad_characters;
           case 'escapers':
             // double-escape special characters
             // from: https://stackoverflow.com/questions/1048487/phps-json-encode-does-not-escape-all-json-control-characters
             return array('escapers' => $escapers, 'replacements' => $replacements);
           case 'strip_all':
             return array_merge($bad_characters, $replacements, $escapers);
           default:
             return false;
         }
       }
    
    
    Then, in function saveSubmitData:
    Code:
         if (isset($h->vars['submitted_data']['submit_content']))
         { $h->vars['submitted_data']['submit_content'] = $h->cleanEditorContent($h->vars['submitted_data']['submit_content']); }
    
    I also json_encode the submitted data in saveSubmitData.
     
  5. valMETNG

    valMETNG Administrator Staff Member Admin

    Ooopps. Sorry - you'll need this function too:
    Code:
      // ignore content between tag - from https://api.drupal.org/api/drupal/modules!filter!filter.module/function/_filter_autop/5
       public function filter_autop($text, $pattern)
       {
         // Split at <pre>, <script>, <style> and </pre>, </script>, </style> tags.
         // We don't apply any processing to the contents of these tags to avoid messing
         // up code. We look for matched pairs and allow basic nesting. For example:
         // "processed <pre> ignored <script> ignored </script> ignored </pre> processed"
         $chunks = preg_split('@(</?(?:pre)[^>]*>)@i', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
         // Note: PHP ensures the array consists of alternating delimiters and literals
         // and begins and ends with a literal (inserting NULL as required).
         $ignore = FALSE;
         $ignoretag = '';
         $output = '';
         foreach ($chunks as $i => $chunk) {
          if ($i % 2) {
           // Opening or closing tag?
           $open = ($chunk[1] != '/');
           list($tag) = preg_split('/[ >]/', substr($chunk, 2 - $open), 2);
           if (!$ignore) {
            if ($open) {
             $ignore = TRUE;
             $ignoretag = $tag;
            }
           }
           // Only allow a matching tag to close it.
           else if (!$open && $ignoretag == $tag) {
            $ignore = FALSE;
            $ignoretag = '';
           }
          }
          else if (!$ignore) {
           $chunk = preg_replace($pattern, '', $chunk);
          }
          $output .= $chunk;
         }
         return $output;
       }
    
     
  6. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    valMETNG likes this.
  7. robin007

    robin007 Well-Known Member

  8. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    sounds like either the db settings are incorrect or there is a problem with your db server?
     
  9. robin007

    robin007 Well-Known Member

    When I click the new install button
    Untitled.png


    I am click the update button


    Untitled112.png
     
  10. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

  11. robin007

    robin007 Well-Known Member

    I am download new ampps and then try it.
     
  12. robin007

    robin007 Well-Known Member

    many time I am install done using ampps.

    I am again download and install got same problem
     
    Last edited: Dec 31, 2014
  13. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    please try this package
    if this works then the problem for your system is mysqli v mysql driver for the mysql db

    http://stackoverflow.com/questions/...-and-will-be-removed-in-the-future-use-mysqli


    also, please check the Help page on install and tell me if you have any red labels on the "Your System" part
     

    Attached Files:

    Last edited: Dec 31, 2014
  14. robin007

    robin007 Well-Known Member

    http://localhost/install/index.php?step=3

    Notice: Use of undefined constant TABLE_USERS - assumed 'TABLE_USERS' in C:\Program Files\Ampps\www\install\index.php on line 444

    Fatal error: Call to a member function get_var() on a non-object in C:\Program Files\Ampps\www\install\index.php on line 445
     
  15. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

    Can you reply in PM and give me more details of what you saw on help page

    Since you could get to step3 I guess it was a driver issue

    PM me
     
  16. robin007

    robin007 Well-Known Member

    1.7 installation done.
     
    shibuya246 likes this.
  17. robin007

    robin007 Well-Known Member

    But 1.7.1 not done.
     
  18. robin007

    robin007 Well-Known Member

    Now 1.7.1 installation done.
    Thank you very much for your help.
     
    shibuya246 and valMETNG like this.
  19. Sv9t

    Sv9t Active Member

    Hi! well... what is the difference pligg & Hotaru ? I doubt that the install.
    I like the support group Hotaru and free modules, themes... But, posts from the sites are don't add to the site. I don't know why this.
    Thx!

    PS in pligg cms add post in site, but i don't stop spam. I everyday deleted spam! In hotaru cms no have spam, i like this.
     
    Last edited: Feb 11, 2015
  20. shibuya246

    shibuya246 Hotaru Developer Staff Member Admin

Share This Page