Major danger with browser history of save.php file.

doc

Hello,

this bug is fixed in WB 2.7. I posted a solution to recover a crashed site in the German forum.
https://forum.websitebaker.org/index.php/topic,8324.msg49826.html#msg49826

Try to translate it via an online translator or maybe someone in the forum volunteers to translate it to English.

Good luck
Christian

aisling

HI, I don't know how it has happened, I was looking at the setting page o f my site to see if I could increase the file upload sive and was not aware of changign anything but next time I went to my site I got the error "Error loading language file , please check configuration" message!
Now i can't see the frontend of the website and can't get into the admin area.
I have no idea HOW to get to my site or why this has happened.

Any advice out there.??



Lonesome Walker

First of all, if you've made the backup with phpmyadmin, you should open the file with notepad, then save it as the same file, but you have to choose to save as UTF-8.
phpmyadmin stores the file in ANSI, so you get weird typos...
opensource company WebsiteBaker Templates Werbeartikel aller Art WebsiteBaker Hosting

ptgptg

I found an old sql tables backup i made.
I've tried to import it using phpmyadmin but every hebrew character is replaced with a question mark.
I tried utf8 and hebrew charset - nothing works.
Does anybody have a clue?

ptgptg

PLEASE HELP!
I applied the above fix and then ran /admin/settings/save.php to make sure it worked, and i ended up looking at a "Error loading language file , please check configuration" message!
Now i can't see the frontend of the website and can't get into the admin area.
What do i do? Please help.

lanesharon

Quote from: rdbartz on December 21, 2007, 03:46:51 AM
Here is a simple fix that just stops the update and goes back to the settings page after a brief warning:
Thank You

doc

Hello,

well this bug will be fixed with the next WB version.

Regards Christian

rdbartz

I am surprised that this is not fixed in the current version...  wow.  All you have to do is to load the save.php directly and it erases your settings.

There are a lot of ways around this.  Here is a simple fix that just stops the update and goes back to the settings page after a brief warning:

Open /admin/settings/save.php for editing and...

Just BEFORE these TWO lines:
// Create new database object
$database = new database();

Add these three lines:

if(($admin->get_post(website_title)== "")||($admin->get_post(default_language)== "")) {
   echo "Oh NO... page called directly, CANNOT SAVE!";
}else {

then AFTER these two lines:
   $database->query("UPDATE ".TABLE_PREFIX."search SET value = '$value' WHERE name = '$setting_name'");
}

Add this ONE closing bracket:

}

This simple fix will look at the posted values for website title and language and, if either are blank, will NOT allow any updating to occur.

RDB

Deb

Quote from: DssTrainer on August 21, 2007, 05:41:29 PM
Want a quick way to screw up your site?

type this in your browser:
http://www.mysite.com/admin/settings/save.php

Zowie! or maybe that's "Zap!"  Thank you so much for sharing that! 

kweitzel

thanks for submitting, opened Ticket 412 ... which Version did you test this with?

cheers

Klaus

DssTrainer

Want a quick way to screw up your site?

type this in your browser:
http://www.mysite.com/admin/settings/save.php

If you were recently logged into website baker, and you still have the logged in cookie, you will have successfully cleared the database table for your settings. Which will make the front end not work with a message like "Unable to load language file".

This happened to me because as I was typing into my address bar, the auto-fill from previous paths showed up, so as I was scrolling through the list, I accidentally selected the admin/settings/save.php historical path.

This runs the save with no data, essentially clearing out all the data. This should really be patched or at least fixed in WB3, as it was quite scary and easy to accidentally do. Perhaps save.php?saveall or something is needed, as I think most browsers don't add the ?xxx stuff to the historical path, but I may be wrong.

To fix this, I luckily had another website baker site setup and went into cpanel and copy the raw database defaults back in and that got me back up to seeing the site again. Then I had to re-enter all my website header/footer/keywords/settings etc.
[url="http://www.jblradongas.com"]http://www.jblradongas.com[/url] - wb2.7