*** Joins: tsnfoo (~fulekia@ws-imac27.test.denison.edu) | 00:10 | |
*** Quits: micahg (~micahg@ubuntu/member/micahg) (Remote host closed the connection) | 00:53 | |
*** Joins: [KK]Kirill (~Miranda@7-68-52-95.baltnet.ru) | 01:33 | |
*** Quits: kirillka (~Miranda@154-80-52-95.baltnet.ru) (Ping timeout: 260 seconds) | 01:36 | |
GitHub71 | [mantisbt] davidhicks tagged release-1.2.8 at ab8dafb: http://git.io/qQKquw | 01:44 |
---|---|---|
GitHub71 | [mantisbt/release-1.2.8] Bump version to 1.2.8 and update release notes - David Hicks | 01:44 |
dhx1 | jreese: ping :) | 02:05 |
*** Quits: Ragnor (~Ragnor@dslb-178-009-159-169.pools.arcor-ip.net) (Quit: leaving) | 02:23 | |
*** Joins: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) | 02:28 | |
*** [KK]Kirill is now known as kirillka | 02:51 | |
*** Quits: Deepy_ (freenode@109-124-157-251.customer.t3.se) (Ping timeout: 240 seconds) | 03:04 | |
*** Joins: Deepy_ (freenode@109-124-157-251.customer.t3.se) | 03:06 | |
*** Quits: kirillka (~Miranda@7-68-52-95.baltnet.ru) (Quit: kirillka) | 04:06 | |
*** Joins: soc42 (~soc42@g226199151.adsl.alicedsl.de) | 04:41 | |
*** Joins: Paul24 (~IceChat09@2001:470:9310:aaaa:8d1f:ffe8:866e:4d17) | 04:59 | |
Paul24 | moo | 04:59 |
Paul24 | dhx1: some servers dont set script_name | 05:05 |
GitHub89 | [mantisbt] grangeway pushed 1 new commit to master: http://git.io/rK0zcg | 05:18 |
GitHub89 | [mantisbt/master] Using just script_name is OK, but it's feasible that SCRIPT_NAME isn't set - this is more common in (badly configured?) nginx servers - Paul Richards | 05:18 |
*** Quits: dhx1 (~anonymous@60-242-108-164.static.tpgi.com.au) (Remote host closed the connection) | 06:43 | |
*** Joins: dhx1 (~anonymous@60-242-108-164.static.tpgi.com.au) | 06:44 | |
dhx1 | Paul24: all of that code is within a check: | 06:45 |
dhx1 | if ( isset ( $_SERVER['SCRIPT_NAME'] ) ) | 06:45 |
dhx1 | therefore: | 06:46 |
dhx1 | if ( !isset( $_SERVER['SCRIPT_NAME'] )) { | 06:46 |
dhx1 | is always false | 06:46 |
dhx1 | and the code never executes | 06:46 |
Paul24 | erm | 06:54 |
Paul24 | wtf | 06:54 |
Paul24 | yea | 06:54 |
Paul24 | that should probably not have been there [the top bit] | 06:54 |
dhx1 | :) | 06:54 |
Paul24 | and then we should use phpself or scriptname | 06:54 |
Paul24 | we need to strip out \0's | 06:55 |
dhx1 | PHP_SELF isn't reliable to use as the physical path | 06:55 |
Paul24 | filter_var? :) | 06:55 |
* Paul24 prods dhx1 | 07:08 | |
Paul24 | dhx1: do you have teamviewer? | 07:09 |
dhx1 | Paul24: not sure? do PHP strings not stop at \0? | 07:09 |
dhx1 | Paul24: doubt it... Linux | 07:09 |
Paul24 | http://www.teamviewer.com/en/download/index.aspx | 07:10 |
Paul24 | see if you can grab that quickly | 07:10 |
Paul24 | so you can see sscreen briefly | 07:10 |
dhx1 | Paul24: TV is no go for me | 07:11 |
Paul24 | hmm? | 07:11 |
Paul24 | wha? :) | 07:11 |
Paul24 | oh | 07:11 |
dhx1 | binaries that I don't want to run... but couldn't run anyway due to the custom setup I have | 07:12 |
Paul24 | anyway | 07:14 |
Paul24 | i've completely broken my db :P | 07:14 |
Paul24 | no pages load in firefox now | 07:14 |
Paul24 | or IE :) | 07:14 |
Paul24 | or well view bugs, manage projects | 07:14 |
Paul24 | anything that shows categories, or tags | 07:15 |
GitHub138 | [mantisbt] rombert pushed 1 new commit to master-1.2.x: http://git.io/RHPpIQ | 07:17 |
GitHub138 | [mantisbt/master-1.2.x] Allow more control over the excel api's output - Robert Munteanu | 07:17 |
Paul24 | so i'm just wondering how to fix that | 07:17 |
GitHub89 | [mantisbt] rombert pushed 1 new commit to master: http://git.io/Jwif0A | 07:17 |
GitHub89 | [mantisbt/master] Allow more control over the excel api's output - Robert Munteanu | 07:17 |
Paul24 | we need to stop working on master :( | 07:22 |
dhx1 | yeah | 07:28 |
Paul24 | at least, i'm not sure that's something we'd introduce in a 1.2.8 release | 07:32 |
dhx1 | yeah I don't like that commit being in master-1.2.x | 07:36 |
dhx1 | it's a feature | 07:36 |
dhx1 | https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f | 07:36 |
dhx1 | is massive | 07:36 |
dhx1 | but at least it's a bug fix... and has been part of the master branch for over a year with no issue | 07:36 |
Paul24 | also | 07:48 |
Paul24 | not sure about his user id thing | 07:48 |
dhx1 | neither | 07:48 |
Paul24 | if you look, I basically apply the same logic as we do at start | 07:51 |
Paul24 | to display list of valid 'actions' | 07:51 |
Paul24 | and then check the action is one of the valid ones | 07:51 |
Paul24 | dhx1: pretty sure my commit can't cause what he's seeing | 08:11 |
Paul24 | *unless* my project override config fix is in someway 'wrong' | 08:12 |
Paul24 | but as I think that's probably a correct fix | 08:12 |
Paul24 | could be something else does something silly | 08:13 |
dhx1 | he's right about filter_var | 08:18 |
dhx1 | in that we can't use it in master-1.2.x | 08:18 |
Paul24 | heh | 08:19 |
Paul24 | just skip the filter_var thing in 1-2.x | 08:19 |
Paul24 | [that was more there for phpself | 08:19 |
Paul24 | so in theory, I dont think it's needed for just scriptname | 08:19 |
Paul24 | having said that, it's probably best to leave in master | 08:19 |
Paul24 | such that if we end up adding in phpself logic, it reminds us | 08:20 |
Paul24 | i'm still not sure what to do about \0's | 08:20 |
dhx1 | $text = str_replace("\0", "", $text); | 08:26 |
Paul24 | yea, I'm not sure i like that idea ;p | 08:27 |
Paul24 | i.e. we'd basically do that in gpc_get_String | 08:27 |
dhx1 | yeah | 08:27 |
dhx1 | it's fine with UTF-8 because \0 is reserved | 08:27 |
Paul24 | was thinking about filter_var(FILTER_UNSAFE_RAW, FILTER_FLAG_ENCODE_LOW) | 08:28 |
Paul24 | i.e. encode any low characters <32 ascii | 08:30 |
dhx1 | UTF-8... | 08:32 |
Paul24 | ? :) | 08:32 |
dhx1 | some of those low characters may have special meaning in UTF-8? | 08:33 |
dhx1 | I don't think so though... I think 0-127 map directly to ASCII... | 08:33 |
Paul24 | image = basename(filter_input(INPUT_GET, 'src', FILTER_UNSAFE_RAW, FILTER_REQUIRE_SCALAR | FILTER_FLAG_STRIP_LOW)); | 08:34 |
Paul24 | 08:34 | |
Paul24 | is example from user comment | 08:34 |
dhx1 | complicated? :o | 08:35 |
Paul24 | http://www.php.net/manual/en/filter.configuration.php | 08:37 |
Paul24 | hmm | 08:37 |
* Paul24 wonders how you tell if something is already filtered then... | 08:37 | |
dhx1 | I think \0 is the only special character we'd need to take care of anyway | 08:38 |
dhx1 | because some functions truncate at the first \0, some don't... | 08:38 |
Paul24 | yea, i'm just aware that php has the filter stuff now | 08:39 |
Paul24 | for this sort of stuff | 08:39 |
Paul24 | :) | 08:39 |
Paul24 | so for example, you can configure a default [as per above] and that gets done before magic quotes or anything sees it | 08:39 |
dhx1 | magic quotes = removed | 08:44 |
dhx1 | it doesn't exist (for good reason) :) | 08:44 |
Paul24 | ya | 08:45 |
Paul24 | you know what i mean though | 08:45 |
dhx1 | yep | 08:51 |
*** Quits: soc42 (~soc42@g226199151.adsl.alicedsl.de) (Remote host closed the connection) | 08:52 | |
*** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Ping timeout: 245 seconds) | 09:05 | |
*** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) | 09:07 | |
Paul24 | although \0 could be good for now i guess | 09:07 |
Paul24 | erm str_replace even | 09:07 |
Paul24 | in gpc_get_string | 09:07 |
Paul24 | dhx1: you still up? | 09:46 |
*** Quits: dhx1 (~anonymous@60-242-108-164.static.tpgi.com.au) (Remote host closed the connection) | 09:58 | |
*** Joins: soc42 (~soc42@g226199151.adsl.alicedsl.de) | 10:10 | |
*** Joins: cgraefe (5f75c9c1@gateway/web/freenode/ip.95.117.201.193) | 11:32 | |
*** Quits: cgraefe (5f75c9c1@gateway/web/freenode/ip.95.117.201.193) (Quit: Page closed) | 11:39 | |
*** Joins: JonMarkGo (~Jon@ool-18bfe16f.dyn.optonline.net) | 16:11 | |
*** Quits: soc42 (~soc42@g226199151.adsl.alicedsl.de) (Remote host closed the connection) | 16:54 | |
*** Quits: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) (Quit: visit http://wormscesky.cz) | 17:04 | |
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 240 seconds) | 18:05 | |
*** Joins: manitu (~mani@pD9E82138.dip.t-dialin.net) | 18:12 | |
manitu | hi ho.. is there an "addon" for mantis which can notify changes? an irc bot | 18:13 |
manitu | :x | 18:13 |
manitu | found something with google, but its from 2006 and no longer online | 18:13 |
*** Joins: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) | 18:14 | |
*** Quits: Paul24 (~IceChat09@2001:470:9310:aaaa:8d1f:ffe8:866e:4d17) (Quit: Light travels faster then sound, which is why some people appear bright, until you hear them speak) | 19:15 | |
*** Quits: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) (Quit: visit http://wormscesky.cz) | 19:30 | |
*** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection) | 20:00 | |
*** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) | 20:00 | |
*** Quits: JonMarkGo (~Jon@ool-18bfe16f.dyn.optonline.net) (Ping timeout: 276 seconds) | 23:01 |
Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!