*** Joins: daryn_ (~daryn@h227.213.31.71.dynamic.ip.windstream.net) | 00:06 | |
*** Quits: daryn__ (~daryn@h32.145.28.71.dynamic.ip.windstream.net) (Ping timeout: 265 seconds) | 00:09 | |
*** Joins: kirillka (~Miranda@global01.vester.ru) | 00:48 | |
*** Quits: siebrand (~beis@sm.xs4all.nl) () | 01:30 | |
*** Quits: wolog_ (~wolog@AOrleans-152-1-34-142.w90-21.abo.wanadoo.fr) (Remote host closed the connection) | 01:42 | |
*** Joins: wolog_ (~wolog@195.6.104.193) | 02:25 | |
*** Joins: Cupertino (~Cupez@unaffiliated/cupertino) | 02:29 | |
*** Joins: giallu (~giallu@fedora/giallu) | 02:46 | |
*** Joins: fanno (~b3g@193.3.95.240) | 03:45 | |
*** Joins: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk) | 03:56 | |
*** Joins: cgra (~quassel@a91-154-65-126.elisa-laajakaista.fi) | 04:09 | |
cgra | hi, i have problem installing mantis. pretty much the only hint i get is "PHP Fatal error: Call to undefined function event_clear_callbacks()" | 04:10 |
---|---|---|
cgra | i'm on centos 5.4 and i did check database connectivity a few times. the mysql schema appears, but nothing else. no tables at all | 04:12 |
cgra | i've now tried the stable and it's most recent nightly build version | 04:13 |
cgra | the install.php result page seems to break at "Attempting to connect to database as user: GOOD" | 04:14 |
cgra | that's the last visible item | 04:15 |
cgra | if anyone can give hints what to check next, i'd appreciate | 04:15 |
*** Joins: davidinc (~d5374b2e@gateway/web/freenode/x-rzwgrcqjxalxwkab) | 04:31 | |
*** Joins: rombert (~c1e284da@gateway/web/freenode/x-zmqdavuyslnyphsl) | 04:37 | |
*** Joins: cobexer (~cobexer@188-23-13-181.adsl.highway.telekom.at) | 04:43 | |
*** Quits: rombert (~c1e284da@gateway/web/freenode/x-zmqdavuyslnyphsl) (Quit: Page closed) | 04:52 | |
*** Joins: hever (~hever@ip-95-223-227-129.unitymediagroup.de) | 05:21 | |
hever | Hello, what's the difference between release and stable as project status? | 05:21 |
*** Joins: Kornel^aardvark (~kornel@fw1.aardvarkmedia.co.uk) | 05:26 | |
*** Joins: \cobexer (~cobexer@188-23-10-184.adsl.highway.telekom.at) | 06:40 | |
*** Quits: cobexer (~cobexer@188-23-13-181.adsl.highway.telekom.at) (Ping timeout: 264 seconds) | 06:44 | |
*** Quits: Ragnor (~Ragnor@178.1.42.132) (Disconnected by services) | 06:54 | |
*** Joins: Ragnor (~Ragnor@178.1.42.132) | 06:55 | |
*** Quits: tavasti (~tavasti@217.152.202.221) (*.net *.split) | 06:55 | |
*** Joins: tavasti (~tavasti@217.152.202.221) | 06:59 | |
*** \cobexer is now known as \cobexer|away | 07:08 | |
*** Joins: mellen (~thansen@x1-6-00-22-02-00-0c-40.k253.webspeed.dk) | 07:12 | |
Kornel^aardvark | I can't find documentation for supported column types in schema definitions. How can I define boolean column in plugin? | 08:34 |
nuclear_eclipse | hi Kornel^aardvark | 09:02 |
nuclear_eclipse | http://phplens.com/lens/adodb/docs-datadict.htm | 09:02 |
Kornel^aardvark | thanks | 09:04 |
nuclear_eclipse | we generally stay away from most of the blob/varchar variants, and just use C(x) and XL, due to compatibility issues between the many supported database types | 09:05 |
nuclear_eclipse | and we've moved away from datetime fields completely in 1.2 to use int fields instead, which allows us to better handle timezones etc | 09:06 |
nuclear_eclipse | or rather, int fields allow timezone handling to be done exclusively by Mantis, as some dbms's try to do some funky timezone handling of their own when using datetime fields | 09:07 |
*** Joins: mantisbt_72657 (~7aa049ee@gateway/web/freenode/x-ekmyalgsckbcdeir) | 09:16 | |
*** Quits: mantisbt_72657 (~7aa049ee@gateway/web/freenode/x-ekmyalgsckbcdeir) (Client Quit) | 09:17 | |
cgra | i'm still stuck at installing mantis on centos 5.4. error_api.php on line 135 can't find event_clear_callbacks() function. i can't get the reason of error because of crash. should event_api.php be imported somehow here? | 09:27 |
nuclear_eclipse | cgra: that's a known problem, in cases where the mantis core hits an error before the event API has been loaded | 09:32 |
nuclear_eclipse | workaround atm is to edit core/error_api.php and comment out the call to event_clear_callbacks() so that you can see the real error message, and then once the underlying error is resolved, uncomment that line again | 09:33 |
nuclear_eclipse | alternatively, wrap the call in `if (function_exists("event_clear_callbacks")) {` | 09:33 |
cgra | ok. just tried the uncommenting. now there's no error in apache error_log but the page still seems to cut prematurely, at the "Attempting to connect to database as user: GOOD" | 09:34 |
cgra | btw, install.php says PHP 5.1.6 is good, but the webpage states mantis 1.2.1 requires php 5.2 or newer. any problem there? | 09:37 |
nuclear_eclipse | the webpage is wrong | 09:38 |
nuclear_eclipse | =\ | 09:38 |
cgra | ok | 09:39 |
*** Quits: daryn_ (~daryn@h227.213.31.71.dynamic.ip.windstream.net) (Quit: Ex-Chat) | 09:43 | |
*** Quits: fanno (~b3g@193.3.95.240) (Remote host closed the connection) | 09:46 | |
*** Quits: kirillka (~Miranda@global01.vester.ru) (Quit: kirillka) | 10:04 | |
*** Quits: cgra (~quassel@a91-154-65-126.elisa-laajakaista.fi) (Remote host closed the connection) | 10:12 | |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 265 seconds) | 10:19 | |
*** Joins: micahg (~micah@ubuntu/member/micahg) | 10:21 | |
*** Parts: Kornel^aardvark (~kornel@fw1.aardvarkmedia.co.uk) | 10:35 | |
*** Joins: Kornel^aardvark (~kornel@fw1.aardvarkmedia.co.uk) | 10:36 | |
*** Joins: fanno (~Morten@90.184.93.233) | 10:41 | |
*** Joins: daryn (~daryn@rrcs-76-79-4-2.west.biz.rr.com) | 10:46 | |
Kornel^aardvark | How evil is plugin adding column to mantis standard tables? | 10:53 |
Kornel^aardvark | I've found that bugnote_get_field() doesn't see added column unless I execute bugnote_clear_cache() before | 10:53 |
dhx_m | Kornel^aardvark: hi | 10:54 |
dhx_m | Kornel^aardvark: plugins shouldn't modify the default Mantis tables because it may break upgrades in the future | 10:54 |
dhx_m | Kornel^aardvark: it's better to left join them with plugin tables | 10:54 |
* nuclear_eclipse agrees with dhx_m | 10:58 | |
*** Quits: Cupertino (~Cupez@unaffiliated/cupertino) (Quit: I give up...) | 10:59 | |
dhx_m | nuclear_eclipse: hi :) | 11:01 |
*** Quits: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk) (Quit: Rixie) | 11:02 | |
nuclear_eclipse | hi dhx_m :) | 11:04 |
*** Parts: Kornel^aardvark (~kornel@fw1.aardvarkmedia.co.uk) | 11:10 | |
*** Joins: Kornel^aardvark (~kornel@fw1.aardvarkmedia.co.uk) | 11:11 | |
CIA-21 | Mantisbt: hickseydr * r339e583ab780 /core/install_helper_functions_api.php: install_stored_filter_migrate should ignore missing filter fields | 11:15 |
*** Quits: xSmurf (~MrSmurf@53-73-252-216.dsl.colba.net) (Changing host) | 11:35 | |
*** Joins: xSmurf (~MrSmurf@unaffiliated/mrsmurf) | 11:35 | |
*** Quits: davidinc (~d5374b2e@gateway/web/freenode/x-rzwgrcqjxalxwkab) (Ping timeout: 252 seconds) | 11:39 | |
dhx_m | oops | 11:45 |
CIA-21 | Mantisbt: hickseydr * r3110481c6492 /core/filter_api.php: Undefined index _source_query_id when printing filter list dropdown | 11:49 |
CIA-21 | Mantisbt: hickseydr * r269c843a95fb /core/filter_api.php: _source_query_id: follow up fix for last commit | 11:54 |
*** Quits: wolog_ (~wolog@195.6.104.193) (Remote host closed the connection) | 11:55 | |
*** Quits: hever (~hever@ip-95-223-227-129.unitymediagroup.de) (Read error: Operation timed out) | 11:57 | |
*** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 246 seconds) | 12:00 | |
* nuclear_eclipse congratulates dhx_m | 12:00 | |
dhx_m | lol | 12:01 |
dhx_m | I suspect you may have exposed an XSS vulnerability in 79255f6b | 12:02 |
dhx_m | not your fault because the problem already existed, but I'll blame you anyway :p | 12:02 |
dhx_m | just checking if it is an issue with 1.2.1 as well | 12:02 |
nuclear_eclipse | how would that be an XSS error? | 12:03 |
dhx_m | printing an unsanitised project name | 12:03 |
dhx_m | as I just said, the problem already existed | 12:04 |
nuclear_eclipse | ? shouldn't the page be using string_line() or what not? | 12:04 |
nuclear_eclipse | string_display_line()* | 12:04 |
dhx_m | yep that is what I'm about to commit | 12:04 |
nuclear_eclipse | yet another reason I supremely hate web applications... | 12:04 |
dhx_m | PHPTAL would have prevented that :D | 12:05 |
Kornel^aardvark | :> | 12:05 |
nuclear_eclipse | so much bullshit boilerplate code just to make sure the user isn't being screwed while using the application... | 12:05 |
Kornel^aardvark | nuclear_eclipse: non-web applications have similar problems with printf(foo) | 12:06 |
dhx_m | yep replace input/output sanitisation in web apps with buffer overflow bugs in non-web apps :) | 12:06 |
nuclear_eclipse | you can't surreptitiously hide a CSRF vulnerability in an image though, when you're talking about native desktop apps... | 12:07 |
Kornel^aardvark | yes. CSRF is a big failure of the platform. | 12:08 |
nuclear_eclipse | and using a high level language like Java, Python, etc, with proper datatypes means you almost never have to deal buffer overflows as a developer, either | 12:08 |
dhx_m | nuclear_eclipse: did you see the presentation I linked to regarding click jacking in the latest blog post? | 12:08 |
nuclear_eclipse | no | 12:08 |
dhx_m | nuclear_eclipse: it'll make you cry :) | 12:08 |
nuclear_eclipse | I assumed it would, hence the reason I ignored it ;) | 12:09 |
nuclear_eclipse | honestly, if web apps weren't so insanely useful and easy to deploy, I'd have rather cut my face off than get a job dealing with all this bullshit... :P | 12:09 |
dhx_m | in summary, invisible iframes which are cropped over a button on a target page... another site can thus trick you into clicking on any part of a page and the click is redirected to the target page, clicking a button that would otherwise be protected via CSRF tokens | 12:10 |
nuclear_eclipse | sounds about right | 12:10 |
Kornel^aardvark | I wonder if every web exploit could be tracked back to Netscape's extension... :) | 12:10 |
nuclear_eclipse | nope, ActiveX is a pretty gaping hole exclusive to the realm of Microsoft | 12:11 |
dhx_m | I can't wait for some free time (end of June) so I can get to work on PHPTALerizing MantisBT with primary objectives 1) remove all inline JavaScript so we can use CSP (Content Security Policy) to block inline JavaScript entirely (no more XSS attacks!), 2) remove all print_ pages and instead use different CSS files for web/print views | 12:12 |
Kornel^aardvark | ActiveX became irrelevant, so it's not a problem. You can't get rid of iframes, document.write, form.submit(), etc. | 12:12 |
dhx_m | I forgot the terms-and-conditions-apply asterisk (*) after "no more XSS attacks" | 12:13 |
nuclear_eclipse | dhx_m: the question is just how long before browsers actually pay attention to CSP crap | 12:13 |
dhx_m | also PHPTAL sanitises variables at output anyway :) | 12:13 |
nuclear_eclipse | or rather, how long until nobody uses a browser that doesn't support CSP | 12:13 |
dhx_m | nuclear_eclipse: maybe never... it isn't a standard yet | 12:14 |
dhx_m | however PHPTAL's automatic sanitisation of any variables outputted in the templates should solve the problem I guess | 12:14 |
dhx_m | CSP is meant to just be another safeguard layer... it's not meant to be used as a first line defence | 12:14 |
CIA-21 | Mantisbt: hickseydr master-1.2.x * rc4b1574631fc /core/filter_api.php: Fix #11933: XSS via project_id_filter_target (filter advanced view) | 12:20 |
*** Joins: moto-moi (~hylke@cara.xs4all.nl) | 12:20 | |
CIA-21 | Mantisbt: hickseydr * r9d5880bc93ab /core/filter_api.php: Fix #11933: XSS via project_id_filter_target (filter advanced view) | 12:20 |
dhx_m | found some more, this time limited to administrators so I'm not calling it a security bug | 12:26 |
dhx_m | but it does limit their ability to use certain characters in a field | 12:26 |
dhx_m | (when that limitation shouldn't be in place) | 12:27 |
dhx_m | finally... ADOdb 5.11! :) | 12:29 |
*** Joins: hever (~hever@ip-95-223-227-129.unitymediagroup.de) | 12:40 | |
*** Joins: siebrand (~beis@sm.xs4all.nl) | 12:47 | |
*** Quits: Kornel^aardvark (~kornel@fw1.aardvarkmedia.co.uk) (Quit: Kornel^aardvark) | 12:48 | |
*** Joins: wolog_ (~wolog@AOrleans-152-1-34-142.w90-21.abo.wanadoo.fr) | 12:48 | |
CIA-21 | Mantisbt: hickseydr * rb8b21142be9e / (144 files in 10 dirs): Update ADOdb to v5.11 (May 5, 2010) | 13:17 |
*** Quits: hever (~hever@ip-95-223-227-129.unitymediagroup.de) (Ping timeout: 248 seconds) | 13:22 | |
*** Joins: giallu (~giallu@fedora/giallu) | 14:20 | |
*** Joins: micahg (~micah@ubuntu/member/micahg) | 14:24 | |
*** Joins: cobexer (~cobexer@188-23-14-35.adsl.highway.telekom.at) | 14:40 | |
*** Quits: \cobexer|away (~cobexer@188-23-10-184.adsl.highway.telekom.at) (Read error: Operation timed out) | 14:41 | |
*** Joins: hever (~hever@ip-95-223-227-129.unitymediagroup.de) | 14:47 | |
*** Joins: AzaToth (~azatoth@wikipedia/AzaToth) | 14:53 | |
*** Quits: hever (~hever@ip-95-223-227-129.unitymediagroup.de) (Ping timeout: 246 seconds) | 15:15 | |
*** Joins: rombert (~robert@81.180.230.218) | 16:04 | |
rombert | Hey all | 16:05 |
rombert | any postgres savy users? | 16:05 |
nuclear_eclipse | hi rombert | 16:06 |
* nuclear_eclipse suggests chatting with dhx_m | 16:06 | |
rombert | thanks | 16:07 |
CIA-21 | Mantisbt: robert * r87448db8ee68 /admin/install.php: Display all current SQL upgrade instructions on execution failure | 16:47 |
CIA-21 | Mantisbt: robert master-1.2.x * r3fa5664bfcaf /admin/install.php: Display all current SQL upgrade instructions on execution failure | 16:47 |
CIA-21 | Mantisbt: robert.munteanu * r18b995e24c1f /api/soap/mc_file_api.php: Fix attachment upload for SOAP API/PostgreSQL | 17:36 |
CIA-21 | Mantisbt: robert.munteanu master-1.2.x * r90c726d36f95 /api/soap/mc_file_api.php: Fix attachment upload for SOAP API/PostgreSQL | 17:36 |
*** Quits: daryn (~daryn@rrcs-76-79-4-2.west.biz.rr.com) (Quit: Ex-Chat) | 17:56 | |
*** Quits: moto-moi (~hylke@cara.xs4all.nl) (Quit: Ex-Chat) | 17:59 | |
*** Quits: cobexer (~cobexer@188-23-14-35.adsl.highway.telekom.at) (Read error: Connection reset by peer) | 18:02 | |
*** Parts: rombert (~robert@81.180.230.218) | 18:15 | |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 264 seconds) | 18:37 | |
*** Joins: hever (~hever@ip-95-223-227-129.unitymediagroup.de) | 18:37 | |
*** Quits: hever (~hever@ip-95-223-227-129.unitymediagroup.de) (Remote host closed the connection) | 18:55 | |
*** Quits: AzaToth (~azatoth@wikipedia/AzaToth) (Remote host closed the connection) | 19:24 | |
*** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection) | 19:59 | |
*** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) | 20:00 | |
*** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 276 seconds) | 20:47 | |
CIA-21 | Mantisbt: jreese * rb4e8a6647d9e /core/error_api.php: Fix edge case with event_clear_callbacks | 21:29 |
CIA-21 | Mantisbt: jreese master-1.2.x * r7f1534f93b1d /core/error_api.php: Fix edge case with event_clear_callbacks | 21:29 |
*** Joins: daryn (~daryn@h102.211.31.71.dynamic.ip.windstream.net) | 22:02 | |
*** Quits: fanno (~Morten@90.184.93.233) (Read error: Connection reset by peer) | 22:27 | |
*** Quits: |Otter| (~haruka@p54ACCE74.dip.t-dialin.net) (Ping timeout: 246 seconds) | 22:32 | |
*** Joins: daryn_ (~daryn@h66.156.16.98.dynamic.ip.windstream.net) | 22:33 | |
*** Joins: micahg (~micah@ubuntu/member/micahg) | 22:36 | |
*** Quits: daryn (~daryn@h102.211.31.71.dynamic.ip.windstream.net) (Ping timeout: 265 seconds) | 22:36 | |
*** daryn_ is now known as daryn | 22:43 | |
*** Joins: |Otter| (~haruka@p54ACFC20.dip.t-dialin.net) | 22:45 |
Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!