CMS Made Simple Forums

Mesaredo, this Smarty snippet works in templates as well as in Global Content Blocks. Make sure that the module CGSimpleSmarty is installed, so that the class cgsimple is available. Another example to display a random title from one of the child pages of the page "parent": {$cgsimple->get_...

Some background information: I have a little little smarty loop that displays a catalog of sub-pages as thumbnails. The style of some of the thumbnails is controlled by a parameter that I put in a content block. If the webmaster switches templates without resetting the parameter in the content block...

Yes, it's useful at times.

It's not a bug report or feature request, I just need a different behavior for content blocks in a rather special case.

I noticed that content blocks for a page remain in the database even after the template is changed: 1.) assign template containing a content block (i.e. {content block="test" } 2.) replace the template with another, not containing the content block ({content block="test"} 3.) the...

In install/releasenotes.txt it just says

--------------------------------
CMSMS Version 1.10 - Martinique
--------------------------------

Release notes will go here when 1.10 is released.

Sure. Almost every variable in the Submission template of the default template set is unsafe and susceptible to Cross Site Scripting attacks. The fix would be not to echo any user variables at all or to sanitize them first with PHP's strip_tags. And don't use Smarty's strip_tags, it's broken and als...

nyandres,
FormBuilder is vulnerable to XSS attacks.

You must fix this problem in FormBuilder's templates or not use FormBuilder at all, because the default settings are highly unsafe.

A nice little demo on request.

Best regards,
David

your orginal post is still there on viewtopic.php?f=74&t=56406 I did check to see if I could get this post back but sad to say no luck. My bad :) tk -J As I said, no harm done. To get back on topic: I'd be great to have an option to filter filenames with a certain prefix. The function create_fi...

Yes, you removed the post. This also happened in this thread http://forum.cmsmadesimple.org/viewtopi ... 74&t=56406

No harm done.
Regars,
David

1-888-675-9874 why would you search for that? if you’re looking for a number then you wouldn't know it :D .. so I can't even think of a reason to search for a number by its self. I'd believe this issue would not be one to do something about. Hi Jeremy, there is even an open ticket in the bug tracke...

FileManager.module.php already contains a function ContainsIllegalChars() . It could be extended and then reused in action.newdir. Example: actions.newdir if ($this->ContainsIllegalChars($params["newdirname"]) || $params["newdirname"][0]==".") { $this->Redirect($id, 'de...

You might want to fix those XSS vulnerabilities in FormBuilder...

cb2004 wrote:Wow. Lets get this removed from the forum.

I agree. I edited my initial post and removed the URL. It was stupid to post it here but I thought only 1.10 was affected.

Previous versions of CMS Made Simple are also affected.
Very nice.
Try the submit button

Poste hier mal deine .htaccess, hoechstwahrscheinlich ist der fehler dort zu finden.