modufolio / koken-app Goto Github PK

When restoring password, both the first mail with the link and then the second with the restored password contains the equal sign = here and there. Even in the middle of the link and password.

• Show only all system details when user is logged in

As we need to migrate to CI4 we need to apply a Public Folder setup where the app is one level below the front controllers. Normally there is only one frontcontroller index.php, in Koken we have several..

With the new app/file structure Koken will be more secure.

A Koken web-site that had content nested under headings was working under the last official Koken release and is not working correctly with patch 1.2.0. Specifically, collections with album_type = 1 do not display content in koken/admin/library:

Nor on the web-site:

I checked the database using MySQL and those albums that used to be there were still listed:

I carried out a test, adding a new "set" (album_type = 2) with a new "album" (album_type = 0) nested within it, see:

When I clicked on the new album "0409" all the missing content re-appeared, see:

When I clicked on one of the album_type = 1 items (either "Portfolio" or "Assignments") all the content that should be listed under those headings disappeared again.

My web-site worked fine with the last patch I downloaded from you on 6 August 2022 (1.1.3) and stopped working when my web host upgraded from PHP 7.4 to 8.1.

Action taken by me:

1. Followed instructions to upgrade to 1.2.0. (no change).
2. Cleared all browser history and caches (no change).
3. Tried a different browser (no change).
4. Deleted the entire koken/storage/cache folder and cleared browser history again (no change).
5. Upgraded web host from PHP 8.1 to 8.3 and cleared all histories and caches (no change).

I am enormously appreciative of the work done to keep Koken alive and would be hugely grateful for a fix for this, too. I hope I have provided enough for you to replicate it. If you have questions, please don't hesitate to ask.

Guy Montagu-Pollock.

Error

Uncaught Error: Call to a member function num_rows() 
/app/application/libraries/Datamapper.php(2238)

Reproduce:

Create nested album set(s)

Tested on php7.4 and 8.0

The Vimeo plugin works but there's no thumbnail, only the loading icon. Both on backend and frontend. It works to click it though, it will show and play the video. It's been a while since I used the Vimeo plugin, so I can't remember if I had to do something to make a thumbnail.

Some users have reported problems with using the boolevard theme.

• Research
• List problematic themes

Hi,

I recently used this repo to upgrade Koken as I wanted to move to PHP 8.1.

I've just completed moving it to sit behind nginx.

I'm only using the API, but looking at the admin interface and the public pages for Koken and I seem to have the same issues there as well. Namely,

location ~ "^/storage/cache/images(/(([0-9]{3}/[0-9]{3})|custom)/.*)$" {
  expires max;
  etag off;
  try_files $uri /i.php?path=$1;
}

This nginx block is no longer being hit, looking at the API image urls and indeed the images being served in the site, they're all coming from i.php?/<paths>/<name>.jpg

The <domain>/storage/cache/images/etc urls all work correctly and nginx serves them with no problem so for the time being I'm just rewriting the urls coming out of the API, but I also don't know why this is happening.

Do you have any suggestions as to why this might be?

I've done a successful Linux install:
PHP Version 8.1.13
MySQL Version 10.9.4-MariaDB
nginx/1.22.1
ImageMagick 7.1.0
FFmpeg Version 4.3.4
No matter what I do I always get the error code in api.html when I try to set a theme. I've tried all the tricks I can find on Google

I see logs like:
Koken-App/__rewrite_test/index.php" is not found (2: No such file or directory), client: 172.16.16.16, server: _, request: "GET /__rewrite_test/ HTTP/1.1", host: "mynas:8888"
Dec 22 19:39:29 mynas nginx[1201567]: 2022/12/22 18:39:29 [error] 1201567#1201567: *73394 "/poolz/Koken-App/__rewrite_test/index.php" is not found (2: No such file or directory), client: 172.16.16.16, server: _, request: "GET /__rewrite_test/ HTTP/1.1", host: "mynas:8888"
Dec 22 19:39:30 mynas nginx[1201567]: 2022/12/22 18:39:30 [error] 1201567#1201567: *73321 open() "/poolz/Koken-App/admin/undefined/installs/07a923d2ba871524e7641da96b15b8d2/updates" failed (2: No such file or directory), client: 172.16.16.25, server: _, request: "GET /admin/undefined/installs/07a923d2ba871524e7641da96b15b8d2/updates HTTP/1.1

Otherwise everything seems to work correctly, so close.... Lightroom plugin works etc.

hello, I have updated my koken installation. i noticed that the custom css no longer works. after entering a css code snippet, it is displayed in the preview, but after publishing, the code is displayed in a line with incorrect line breaks. so there are no more line breaks but only rn, like this:

p.descset {rntmargin-left:0px;rnttext-align: justify;rntfont-size:0.9em;rntcolor:#777777;rntwidth:75%; -moz-column-count: 2; -webkit-column-count: 2; column-count: 2;}

Is there a solution or can I edit an other CSS file on my FTP Server?

kind regards

Observing an issue with redactor not displaying only for choosing a block type to insert. Highlighting a word in an existing paragraph shows the redactor air bar properly.

Example of display issue:

redactor air buttons working properly on individual words:

I want to blame PHP because I cannot reproduce this under PHP 7.4; only seen under PHP 8.0.

nginx 1.18.0
koken 0.22.24
koken-app 1.1.2 applied
php 8.0.17

Error "New content records must be accompanied by an upload."

Result: photo is not added to the panel / database

• check different environments

Error when uploading image (or via URL). But the image uploads anyway, have to reload the page in the backend to see it there though. Or delete image cache.

Which is requirements?

Can anyone provide dockerfile or something?

Originally posted by @awesomesk1ll in #21

Hello,
I've discovered that koken has an RCE vulnerability in its code. This vuln existed in the original version, as far as I can say, and exists in your php8 compatible koken patched version.

I'm not sure where exactly is the faulty piece of code, but I can reproduce and have a POC. How can we talk safely about that without releasing a fully functional POC in the wild?

I tried with the Installatron applications installer that my webhost provides. It has the option to install Koken. It didn't work installing on PHP 8.0. Error message below, though it seems like the messege got cut off for some reason.

Installatron
PHP 8.0
Koken 0.22.24

Error: 2022-09-16 19:15:19.67494600 FAILURE [3; /usr/local/bin/curl] http://koken3.mydomain.com/api.php [http code=500. Request: /var/installatron/cache/fetch_query_7ec475516731ce91d7aca5a1eb96afa2.part; Headers: /var/installatron/cache/fetch_qu

I'm not a member of GitHUb so can't put it in the repo.