mirror of
https://github.com/e107inc/e107.git
synced 2025-01-17 04:38:27 +01:00
f6d6d1b185
`e_parse::toJS()`, documented with the description > Convert text blocks which are to be embedded within JS , does not protect strings from injections, which appears to be its primary use. Additionally, it performs multiple unrelated string modifications: * Replace Windows line breaks with a literal `\\n` (which would later be parsed as `\n` in JavaScript/JSON) * Does not modify Unix line breaks (`\n`), which is inconsistent with the Windows line break behavior * Removes HTML tags * Replaces HTML entities as `htmlentities()` does This method cannot be fixed because its usages are inconsistent. Most notably, some usages surround the method's output in single quotes while others surround it with double quotes. Strings cannot be JSON-encoded without confounding quotation mark styles. All core usages of `e_parse::toJS()` have been replaced with alternatives, which are also documented in the method's DocBlock. Fixes: #4546
e107 is a free and open-source content management system (CMS) which allows you to manage and publish your content online with ease. Developers can save time in building websites and powerful online applications. Users can avoid programming completely! Blogs, websites, intranets – e107 does it all.
Table of Contents
Requirements
Minimum
- A web server (Apache or Microsoft IIS) running PHP 5.6 or newer
- MySQL 4.x or newer, or MariaDB
- FTP access to your web server and an FTP client (such as FileZilla)
- Username and password to your MySQL database
Recommended
- Apache 2.2 or newer on Linux with PHP 7.0 or newer
- MySQL 5.x or newer, or MariaDB
- A registered domain name
- Access to a server control panel (such as cPanel)
Installation
Standard Installation
- Download e107.
- Unzip/Extract the compressed file onto your desired web root.
This is often a folder called
public_html. - Point your browser to the
install.phpscript (e.g.,https://example.com/subfolder/install.php) - Follow the installation wizard in your browser.
Git Installation (developer version)
- Run the following commands, replacing '~' with your document root (the parent of
public_html) and xxx:xxx is the intended owner of your e107 files.cd ~ git clone https://github.com/e107inc/e107.git public_html chown -R xxx:xxx public_html - Point your browser to the
install.phpscript (e.g.,https://example.com/subfolder/install.php) - Follow the installation wizard in your browser.
Reporting Bugs
Be sure you are using the most recent version of e107 prior to reporting an issue. You may report any bugs and make feature requests e107's GitHub Issues page.
Contributing to Development
- Please submit 1 pull request for each GitHub issue you work on.
- Make sure that only the lines you have changed actually show up in a file-comparison (diff). Some text editors alter every line; this should be avoided.
- It is recommended to configure
git pullto rebase on the master branch by default to avoid unnecessary merge commits. You can set this up in your copy of the repo's.git/configfile like so:[branch "master"] rebase = true - See the CONTRIBUTING document for a tutorial on getting started.
Donations
If you like e107 and wish to help it to improve, please consider making a small donation.
- PayPal: donate (at) e107.org
Support
License
e107 is released under the terms and conditions of the GNU General Public License (http://www.gnu.org/licenses/gpl.txt)