Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2019-03-09 15:55:39

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 250
Website

After update to 4.7.3 "allow_page_php_scripting" is somehow ignored

Hello,

the next problem after updating from 4.6.2 to 4.7.3.

I call in an article page a form with this code:

<txp:php>
$namensteile = pathinfo(image_info(array('type'=>'name')));
echo $namensteile['filename']."__".image_info(array('type'=>'id')).".".$namensteile['extension'];
</txp:php>

allow_page_php_scripting is set to on. I rechecked it in the database where it is set to “1”. But opening an article I got in debug mode this error now:

Tag error: <txp:php> $namensteile = pathinfo(image_info(array('type'=>'name'))); echo $namensteile['filename']."__".image_info(array('type'=>'id')).".".$namensteile['extension']; </txp:php> -> Textpattern Notice: PHP code is disabled for pages. while parsing form bilder_url on page s2l_artikel

textpattern/publish/taghandlers.php:4399 trigger_error()
php()
textpattern/vendors/Textpattern/Tag/Registry.php:116 call_user_func()
textpattern/lib/txplib_publish.php:542 Textpattern\Tag\Registry->process()
textpattern/lib/txplib_publish.php:466 processTags()
textpattern/lib/txplib_misc.php:4407 parse()
textpattern/publish/taghandlers.php:3676 parse_form()
images()
textpattern/vendors/Textpattern/Tag/Registry.php:116 call_user_func()
textpattern/lib/txplib_publish.php:542 Textpattern\Tag\Registry->process()

" />

This happens no matter which PHP version I use – 7.0/7.2/7.3. I tried it also without plugins and there is no other error or notice in the log files.

Any idea?

Last edited by whocarez (2019-03-09 15:56:13)

Offline

#2 2019-03-09 16:02:58

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 250
Website

Re: After update to 4.7.3 "allow_page_php_scripting" is somehow ignored

Update: this happens only if I open an article. Frontpage and section pages are as far as I see not affected. allow_article_php_scripting is also set to “1”.

Last edited by whocarez (2019-03-09 16:03:36)

Offline

#3 2019-03-09 16:14:54

etc
Developer
Registered: 2010-11-11
Posts: 3,072
Website

Re: After update to 4.7.3 "allow_page_php_scripting" is somehow ignored

That possibly means that you try to execute this code on the second parser pass. This is insecure and has been forbidden in 4.7.2.


etc_[ query | search | pagination | date | tree | cache ]

Offline

#4 2019-03-09 17:29:46

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 250
Website

Re: After update to 4.7.3 "allow_page_php_scripting" is somehow ignored

After some investigating I found, that this problem is linked to the quotation mark handling. I put this URL now in a variable and use it then within these meta values.

<txp:if_article_image>

<txp:variable name="artikel_bild"><txp:site_url /><txp:images id='<txp:custom_field name="article_image" />' form='bilder_url'/></txp:variable>
   <meta property="og:image" content="<txp:variable name='artikel_bild' />" />
   <meta property="og:image:width" content="<txp:image_info type='w' id='<txp:custom_field name="article_image" />' />" />
   <meta property="og:image:height" content="<txp:image_info type='h' id='<txp:custom_field name="article_image" />' />"  />
   <meta itemprop="image" content="<txp:variable name='artikel_bild' />" />
   <link rel="image_src" href="<txp:variable name='artikel_bild' />" />
    <meta name="twitter:image" content="<txp:variable name='artikel_bild' />" />

<txp:else />
(...)
</txp:if_article_image>

For using this bilder_thumbs form together with bilder_url form with PHP inside articles I had also to allow the use of PHP inside articles for some other user groups via rah_privileges.

Thanks anyway. Sometimes I need some input to find my own mistakes :-).

Offline

Board footer

Powered by FluxBB