Bolt CMS - posix_getuid() - bolt-cms

I've seen that there are other bugs which mention this issue but I think this one is slightly different. I have 3 folders in the files directory and when using the file manager I can access the first folder 2015-04 fine and as expected. However when I attempt to access the other two folders 2015-05 and 2015-06 I receive the following error.
Call to undefined function Bolt\Filesystem\posix_getuid()
If this is a result of PHP posix not being installed, then why can I access the first folder fine. Which is what leads me to think the issue is something else, but I could be wrong.
Thanks in advance for any help.

Yes, it is php-posix not being installed causing the error to be thrown.
The posix_getuid() function is called to check file read/write access under certain circumstances.
The files/ folder is checked fairly early in the bootstrap, and I am guessing that 2015-04 has read/write and that 2015-05 and 2015-06 allow read, but not write access to the web server's user context.
There was a workaround for this fairly late in 2.1.x from memory, but you're better off to install/enable the POSIX extension if at all possible.

Related

Selecting a VB6 DLL reference in one Access file somehow selects it in another

The Setup
I have a VB6 dll that works with an Access 2013 application.
There are two versions: dev.dll and prod.dll.
Both share the same code, but differ only by name (which should make them distinct COM objects).
To deploy, I:
Make prod.dll
Copy the development .accdb file to the production version
In production, change the dev.dll reference to prod.dll
The Problem
After doing this, I happened to recheck the dll reference in the development version. It was prod.dll -- not dev.dll as I was expecting!
Curious, I opened both the development and production .accdb files side-by-side.
Sure enough, when I changed the reference for one file, some invisible hand changed the reference in the other.
This behavior persisted when I opened one file by itself and changed its reference. After closing it and reopened the other, the reference had auto-magically changed.
Everything compiles OK. There are no orphan MSACCESS.exe instances floating around in Task Manager.
Questions
Has anyone else observed this behavior?
Should I worry about this?
Is there a fix?
Well some reference to some other Access database is NOT being added or changed out of the blue here.
You ALREADY have a reference to that registered .dll in BOTH applications. If you re-reigsiter the .dll, and regiser under the same name, then both applcations will still go look for that regisered dll by the name you gave it and thus both will change.
I mean, fire up a access database WITHOUT a reference to the regisered .dll, and THEN see what happens?
Answer: nothing at all!!!!
So, access does on startup try to load nd find the regisered .dll. In fact, you see this if you have say a reference to Excel 14. Now run the same applcation on a computer with Excel 15 or 16 - guess, what, the reference changes!!!!
so you have not shared your regsvr32 command you are using, but they have both a .dll, and the name that will appear when you use VBA->tools->references and set a reference to that .dll. If you THEN re-register the .dll, but the text for the reference in VBA stays the same, then access will flip and use the new registered .dll. Unless you give a 100% different name for the text part, then re-registering the .dll means that access on startup is able to see and find the text part name used, and thus will flip and now point to the new .dll.
And bonus question:
Do and can and do you have BOTH .dlls regiserted at the same time and on the same computer? Since if you do, then they will have not only a different path to the .dll, but ALSO a different name and text that displays, right?
So, if both .dlls are regisered on the computer at the same time, then they have different names, and thus this flip will not occur then, will it?
But, you not AT ANY POINT in time demonstrating that some accDB file by magic get, or has or sees some new reference set out of the blue. Your testing and example has the databases WITH AN ALREADY reference set, and you now re-registering the .dll used, but with the same name!!! it is for this reason the flip is occurring here, since the path name to the .dll changes, but not the text reference you see/use/pick when setting up the reference in the first place.
In fact, I would suggest you test this with both .dll's registered, and then set a reference in Access to both .dlls at the same time. Doing so will make what is occurring here very clear!
Now, it is possible that the above is not your case and scenario, and somthing else may well be going on here. But, I would test this with BOTH .dlls registered, and in VBA references settings, now have a reference to both .dlls. Do that, and you get your answer as to what is going on here.

Injecting into an EXE

I really want to inject my C++ program into another (compiled) program. The way I want to do this is changing the first part of bytes (where the program starts) to goto the binary of my program (pasted into an codecave for example) and when it is finished running to goto back where it went before the injected program started running.
Is this is even possible? and if it is, is it a good/smart idea todo so?
Are there other methods of doing so?
For example:
I wrote a program that will write the current time to a file and then terminates, so if i inject it to Internet Explorer and launch it, it will first write its current time to a file and then start Internet Explorer.
In order to do this, you should start reading the documentation for PE files, which you can download at microsoft.
Doing this takes a lot research and experimenting, which is beyond the scope of stackoverflow. You should also be aware that doing this depends heavily on the executable you try to patch. It may work with your version, but most likely not with another version. There are also techniques against this kind of attack. May be built into the executable as well as in the OS.
Is it possible?
Yes. Of course, but it's not trivial.
Is it smart?
Depends on what you do with it. Sometimes it may be the only way.

PhpStorm language injections and deployment configuration

I am using PhpStorm for few months now and I have just noticed something really weird about language injections in the version 9.0.
Sometimes I have to declare that some strings in my PHP are Javascript instructions. When I do so and save my file (with auto-upload on), it looks like PhpStorm is doing a lot of remote checks, file moves and transfers, I dont really understand why... and I'm afraid that it may overwrite files that I didn't modifie. I'm working directly on a production server with other people, I know it's dangerous but we have no choice for the moment.
In the file transfer logs, I have something like that :
[18/09/2015 10:47] Automatic upload completed in less than a minute: 2 items deleted, 50 items moved, 4 files transferred (4 Kb/s)
Can someone help understand what is going on ?
I have found a way to do what I want, but didn't find the reason of theses uploads that PhpStorm does without asking anything...
The problem is that, until now, I didn't found a way to save files one by one. It looks like PhpStorm has only a "Save all" option that uploads every files changed since last save (if you ask for auto-upload). And in the case of a language injection PhpStorm seems to change a something in the opened files that forces it re-upload them all.
So I disabled auto-upload and bound a shortcut to "Upload to default server". This option uploads only your current file but it saves it before. So it's a kind of auto-upload but a little less agressive and it gives me the possibility to just save my files (with "save all") or to save only the current one and upload it instantly.
This is the way I used to work before using PhpStorm, I find it more convenient and less violent than this automatic upload process that Phpstorm uses.
If someones find something better I'm opened to any advice.

Autoupdate ala Google Chrome workflow

In the company I am I was asked to write an autoupdate function a la chrome. I.e. It should check periodically whether a new version is available, download the new version and apply it silently the next time the application starts.
I already have something up and running but it is more like a dirty hack than something I feel happy about it. So, I would like to know how to design and implement such a solution. My horrible hack works as this:
Have a mechanism to check whether a new version exists (a database query or a web service)
Download a full zip with the whole new version.
Check file signature. If everything went alright, set a registry value: must update to true.
When the application restarts, if the must update value is true, launch an update program and exist.
The update deletes the contents of the application folder, unzips the update and replaces the old contents, launches the application and exits.
Now, I would like to change it, so it works cleaner. I am planning to send the update as a bsdiff file. It gets downloaded. But the question is, what happens next?
When do apply the update?
Who is in charge of applying the patch? is it the program itself or is it a third program, as I did, which is in charge of applying the patch and relaunch the application?
If your going down the C++ route you can go to chromium and download the Chrome source code and dig around to see how the update is done, this might give you a better idea on how to approach it. Here's an article that might help.
If your familiar with .NET the recently release nuget also has an auto update feature that might be useful to look at, you can get the source code from here. David Ebbo has a blog about how its done here.
I'm not up to date on Delphi but you might be able to use either of the above options.
The workflow you proposed is more or less like it should work, but there's no need to re-invent the wheel - there are plenty libraries out there that will do this for you. Using a 3rd party library has the benefit of keeping your code cleaner while making sure the dirty process of auto-update is contained and working flawlessly.
Trust me, I know. I'm the author of NAppUpdate, an app update framework for .NET (which you might want to try out or learn from).
So, after giving it a lot of though, this is what I came with (for active directory I will refer to the directory where the main program lies, active program is the main program and update program is the one that replaces the active program and its resource files):
The active program checks if there is a new version every certain amount of time. If so, download it
Prepare new version in a separate folder (this can be done by copying the contents of the directory with the program to a subdirectory and applying a binary patch, or simply unziping the new version).
Set a flag that indicates that a new version is ready.
When a program is exiting (and one has to control for different interrupts here):
The active program checks the new version ready flag. Launch the update program and exit.
The update program checks if it can write in the active directory. If so, replaces the contents with the prepared version.
The update program has to recheck links and update them accordingly.
So guys, if you have a better workflow, please tell me.
You could literally use the Google Chrome update workflow by using the Google Chrome updater:
http://code.google.com/p/omaha/
They open sourced it Feb 2009.

Syntax/error checking breaks in FlexBuilder/Flashbuilder with class libraries over Samba?

We have our class libraries on a shared server we access via Samba (and ssh for command line). Sadly, several features seem to fail in both Flex Builder and Flash Builder/Gumbo with this setup. For example, we no longer get automatic syntax and error checking. Anyone familiar with this issue and able to suggest a solution? Thanks!
Turns out this problem had nothing to do with our abstruse setup. I had simply forgotten to create a reference to the top-level class in the application file (bear in mind that with this setup the Flex project folder exists only to satisfy FB's need to place project files somewhere...all the real code is off on the server). Once this was done, all normal services were restored.