Loading...
 

Tracker Item History

View Tracker Item

Version Date User Field ID Field Difference
3 29 Nov 21 22:09 GMT-0000 hman 27 Description
 Something dangerous is happening inside tiki-check.php. This must never happen, because this spells out that there is something that can lead to a DOS, either involunaterily by co-admins not aware of the danger of the function, or even by attackers who somehow manage to do whatever tiki-check.php does when this happens. Possibly even by attacking other Tikis hosted by the same ISP, if the ISPs encapsulation is weak... Something dangerous is happening inside tiki-check.php. This must never happen, because this spells out that there is something that can lead to a DOS, either involunaterily by co-admins not aware of the danger of the function, or even by attackers who somehow manage to do whatever tiki-check.php does when this happens. Possibly even by attacking other Tikis hosted by the same ISP, if the ISPs encapsulation is weak...
-I therefore I propose that tiki-check.php be split up into segments that can be called individually (this eases finding the culprit) and then to have an admin configurable set of functions, so admins can disable dangerous functions. +I therefore propose that tiki-check.php be split up into segments that can be called individually (this eases finding the culprit) and then to have an admin configurable set of functions, so admins can disable dangerous functions.
2 29 Nov 21 11:31 GMT-0000 hman 27 Description
-Calling tiki-check.php (via the drop down menu of control panels) causes my rented webspace to crash. Literally. First, a 500 is thrown (internal server error), and afterwards the entire webspace goes offline for a couple of minutes! Eventually it does recover, but I have no idea by what mechanism auf my ISP this happens. Probably a restart of the (assumably) Docker instance. +Calling tiki-check.php (via the drop down menu of control panels) causes my rented webspace to crash. Literally. First, a 500 is thrown (internal server error), and afterwards the entire webspace goes offline for a couple of minutes! Eventually it does recover, but I have no idea by what mechanism of my ISP this happens. Probably a restart of the (assumed) Docker instance.
-This can possibly lead to disturbing the online presence of other customers of the same ISP! +This can possibly lead to disturbing the online presence of other customers of the same ISP, depending on the grade of encapsulation of the ISP!
-Something dangerous is happening inside tiki-check.php. This must never happen, because this spells out that there is something that can lead to a DOS, either involunaterily by co-admins not aware of the danger, or even by attackers who somehow manage to do whatever tiki-check.php does when this happens. Possibly even by attacking other Tikis hosted by the same ISP... +Something dangerous is happening inside tiki-check.php. This must never happen, because this spells out that there is something that can lead to a DOS, either involunaterily by co-admins not aware of the danger of the function, or even by attackers who somehow manage to do whatever tiki-check.php does when this happens. Possibly even by attacking other Tikis hosted by the same ISP, if the ISPs encapsulation is weak...
-I therefore I propose that tiki-check.php be split up into segments that can be called individually (this eases finding the culprit) and then to have a admin configurable set of functions, so admins can disable dangerous functions. +I therefore I propose that tiki-check.php be split up into segments that can be called individually (this eases finding the culprit) and then to have an admin configurable set of functions, so admins can disable dangerous functions.
1 29 Nov 21 11:07 GMT-0000 hman 43 Category
 +Bug
 Error Error
      236 Demonstrate Bug (Tiki 19+)
- +none

Keywords

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI & 508)
Accounting
Administration
Ajax
Articles & Submissions
Backlinks
Banner
Batch
BigBlueButton audio/video/chat/screensharing
Blog
Bookmark
Browser Compatibility
Calendar
Category
Chat
Comment
Communication Center
Consistency
Contacts Address book
Contact us
Content template
Contribution
Cookie
Copyright
Credits
Custom Home (and Group Home Page)
Database MySQL - MyISAM
Database MySQL - InnoDB
Date and Time
Debugger Console
Diagram
Directory (of hyperlinks)
Documentation link from Tiki to doc.tiki.org (Help System)
Docs
DogFood
Draw -superseded by Diagram
Dynamic Content
Preferences
Dynamic Variable
External Authentication
FAQ
Featured links
Feeds (RSS)
File Gallery
Forum
Friendship Network (Community)
Gantt
Group
Groupmail
Help
History
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interoperability
Inter-User Messages
InterTiki
jQuery
Kaltura video management
Karma
Live Support
Logs (system & action)
Lost edit protection
Mail-in
Map
Menu
Meta Tag
Missing features
Visual Mapping
Mobile
Mods
Modules
MultiTiki
MyTiki
Newsletter
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Organic Groups (Self-managed Teams)
Packages
Payment
PDF
Performance Speed / Load / Compression / Cache
Permission
Poll
Profiles
Quiz
Rating
Realname
Report
Revision Approval
Scheduler
Score
Search engine optimization (SEO)
Search
Security
Semantic links
Share
Shopping Cart
Shoutbox
Site Identity
Slideshow
Smarty Template
Social Networking
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Staging and Approval
Stats
Survey
Syntax Highlighter (Codemirror)
Tablesorter
Tags
Task
Tell a Friend
Terms and Conditions
Theme
TikiTests
Timesheet
Token Access
Toolbar (Quicktags)
Tours
Trackers
TRIM
User Administration
User Files
User Menu
Watch
Webmail and Groupmail
WebServices
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspace and perspectives
WYSIWTSN
WYSIWYCA
WYSIWYG
XMLRPC
XMPP




Useful Tools