FlatPress lives

Filed under PHP 7.3

Sunday
3.
February 2019

Since November 2018 the Flatpress project has been taken over by a new Web Developer.

As can be seen from the Flatpress blog, a Flatpress Version for PHP 7.x is available and will be further developed.

» Flatpress Blog - Current status

More Infos in the next time :)

First PHP 7.2 Test

Filed under PHP 7.2

Saturday
18.
November 2017

It seems that Flatpress with PHP 7.2 is coming to an end :(

Flatpress is using a deprecated PHP function within PHP 7.2. I don’t know how to fix it at present, but I will have a look.

Application Error Disclosure - HTML

Filed under PHP 7.1

Sunday
26.
March 2017

Application Error Disclosure

After a few OWASP Penetration tests an “Application Error Disclosure” error has occurred.

PHP Warning: Smarty error: validate: validator id ‘name’ is not registered. in …
PHP Warning: Smarty error: validate: validator id ‘email’ is not registered. in …
PHP Warning: Smarty error: validate: validator id ‘www’ is not registered. in …
PHP Warning: Smarty error: validate: validator id ‘content’ is not registered. in …

This Smarty Validate Class error should have been fixed since a few years, but were still contained.

HTML - Responsive web design (RWD)

If you want to make your Flatpress theme suitable for mobile devices and test against the NU HTML Validator, you get some errors.

Changed line 170 in /fp-includes/core/core.theme.php from

echo '<link media="screen,projection,handheld" href="';

to

echo '<link media="screen" href="';

Flatpress fulltext search warnings

Filed under PHP 7.1

Saturday
11.
March 2017

Remove a few warnings in the fulltext search. It seems to be an old bug, because it appears on older php versions with the same warning.

/search.php on line 88
Warning: Illegal string offset ‘fullparse’ in …
Warning: Cannot assign an empty string to a string offset in …
/search.php on line 91
Warning: Illegal string offset ‘fullparse’ in …
/search.php on line 116
Warning: Illegal string offset ‘fullparse’ in …
/search.php on line 119
Notice: Undefined index: content in …

PHP 7.1 - Adding security and Smarty Update

Filed under PHP 7.1

Saturday
25.
February 2017

Fixing a OWASP warning by adding a few lines to the defaults.php.

Defaults.php

//
// OWASP - Browser Cache - How can the browser cache be used in attacks?
//
header('Expires: Sun, 01 Jan 2015 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
//
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
//
// End of send header
//

And next step updating the in Flatpress included Smarty Template Engine Version to get a bit more security.

Interesting Links

» Github - Smarty Template Engine project
» OWASP - Browser Cache - How can the browser cache be used in attacks?
» Stack Overflow - How to prevent Browser cache for php site

 

Top of Page