Author Topic: Major danger with browser history of save.php file.  (Read 10029 times)

Offline DssTrainer

  • Posts: 8
    • http://www.jblradongas.com
Major danger with browser history of save.php file.
« on: August 21, 2007, 05:41:29 PM »
Want a quick way to screw up your site?

type this in your browser:
http://www.mysite.com/admin/settings/save.php

If you were recently logged into website baker, and you still have the logged in cookie, you will have successfully cleared the database table for your settings. Which will make the front end not work with a message like "Unable to load language file".

This happened to me because as I was typing into my address bar, the auto-fill from previous paths showed up, so as I was scrolling through the list, I accidentally selected the admin/settings/save.php historical path.

This runs the save with no data, essentially clearing out all the data. This should really be patched or at least fixed in WB3, as it was quite scary and easy to accidentally do. Perhaps save.php?saveall or something is needed, as I think most browsers don't add the ?xxx stuff to the historical path, but I may be wrong.

To fix this, I luckily had another website baker site setup and went into cpanel and copy the raw database defaults back in and that got me back up to seeing the site again. Then I had to re-enter all my website header/footer/keywords/settings etc.

Offline kweitzel

  • WebsiteBaker Org e.V.
  • **
  • Posts: 6983
  • Gender: Male
Re: Major danger with browser history of save.php file.
« Reply #1 on: August 25, 2007, 04:50:22 PM »
thanks for submitting, opened Ticket 412 ... which Version did you test this with?

cheers

Klaus

Deb

  • Guest
Re: Major danger with browser history of save.php file.
« Reply #2 on: September 04, 2007, 04:28:59 PM »
Want a quick way to screw up your site?

type this in your browser:
http://www.mysite.com/admin/settings/save.php

Zowie! or maybe that's "Zap!"  Thank you so much for sharing that! 

Offline rdbartz

  • Posts: 1
FIX FOR THIS LOST SETTINGS PROBLEM
« Reply #3 on: December 21, 2007, 03:46:51 AM »
I am surprised that this is not fixed in the current version...  wow.  All you have to do is to load the save.php directly and it erases your settings.

There are a lot of ways around this.  Here is a simple fix that just stops the update and goes back to the settings page after a brief warning:

Open /admin/settings/save.php for editing and...

Just BEFORE these TWO lines:
// Create new database object
$database = new database();

Add these three lines:

if(($admin->get_post(website_title)== "")||($admin->get_post(default_language)== "")) {
    echo "Oh NO... page called directly, CANNOT SAVE!";
}else {

then AFTER these two lines:
    $database->query("UPDATE ".TABLE_PREFIX."search SET value = '$value' WHERE name = '$setting_name'");
}
 
Add this ONE closing bracket:

}

This simple fix will look at the posted values for website title and language and, if either are blank, will NOT allow any updating to occur.

RDB

doc

  • Guest
Re: Major danger with browser history of save.php file.
« Reply #4 on: December 21, 2007, 07:19:04 AM »
Hello,

well this bug will be fixed with the next WB version.

Regards Christian

lanesharon

  • Guest
Re: FIX FOR THIS LOST SETTINGS PROBLEM
« Reply #5 on: December 22, 2007, 08:18:53 PM »
Here is a simple fix that just stops the update and goes back to the settings page after a brief warning:
Thank You

Offline ptgptg

  • Posts: 14
Re: Major danger with browser history of save.php file.
« Reply #6 on: April 20, 2008, 09:50:06 AM »
PLEASE HELP!
I applied the above fix and then ran /admin/settings/save.php to make sure it worked, and i ended up looking at a "Error loading language file , please check configuration" message!
Now i can't see the frontend of the website and can't get into the admin area.
What do i do? Please help.

Offline ptgptg

  • Posts: 14
Re: Major danger with browser history of save.php file.
« Reply #7 on: April 20, 2008, 10:26:40 AM »
I found an old sql tables backup i made.
I've tried to import it using phpmyadmin but every hebrew character is replaced with a question mark.
I tried utf8 and hebrew charset - nothing works.
Does anybody have a clue?

Offline Lonesome Walker

  • Posts: 274
  • Gender: Male
  • Try...
    • Lonesome Walker
Re: Major danger with browser history of save.php file.
« Reply #8 on: April 20, 2008, 08:57:51 PM »
First of all, if you've made the backup with phpmyadmin, you should open the file with notepad, then save it as the same file, but you have to choose to save as UTF-8.
phpmyadmin stores the file in ANSI, so you get weird typos...
opensource company WebsiteBaker Templates Werbeartikel aller Art WebsiteBaker Hosting

aisling

  • Guest
Re: Major danger with browser history of save.php file.
« Reply #9 on: July 02, 2008, 01:38:16 PM »
HI, I don't know how it has happened, I was looking at the setting page o f my site to see if I could increase the file upload sive and was not aware of changign anything but next time I went to my site I got the error "Error loading language file , please check configuration" message!
Now i can't see the frontend of the website and can't get into the admin area.
I have no idea HOW to get to my site or why this has happened.

Any advice out there.??



doc

  • Guest
Re: Major danger with browser history of save.php file.
« Reply #10 on: July 02, 2008, 03:42:42 PM »
Hello,

this bug is fixed in WB 2.7. I posted a solution to recover a crashed site in the German forum.
http://www.websitebaker2.org/forum/index.php/topic,8324.msg49826.html#msg49826

Try to translate it via an online translator or maybe someone in the forum volunteers to translate it to English.

Good luck
Christian

 

postern-length