OSClass 2.3.5

Release highlights:

  • Escape quotes in attr values of input tags using a new helper: osc_esc_html #105
  • PHP Warning if the user doesn’t have a description in his profile #108
  • PHP Warning in Search model #110
  • Modified behavior in add/edit form of custom fields #112
  • Style of radio buttons in custom fields #117
  • JS error in add/edit page in oc-admin #119
  • XSS vulnerabilities in search page
  • SQL injections in search page and AJAX request in oc-admin (need to be logged as an admin)

Special thanks to Filippo Cavallarin and High-tech Bridge for reporting discretely the security vulnerabilities until we’ve published a new version. Last week we uploaded a Romanian .sql file to geo.osclass.org/downloads (thanks to Eduard Mihai). During this week we’re going to upload Latvia (thanks to Edgars Burmistris). If you want to add or improve your country locations, please contact us to info@osclass.org.

Download

Changelog

UPDATE 17/01/2012: Upload again the version because a mistake in custom fields of a last minute change

This entry was posted in Releases. Bookmark the permalink. Juan Ramón

13 Responses to OSClass 2.3.5

  1. Gizmo says:

    After upgrading from osc 2.3.4 to 2.3.5 I can’t see any plugins in the Dashboard but I can see them in the site oc-content/plugins subdirectory. I had disabled the plugins before I ran the upgrade. Weird – isn’t it?

  2. Juan Ramón says:

    @Gizmo: Is it the only problem you’re experiencing? Please, go to the forum and post there your problem.

  3. Vishnu Bhatia says:

    Hi Juan,
    Even after downloading the updated version I am getting following error message after manually upgrading.

    The error is created at the time of posting a new item:

    Warning: preg_match() expects parameter 2 to be string, array given in /home/XXXXXXXXXXXXX/oc-includes/htmlpurifier/HTMLPurifier/Lexer.php on line 316

    Warning: preg_match() expects parameter 2 to be string, array given in /home/XXXXXXXXXXXXX/oc-includes/htmlpurifier/HTMLPurifier/Encoder.php on line 54

    Warning: preg_match() expects parameter 2 to be string, array given in /home/XXXXXXXXXXXXX/oc-includes/htmlpurifier/HTMLPurifier/Lexer.php on line 316

    Warning: preg_match() expects parameter 2 to be string, array given in /home/XXXXXXXXXXXXX/oc-includes/htmlpurifier/HTMLPurifier/Encoder.php on line 54

    Warning: Cannot modify header information – headers already sent by (output started at /home/XXXXXXXXXXXXX/oc-includes/htmlpurifier/HTMLPurifier/Lexer.php:316) in /home/XXXXXXXXXXXXX/oc-includes/osclass/core/Cookie.php on line 94

    Warning: Cannot modify header information – headers already sent by (output started at /home/XXXXXXXXXXXXX/oc-includes/htmlpurifier/HTMLPurifier/Lexer.php:316) in /home/XXXXXXXXXXXXX/oc-content/plugins/paypal/index.php on line 247

  4. digant dalal says:

    Hello Juan the problem is not solved yet same error is coming on our website please check it out in inner pages of search panel. please try to solve this error as fast as possible.

  5. M. K. Khan says:

    After downloading the updated version I am getting following error message
    Please Help me

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@adsbox.in and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

    Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at adsbox.in Port 80

  6. Juan Ramón says:

    @digant dalal: Can you try changing this file? http://forums.osclass.org/installation-update-help/warnings-from-2-3-5/msg20426/#msg20426

    @M. K. Khan: Can you log your PHP errors as this page describe; http://wiki.osclass.org/Debug_PHP_errors Is it appearing some error in the debug.log file?

  7. M. K. Khan says:

    i bought some webspace and now i want to install osclass please help me

  8. digant dalal says:

    @Juan let me try now.

  9. digant dalal says:

    @Juan i was test but more errors are coming it is not yet fix. Dear Juan please try to solve this issue because a lots of users are coming on our website and they are not getting our services proper. Thanks Digant Dalal

    ERRORS ARE

    Warning: preg_match() expects parameter 2 to be string, array given in /home/content/36/8486036/html/oc-includes/htmlpurifier/HTMLPurifier/Lexer.php on line 316

    Warning: preg_match() expects parameter 2 to be string, array given in /home/content/36/8486036/html/oc-includes/htmlpurifier/HTMLPurifier/Encoder.php on line 54

    Warning: strlen() expects parameter 1 to be string, array given in /home/content/36/8486036/html/oc-includes/htmlpurifier/HTMLPurifier/Encoder.php on line 72

    Warning: preg_match() expects parameter 2 to be string, array given in /home/content/36/8486036/html/oc-includes/htmlpurifier/HTMLPurifier/Lexer.php on line 316

    Warning: preg_match() expects parameter 2 to be string, array given in /home/content/36/8486036/html/oc-includes/htmlpurifier/HTMLPurifier/Encoder.php on line 54

    Warning: strlen() expects parameter 1 to be string, array given in /home/content/36/8486036/html/oc-includes/htmlpurifier/HTMLPurifier/Encoder.php on line 72

  10. Juan Ramón says:

    @digant dalal: Are you sure you have changed the file? Everyone that have made this change, they have fixed this error. Please, post this problem in the forum.

  11. digant dalal says:

    @Juan yes i was update Params.php from here https://github.com/osclass/OSClass/blob/hotfixes/oc-includes/osclass/core/Params.php

    and Error is now solved. Thanks for your great support Juan. I hope one day we will working together with the good business deal cheers.

    Digant Dalal
    Founder and CEO
    Gravity Effects