bet0x
June 2, 2016, 10:17am
#1
1.- Don’t hide errors:
error_reporting(0);
If i remove your error reporting i get A LOT OF ERRORS, wich is wrong, fix them, don’t hide them.
2.- Handle XML properly if you serve XML.
on rss.php replace:
<?php
include("config.php");
error_reporting(0);
With:
<?php
include("config.php");
header("Content-type: text/xml");
Another fix, layout.php at the end:
<!-- Stats Tracking Code -->
Change it to:
<!-- Stats Tracking Code -->
<?php
if (empty($_SERVER['HTTP_REFERER'])){
$_SERVER['HTTP_REFERER'] = 'none';
}
?>
I will list more mistakes during my usage and move to PulseCMS. (Yes i’m still willing to move to PulseCMS).
1 Like
bet0x
June 2, 2016, 11:20am
#2
Other fixes on inc/tags/blog.php
Line & fix:
Line: 5, 6:
if (isset($_GET['d']) && is_numeric($_GET['d'])){ $get_id = $_GET['d']; }
if (isset($_GET['page']) && is_numeric($_GET['page'])){ $cur_page = $_GET['page']; }
Line: 84:
$cur_page = isset($cur_page) ? $cur_page : 1;
1 Like
bet0x
June 2, 2016, 11:27am
#3
Adding a few things to rss.php
echo "<copyright>$blog_title - $blog_description All rights reserved.</copyright>\n";
echo "<generator>PulseCMS</generator>\n";
This goes right after:
echo "<language>$rss_lang</language>\n\n";
1 Like
bet0x
June 2, 2016, 12:09pm
#4
Adding “MORE” to Redactor toolbar.
Create a file with the name of “more.js” under admin/js/redactor with this content:
// Author: Alberto Ferrer
// Email: albertof@barrahome.org
// For PulseCMS only.
(function($)
{
$.Redactor.prototype.more = function()
{
return {
init: function ()
{
var button = this.button.add('more', 'More');
jQuery('a.re-more').css({
backgroundImage : ' url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAQ0lEQVQYV2MMDQ39zwAEq1evZgTR6AAmzwhjYFOMLAc2BZtidDG4dcgSyNbDnITiLnTFyO4mXSFRVhPlGaKDh9gABwAJuDgDsQ44aQAAAABJRU5ErkJggg==)',
});
this.button.addCallback(button, this.more.test);
},
test: function(buttonName)
{
this.selection.restore();
this.insert.html('##more##');
}
};
};
})(jQuery);
Now modify admin/index.php and right under this:
<script src="<?php echo $path.'/'.$admin; ?>/js/redactor/table.js"></script>
Add the next line:
<script src="<?php echo $path.'/'.$admin; ?>/js/redactor/more.js"></script>
Feel free to submit a better icon, i’m kinda lazy on the UI dept.
Usage is quite simple: you will see a cross (X) next to Full Screen icon. Place the mouse pointer on where you want to add the more button, click and done.
1 Like
Thanks for all these @bet0x ! Will get on to these asap and start to merge into the code base.
Please keep your amends and comments coming through at any time
thanks
bet0x
June 3, 2016, 4:52am
#6
There is other issues to be solved, example:
<?php
require_once("login.php");
Must be:
<?php
require_once("login.php");
To prevent header errors.
also on create and i’m sure on many more:
<?php
require_once("login.php");
session_start();
login.php already has a session_start() on line 12, why you duplicate it?
After every
<?php
You must place the code and don’t leave spaces.
3. Don’t use <? is deprecated. Use <?php (found this bug on diag.php under admin folder.
1 Like
bet0x
June 3, 2016, 5:01am
#7
functions.php
<?php
require_once("login.php");
session_start();
include('functions.php');
1.- Wront space
2.- Again session_start when is already initiated on login.php
3.- functions.php already have a require_once to login.php
4.- since functions.php is only for functions there is no point on requiere or include login.php
On home.php
<?php
require_once("login.php");
session_start();
include('functions.php');
Wrong again.
magic.php
<?php
require_once("login.php");
no need for that, you can move it to functions.php as a function.
open.php, html & js before checking the login.
also in the same file.
<?php
require_once("login.php");
session_start();
You may want send me an email, setup a git private repo and i will help you to fix almost everything
1 Like
dvcm
January 12, 2017, 9:38pm
#8
Why haven’t these reported errors not been fixed by now? It’s 6 months later!
What makes you think they haven’t (or were even accurate?)
Pulse is being fixed all the time and improved as mentioned in more detail here:
Thanks @dvcm
Appreciate your concerns but you're a little hot under the collar. I suggest you take a step back and breathe.
We take security VERY seriously and are of course working on a patch to fix this. We're not knowingly risking anyone's site and that's an unfair comment. There's nothing to suggest we wouldn't fix this. Why wouldn't we?
A positive "hey this is broken? Did you see it? Please fix it!" --> would have been enough
One of the strengths of Pulse is it's security. …
Closing as double-posting…