modufolio / koken-app Goto Github PK

When restoring password, both the first mail with the link and then the second with the restored password contains the equal sign = here and there. Even in the middle of the link and password.

Hi,

I recently used this repo to upgrade Koken as I wanted to move to PHP 8.1.

I've just completed moving it to sit behind nginx.

I'm only using the API, but looking at the admin interface and the public pages for Koken and I seem to have the same issues there as well. Namely,

location ~ "^/storage/cache/images(/(([0-9]{3}/[0-9]{3})|custom)/.*)$" {
  expires max;
  etag off;
  try_files $uri /i.php?path=$1;
}

This nginx block is no longer being hit, looking at the API image urls and indeed the images being served in the site, they're all coming from i.php?/<paths>/<name>.jpg

The <domain>/storage/cache/images/etc urls all work correctly and nginx serves them with no problem so for the time being I'm just rewriting the urls coming out of the API, but I also don't know why this is happening.

Do you have any suggestions as to why this might be?

Error

Uncaught Error: Call to a member function num_rows() 
/app/application/libraries/Datamapper.php(2238)

Reproduce:

Create nested album set(s)

Tested on php7.4 and 8.0

I've done a successful Linux install:
PHP Version 8.1.13
MySQL Version 10.9.4-MariaDB
nginx/1.22.1
ImageMagick 7.1.0
FFmpeg Version 4.3.4
No matter what I do I always get the error code in api.html when I try to set a theme. I've tried all the tricks I can find on Google

I see logs like:
Koken-App/__rewrite_test/index.php" is not found (2: No such file or directory), client: 172.16.16.16, server: _, request: "GET /__rewrite_test/ HTTP/1.1", host: "mynas:8888"
Dec 22 19:39:29 mynas nginx[1201567]: 2022/12/22 18:39:29 [error] 1201567#1201567: *73394 "/poolz/Koken-App/__rewrite_test/index.php" is not found (2: No such file or directory), client: 172.16.16.16, server: _, request: "GET /__rewrite_test/ HTTP/1.1", host: "mynas:8888"
Dec 22 19:39:30 mynas nginx[1201567]: 2022/12/22 18:39:30 [error] 1201567#1201567: *73321 open() "/poolz/Koken-App/admin/undefined/installs/07a923d2ba871524e7641da96b15b8d2/updates" failed (2: No such file or directory), client: 172.16.16.25, server: _, request: "GET /admin/undefined/installs/07a923d2ba871524e7641da96b15b8d2/updates HTTP/1.1

Otherwise everything seems to work correctly, so close.... Lightroom plugin works etc.

I tried with the Installatron applications installer that my webhost provides. It has the option to install Koken. It didn't work installing on PHP 8.0. Error message below, though it seems like the messege got cut off for some reason.

Installatron
PHP 8.0
Koken 0.22.24

Error: 2022-09-16 19:15:19.67494600 FAILURE [3; /usr/local/bin/curl] http://koken3.mydomain.com/api.php [http code=500. Request: /var/installatron/cache/fetch_query_7ec475516731ce91d7aca5a1eb96afa2.part; Headers: /var/installatron/cache/fetch_qu

I'm not a member of GitHUb so can't put it in the repo.

Originally posted by @awesomesk1ll in #21

Some users have reported problems with using the boolevard theme.

• Research
• List problematic themes

Which is requirements?

Can anyone provide dockerfile or something?

The Vimeo plugin works but there's no thumbnail, only the loading icon. Both on backend and frontend. It works to click it though, it will show and play the video. It's been a while since I used the Vimeo plugin, so I can't remember if I had to do something to make a thumbnail.

As we need to migrate to CI4 we need to apply a Public Folder setup where the app is one level below the front controllers. Normally there is only one frontcontroller index.php, in Koken we have several..

With the new app/file structure Koken will be more secure.

Observing an issue with redactor not displaying only for choosing a block type to insert. Highlighting a word in an existing paragraph shows the redactor air bar properly.

Example of display issue:

redactor air buttons working properly on individual words:

I want to blame PHP because I cannot reproduce this under PHP 7.4; only seen under PHP 8.0.

nginx 1.18.0
koken 0.22.24
koken-app 1.1.2 applied
php 8.0.17

Error "New content records must be accompanied by an upload."

Result: photo is not added to the panel / database

• check different environments

Error when uploading image (or via URL). But the image uploads anyway, have to reload the page in the backend to see it there though. Or delete image cache.

• Show only all system details when user is logged in

Hello,
I've discovered that koken has an RCE vulnerability in its code. This vuln existed in the original version, as far as I can say, and exists in your php8 compatible koken patched version.

I'm not sure where exactly is the faulty piece of code, but I can reproduce and have a POC. How can we talk safely about that without releasing a fully functional POC in the wild?