Which right do i have to give IIS_WPG on windows 2003 r2
Moderator: Thorsten
Which right do i have to give IIS_WPG on windows 2003 r2
Hello i installed a iis 6.0 on windows 2003 server r2 and configured it with php and isapi so i can just see the infos from the phpinfo.php. So far so good i have i working webserver with php support and so i started to install phpMyFAQ all seem to be right i can make categories and i can create questions but when i right the text into the editor control and i save .the text which i entered in the editor control wouldn't appear the next time i opened that faq. So i think the IIS_WPG user needs some rights to write to file or that? Has anybody i fully working installtion with iis 6.0 and php5 and phpMyFAQ1.6.6
Re: Which right do i have to give IIS_WPG on windows 2003 r2
Hi,
At least the text could be truncated: read here.
My suggestions are:
Matteo
it needs simply the right to write on DB, nothing more. Which DB are you using?nomukrt wrote:Hello i installed a iis 6.0 on windows 2003 server r2 and configured it with php and isapi so i can just see the infos from the phpinfo.php. So far so good i have i working webserver with php support and so i started to install phpMyFAQ all seem to be right i can make categories and i can create questions but when i right the text into the editor control and i save .the text which i entered in the editor control wouldn't appear the next time i opened that faq. So i think the IIS_WPG user needs some rights to write to file or that?
I'm running PMF on IIS 5.0 and PHP 5.1.6/4.4.4/4.3.5, with MySQL 4.1.20, MSDE 2000, MS SQL 2000 SP4. I could test PMF on IIS 6.0 but I think that the issue is not related to IIS: you could check if your IIS 6.0 is preventing the load of some files looking at 404 errors in your log file but the WYSIWYG editor simply uses some .js files and this extension is enabled by default even on IIS 6.0.nomukrt wrote:Has anybody i fully working installtion with iis 6.0 and php5 and phpMyFAQ1.6.6
At least the text could be truncated: read here.
My suggestions are:
- Post here the PMF backend homepage sections phpMyFAQ Information and System Information;
- Check for any strange error in your log files, both PHP ones and 404s;
- Check with the Metabase Explorer (IIS SDK) for any too small limit in HTTP POST size (AspMaxRequestEntityAllowed);
- Drop an eye to faqdata table where the content should be stored if it is not empty.
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Amazon.co.uk Wishlist
It seems to be a character/encoding problem
Hello,
i have just tested a few scenarios and now i can reproduce the error: if i write the following text in the editor-control:
Wie fixt man den Fehler:Beim Starten des zentralen Programms "HP Director" erscheint die Meldung "Visual C++ Runtime Error ..."
Lösung: lokales Loginscript namens LocalLogon.cmd mit folgendem Inhalt anlegen:
@echo off
%SystemRoot%\system32\xcopy.exe /I /S /Y "%CommonProgramFiles%\ZDV\Hewlett-Packard" "%APPDATA%\Hewlett-Packard"
Verzeichnis %CommonProgramFiles%\ZDV\Hewlett-Packard\Digital Imaging
anlegen mit folgenden Dateien als Daten devices.xml, settings.xml
then nothing of the text will be saved.
if i paste the follwing text into the editorcontrol:
Wie fixt man den Fehler:Beim Starten des zentralen Programms "HP Director" erscheint die Meldung "Visual C++ Runtime Error ..."
Loesung: lokales Loginscript namens LocalLogon.cmd mit folgendem Inhalt anlegen:
@echo off
%SystemRoot%\system32\xcopy.exe /I /S /Y "%CommonProgramFiles%\ZDV\Hewlett-Packard" "%APPDATA%\Hewlett-Packard"
Verzeichnis %CommonProgramFiles%\ZDV\Hewlett-Packard\Digital Imaging
anlegen mit folgenden Dateien als Daten devices.xml, settings.xml
the complete text is saved and all is working very fine. So i think the character ö is the reason for the fault.
My System
phpMyFAQ Version phpMyFAQ 1.6.6
Server Software Microsoft-IIS/6.0
PHP Version PHP 5.2.0
Register Globals off
Safe Mode off
Database Client Version 5.0.22
Database Server Version 5.0.27-community-nt
Webserver Interface ISAPI
i have just tested a few scenarios and now i can reproduce the error: if i write the following text in the editor-control:
Wie fixt man den Fehler:Beim Starten des zentralen Programms "HP Director" erscheint die Meldung "Visual C++ Runtime Error ..."
Lösung: lokales Loginscript namens LocalLogon.cmd mit folgendem Inhalt anlegen:
@echo off
%SystemRoot%\system32\xcopy.exe /I /S /Y "%CommonProgramFiles%\ZDV\Hewlett-Packard" "%APPDATA%\Hewlett-Packard"
Verzeichnis %CommonProgramFiles%\ZDV\Hewlett-Packard\Digital Imaging
anlegen mit folgenden Dateien als Daten devices.xml, settings.xml
then nothing of the text will be saved.
if i paste the follwing text into the editorcontrol:
Wie fixt man den Fehler:Beim Starten des zentralen Programms "HP Director" erscheint die Meldung "Visual C++ Runtime Error ..."
Loesung: lokales Loginscript namens LocalLogon.cmd mit folgendem Inhalt anlegen:
@echo off
%SystemRoot%\system32\xcopy.exe /I /S /Y "%CommonProgramFiles%\ZDV\Hewlett-Packard" "%APPDATA%\Hewlett-Packard"
Verzeichnis %CommonProgramFiles%\ZDV\Hewlett-Packard\Digital Imaging
anlegen mit folgenden Dateien als Daten devices.xml, settings.xml
the complete text is saved and all is working very fine. So i think the character ö is the reason for the fault.
My System
phpMyFAQ Version phpMyFAQ 1.6.6
Server Software Microsoft-IIS/6.0
PHP Version PHP 5.2.0
Register Globals off
Safe Mode off
Database Client Version 5.0.22
Database Server Version 5.0.27-community-nt
Webserver Interface ISAPI
Re: It seems to be a character/encoding problem
Hi,
Ciao,
Matteo
thanks for your effort in finding out what's causing the issue in your system: we'll look at it building a similar environment, at least MySQL 5.0.22 and PHP 5.2.0.nomukrt wrote:So i think the character ö is the reason for the fault.
My System
phpMyFAQ Version phpMyFAQ 1.6.6
Server Software Microsoft-IIS/6.0
PHP Version PHP 5.2.0
Register Globals off
Safe Mode off
Database Client Version 5.0.22
Database Server Version 5.0.27-community-nt
Webserver Interface ISAPI
Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Amazon.co.uk Wishlist
The issue is related to PHP 5.2.0 and our PMF_Init::basicXSS
Hi,
the issue is related only on adopting PHP 5.2.0 (nothing with IIS 6.0 or Windows) 'cause something changed (it seems not related with the new filters) in 5.2.0 is now breaking the RegExps in our PMF_Init::basicXSS.
In the mean time, waiting for a fix on PMF, you could replace that method in inc/Init.php with this below:
It's a safe workaround if your server is not public.
Stay tuned,
Matteo
EDIT: From the PHP changelog:
the issue is related only on adopting PHP 5.2.0 (nothing with IIS 6.0 or Windows) 'cause something changed (it seems not related with the new filters) in 5.2.0 is now breaking the RegExps in our PMF_Init::basicXSS.
In the mean time, waiting for a fix on PMF, you could replace that method in inc/Init.php with this below:
Code: Select all
function basicXSSClean($string)
{
if (strpos($string, '\0') !== false) {
return null;
}
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = str_replace(array("&","<",">"),array("&","<",">",),$string);
// Drop the regexps waiting for QA/Fix using PHP 5.2.0
//remove really unwanted tags
do {
$oldstring = $string;
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
} while ($oldstring != $string);
return $string;
}
Stay tuned,
Matteo
EDIT: From the PHP changelog:
Updated PCRE to version 6.7. (Ilia)
Last edited by matteo on Sat Nov 18, 2006 1:17 am, edited 1 time in total.
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Amazon.co.uk Wishlist
Ooops... This didn't work...It adds 7 backslashes in front of each single quote. Ie:
Code: Select all
I don't => I don\\\\\\\'t
Hi,
I cannot actually test it 'till Monday but here are some more notes. From:in php.ini should fix it or at least this should avoid another possible issue on PMF when running under PHP 5.2.0.
Ciao,
Matteo
I cannot actually test it 'till Monday but here are some more notes. From:
- Bug #39405 regular expression breaking on strings >= 24999 characters;
- NEW PCRE Configuration Options:pcre.backtrack_limit = 100000
pcre.recursion_limit = 100000
Code: Select all
pcre.backtrack_limit = -1
Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Amazon.co.uk Wishlist
Hi,
and you have magic quotes on.
Question: could you recover the original function and test if setting pcre.backtrack_limit to -1 solves the issue?
Ciao,
Matteo
that's 'cause in the previous post (just fixed now) I missed this piece of code:calande wrote:Ooops... This didn't work...It adds 7 backslashes in front of each single quote. Ie:
Code: Select all
I don't => I don\\\\\\\'t
Code: Select all
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
Question: could you recover the original function and test if setting pcre.backtrack_limit to -1 solves the issue?
Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Amazon.co.uk Wishlist
Hi,
The current issue, coming ONLY when running PHP 5.2.0 for a PMF server, is that the PCRE_UTF8, u, seems to work no longer:
that's the reason why I've suggested to temporarly remove each of the preg_replace calls IF/WHEN they contains the PCRE_UTF8 modifier.
Stay tuned,
Matteo
here is an update on the debug progress: I can confirm that the new 2 params, introduced with 5.2.0, optionally trigger another kind of issue.matteo wrote:it seems that:in php.ini should fix it or at least this should avoid another possible issue on PMF when running under PHP 5.2.0.Code: Select all
pcre.backtrack_limit = -1
The current issue, coming ONLY when running PHP 5.2.0 for a PMF server, is that the PCRE_UTF8, u, seems to work no longer:
that's the reason why I've suggested to temporarly remove each of the preg_replace calls IF/WHEN they contains the PCRE_UTF8 modifier.
Stay tuned,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Amazon.co.uk Wishlist
Hi all,
here is a working (BUT not the final) version of the PMF_Init::basicXSSClean static method:
What it seems to be changed with PHP 5.2.0 is that the PCRE_UTF8 modifier needs each char to be UTF-8 encoded.
Next step will be an analysis to see if any of the "utf-8 regexps" could run without PCRE_UTF8 modifier.
Stay tuned,
Matteo
here is a working (BUT not the final) version of the PMF_Init::basicXSSClean static method:
Code: Select all
function basicXSSClean($string)
{
global $PMF_LANG;
if (strpos($string, '\0') !== false) {
return null;
}
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = str_replace(array("&","<",">"),array("&","<",">",),$string);
$string = mb_convert_encoding($string, 'utf-8', $PMF_LANG["metaCharset"]);
// fix &entitiy\n;
$string = preg_replace('#(&\#*\w+)[\x00-\x20]+;#u',"$1;",$string);
$string = preg_replace('#(&\#x*)([0-9A-F]+);*#iu',"$1$2;",$string);
$string = html_entity_decode($string, ENT_COMPAT);
// remove any attribute starting with "on" or xmlns
$string = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',"$1>",$string);
// remove javascript: and vbscript: protocol
$string = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2nojavascript...',$string);
$string = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2novbscript...',$string);
//<span style="width: expression(alert('Ping!'));"></span>
// only works in ie...
$string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iUu',"$1>",$string);
$string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iUu',"$1>",$string);
$string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu',"$1>",$string);
//remove namespaced elements (we do not need them...)
$string = preg_replace('#</*\w+:\w[^>]*>#i',"",$string);
//remove really unwanted tags
do {
$oldstring = $string;
$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
} while ($oldstring != $string);
$string = mb_convert_encoding($string, $PMF_LANG["metaCharset"], 'utf-8');
return $string;
}
Next step will be an analysis to see if any of the "utf-8 regexps" could run without PCRE_UTF8 modifier.
Stay tuned,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Amazon.co.uk Wishlist
Hi all,
the issue has been fixed since few minutes into CVS both for 1.6.7-dev and 2.0.0-beta.
Ciao,
Matteo
the issue has been fixed since few minutes into CVS both for 1.6.7-dev and 2.0.0-beta.
Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Amazon.co.uk Wishlist