Phoca Gallery v2.6.1 now deleting Redact data - Abivia Web Hosting and Web Site Development

Forum Notice

All forum posts are moderated. Your post will not be visible until a moderator has approved it. Please refrain from posting the same question over and over because you don't see it the first time.

A special note for spammers: when we say all, we mean ALL. Every single message is manually reviewed. So don't pretend you have a support issue then try to spam after we've replied. You're wasting your time.

Home

Help

Forums

Welcome, Guest

Phoca Gallery v2.6.1 now deleting Redact data

(1 viewing) (1) Guest

Reply Topic

New Topic

Page:
1
2

TOPIC: Phoca Gallery v2.6.1 now deleting Redact data

Phoca Gallery v2.6.1 now deleting Redact data 3 years, 5 months ago #7

kenmcd
OFFLINE
Fresh Boarder
Posts: 7
Karma: 0

Phoca is now deleting stuff from your database.

Phoca Gallery v2.6.1 added a new function called correctRender.
function correctRender searches for both the Redact plugin and for the ReReplacer plugin.

If the Redact plugin is found it then searches the data stored in the jos_plugins database table to see if the Redact parameters settings includes "phoca.cz".

If the ReReplacer plugin is found it then searches the data stored in the jos_rereplacer database table to see if it includes "phoca.cz".

Then it changes your data in the database.
It runs an UPDATE query to change your data in an attempt to prevent users from deleting the link to phoca.cz.

It is NEVER acceptable to delete anything in a user's database or on their website without their knowledge and permission.

(thumbs down Phoca)

Look here:
com_phocagallery_v2.6.1librariesphocagalleryrenderrenderfront.php
function correctRender - Starts at line 502

.

Reply Quote

Phoca Gallery v2.6.1 now deleting Redact data 3 years, 5 months ago #122

kenmcd
OFFLINE
Fresh Boarder
Posts: 7
Karma: 0

Reply Quote

Phoca Gallery v2.6.1 now deleting Redact data 3 years, 5 months ago #123

kenmcd
OFFLINE
Fresh Boarder
Posts: 7
Karma: 0

.

Here is the code in question:

	function correctRender() {
		if (class_exists('plgSystemRedact')) {
			$db =& JFactory::getDBO();
			$query = 'SELECT a.params AS params'
					.' FROM jos_plugins AS a'
					.' WHERE a.element = 'redact''
					.' AND a.folder = 'system''
					.' AND a.published = 1';
			$db->setQuery($query, 0, 1);
			$params = $db->loadObject();
			if(isset($params->params) && $params->params != '') {
				$params->params = str_replace('phoca.cz', 'phoca_cz', $params->params);
				$params->params = str_replace('phoca.cz', 'phoca_cz', $params->params);
				if ($params->params != '') {
					$query = 'UPDATE jos_plugins'
							.' SET params = ''.$params->params.'''
							.' WHERE element = 'redact''
							.' AND folder = 'system'';
					$db->setQuery($query);
					$db->query();
				}
			}
		
		}
		if (class_exists('plgSystemReReplacer')) {
			$db =& JFactory::getDBO();
			$query = 'SELECT a.id, a.search'
					.' FROM jos_rereplacer AS a'
					.' WHERE (a.search LIKE '%phoca.cz%''
					.' OR a.search LIKE '%phoca\\\\.cz%')'
					.' AND a.published = 1';
			$db->setQuery($query);
			$search = $db->loadObjectList();
			
			if(isset($search) && count($search)) {
				
				foreach ($search as $value) {
					if (isset($value->search) && $value->search != '' && isset($value->id) && $value->id > 0) {
						$value->search = str_replace('phoca.cz', 'phoca_cz', $value->search);
						$value->search = str_replace('phoca.cz', 'phoca_cz', $value->search);
						if ($value->search != '') {
							$query = 'UPDATE jos_rereplacer'
							.' SET search = ''.$value->search.'''
							.' WHERE id = '.(int)$value->id;
							$db->setQuery($query);
							$db->query();
						}
					}
				}
			}
		}
	
	}

Reply Quote

Phoca Gallery v2.6.1 now deleting Redact data 3 years, 5 months ago #124

instance
OFFLINE
Administrator
Posts: 350
Karma: 9

Thanks to the power of regular expressions, this is easy to work around. As you can see from the code, this function only looks for two possible values, "phoca.cz" and "phoca.cz".

Fortunately there are an infinite number of alternatives. just a few examples:

pho(some_random_string)?ca.cz  // since the random string is optional, you still match on what you want
ph[o]ca.cz  // [o] matches on any string containing "o"
phoca.c{1}z // {1} means match on exactly one
phoca.[cw]{1}z  // this will match on phoca.wz as well, but who cares?
pho{1,4}ca.cz  // Matches phoca.cz phooca.cz phoooca.cz and phooooca.cz

So, to keep the functionality of the redaction plugin, just complicate your regular expressions with one (preferably more than one) of these techniques, and carry on.

Reply Quote

Phoca Gallery v2.6.1 now deleting Redact data 3 years, 5 months ago #128

H13
OFFLINE
Fresh Boarder
Posts: 4
Karma: 0

Hi, Ken McDonald (kenmcd),

It is NEVER acceptable to delete anything in a user's database or on their website without their knowledge and permission.

It is NEVER acceptable that some extension gives the tool to violate copyrights. The modifications are only protection of copyrights.

So in fact, you, Ken McDonald, are the killer of free extensions and of free software as you cannot think forward.

As I wrote you many times, the Phoca Gallery is free extension. I am only one who develop it. And I have strange time issues. I am not able to answer all the posts in the forum, I am not able to help people on their servers (as I usually do), I am not able to email them the support. So the link in footer is very important to the project. As you know I am helping to every people. For people who try to ask posts in the forum regularly or contribute to the project with translation or improvement I give advices how to hide the link.

It is an enormours help for me, if e.g. people try to help me with answering the posts in the forum. But it seems, you don't know the word "help".

After you will help a lot of people I have helped (of course for free) then please come here and you can write your ideas about open source which are of course wrong. With your ideas you can only stop free extensions development and supporting commercial extensions. (Are you supporting some commercial extensions? It seems yes, because you are fighting against all possible free extensions)

So, lets sum it up.
Please, Ken McDonald,
- after you will do over 50 free extensions as I did
- after you will help a lot of people via email as I do
- after you will help a lot of people on their servers as I do
- after you will make over 12000 answers on different Joomla! forums as I did
- after you will spend parts of donation to beneficence as I do
- after you will help with sites for not profit organizations for free as I do

then you can write here your ideas about open source but before it, don't damage other projects, please do, do something useful.

Jan

Reply Quote

Phoca Gallery v2.6.1 now deleting Redact data 3 years, 5 months ago #129

kenmcd
OFFLINE
Fresh Boarder
Posts: 7
Karma: 0

Ahhh, the righteous indignation defense when caught red-handed.
How . . . emm . . . predictable.

I must admit that you are 100% correct in that I have not contributed anything anywhere anytime.
But you did miss one little known fact — I also enjoy eating babies.

Is it possible I can somehow redeem myself in the eyes of the almighty and the world?
Perhaps contributing some documentation for a plugin would be a good start.
Yes, yes, YES, that is the proper redemption for my sins.
A meager offering by a wretched soul to be embraced and enjoyed by the many.

Thank you for your warm thoughts and sage advice.

p.s Had a forum moderator on the Joomla forum not deleted my post regarding Phoca Download,
then I would not have been angered by that and what I believe to be a twisted view of the GPL,
and I would not have been contacted by another user asking me to look at the Phoca Gallery for them,
and I would not have discovered that you added code to delete data from a user's database
without their knowledge or permission.

I did not go looking for this problem. I just answered a question in the forum, and dealt with the fallout.

Regardless – I would never just look the other way when I find what I consider malicious code.

Reply Quote

Phoca Gallery v2.6.1 now deleting Redact data 3 years, 5 months ago #130

H13
OFFLINE
Fresh Boarder
Posts: 4
Karma: 0

In fact I don't have any friends on Joomla! forum

but I think they did (not removed the post but removed a part which destroys specific project) because they see I have no wrong intentions.

I am trying to help people (really, I do - on the internet you can see so many demonstrations). I don't fight against other people who help others. The only one thing I did (regarding your person), I only corrected the false information you have pasted, nothing more ... (maybe this was the start of your activities, no idea) I don't have any aims to solving such topics. I want to do what I allway did - creating extensions and helping people to build their sites. Such conversations take my time which I could spent to other activities.

Belive me, I am not happy to solve such problems. I am not happy to spam forum of other Joomla! developer

No motivation for doing it.

Jan

Reply Quote

Phoca Gallery v2.6.1 now deleting Redact data 3 years, 5 months ago #131

H13
OFFLINE
Fresh Boarder
Posts: 4
Karma: 0

instance

I will not write you that this what you are doing is wrong, you need to know it, maybe you will find it after your extensions will be hacked, after you will spent your time with such issues and no with care about your users

I read your topis and can read your code, for me it is not problem to make some other protection. We can play this game further. I know I will NOT win this game. But I do my extensions in my free time. No for business so I have nothing to lose

But I will allways fight for my rights

Reply Quote

Reply Topic

New Topic

Page:
1
2

Time to create page: 0.23 seconds