Page 18 of 19
BUG FIX Ver 3.5 ...
Posted: Wed 01 Jan 2020 3:32 pm
by beteljuice
Bug fix ... get zip from first post
V3.5 - Jan 1st 2020
- bug fix - now is corrected to 'yesterday' (latest possible record)
CU possible error report if year report is missing - fixed
Don't know why this hasn't been pointed out over the years - or perhaps it's just the way error reporting now is ?
@mark ... code incomplete and not quite correct
Code: Select all
$now = date_create('now')->modify('-1 day');
$now_month = $now->format('m'); // mark said mm
$now_year = $now->format('Y');
$prior_month = $now_month - 1; // mark didn't mention
$prior_year = $now_year - 1; // mark didn't mention
Also I discovered an incomplete check further along ..
Code: Select all
// if ($filesfound[$t] || ($yy == $now_year && $Naming != "CU")) {
if ((array_key_exists($t, $filesfound) && $filesfound[$t]) || ($yy == $now_year && $Naming != "CU")) {
All OK now (I hope)
Re: BUG FIX Ver 3.5 ...
Posted: Wed 01 Jan 2020 3:45 pm
by mcrossley
beteljuice wrote: ↑Wed 01 Jan 2020 3:32 pm
@mark ... code incomplete and not quite correct
Code: Select all
$now = date_create('now')->modify('-1 day');
$now_month = $now->format('m'); // mark said mm
$now_year = $now->format('Y');
$prior_month = $now_month - 1; // mark didn't mention
$prior_year = $now_year - 1; // mark didn't mention
Good spot on "m" vs. "mm" - amazingly the "mm" didn't affect the rest of the bullet proof code though!
And the two $prior_xxx values were not used for anything in my copy except for debug messages so they got commented out a while back.
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Thu 10 Sep 2020 11:23 am
by Matt.j5b
This is not a problem as these reports have been working just fine. But I however received an email (from an unknown person) saying a vulnerability (reflected cross site scripting) was found with my NOAA style report page when the following string is added to the end of the url of: <"/*'/*
Code: Select all
</Title/</Script/--><svg/**/; OnlOad=(alert)(document.domain)>/
So on my page to get this happening, which breaks the page badly:
Code: Select all
https://fernygroveweather.com/NOAA-reports.php/<"/*'/*</Title/</Script/--><svg/**/; Onload=(alert)(document.domain)>/
I didn't want to spend too much time on this, but I haven't been successful in resolving this. I doubt this is much of an issue anyway, but I thought I would advise of this just in case someone would like to come up with something to get around this.
Cheers
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Thu 10 Sep 2020 1:14 pm
by beteljuice
This is one of many, many 'exploit' techniques ...
You (and others) will find more pages where it gives the alert (executes) or breaks some of the existing code functions. Many pages may return 404, or carry on regardless.
Nothing I can do about it I'm afraid
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Fri 11 Sep 2020 12:58 pm
by Matt.j5b
That's a shame. Thanks for explaining that anyway.
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Mon 07 Dec 2020 8:48 pm
by Tigro11
hope to be on the exact discussion.
I would like to be able to change in the noaa file that mx creates, the decimal value separator from, to. it's possible?
thanks
Valerio
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Mon 22 Feb 2021 11:01 pm
by tmabell
Using php 8.0.2 and NOAA Style reports V3.5 - Jan 1st 2020 I'm seeing this which breaks the script:
Fatal error: Uncaught TypeError: Unsupported operand types: string - string in C:\www\NOAA-reports.php:279 Stack trace: #0 {main} thrown in C:\www\NOAA-reports.php on line 279
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Mon 22 Feb 2021 11:46 pm
by beteljuice
@tmabell ...
There is no code on line #279 ?
A link to your page pretty please ...
Has this ever worked, or is it only a problem with a migrate to PHP8 ?
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Mon 22 Feb 2021 11:58 pm
by tmabell
I added code at the top to enable error reporting which added 7 lines there. I had been using a very old version of this script until now so I cannot say if it worked or not prior to PHP 8. I'm attaching it and also here is the link:
https://mymishawakaweather.com/noaa-reports-new.php
Noaa-Reports.php.txt
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Tue 23 Feb 2021 1:57 am
by beteljuice
First of all you must tell us if you've done anything ...
I added code at the top to enable error reporting which added 7 lines there. ...
Second ... I have a very bad feeling about PHP8
Try changing your line #279 and let's see if it gets any further
Code: Select all
// old
If($now_year - $first_year == 0 || !$use_nav) {$classic_nav = true;} // Don't create drop-down and js
// new
If($now_year == $first_year || !$use_nav) {$classic_nav = true;} // Don't create drop-down and js
Edit: BTW
mymishawakaweather.com/noaa-reports-new.php is a 'stand-alone' page - but you have told the script to act as an include (No headers or CSS will be created)
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Tue 23 Feb 2021 10:16 am
by tmabell
FYI to avoid confusion I have the old (working) script live now. This problem child can be accessed here
https://mymishawakaweather.com/Noaa-Reports-New.php
It is my intention to use it within a page that has headers and footers already so stand-alone is what I need. After your suggestion, this is what prints:
Select a Year or Month report
Warning: Undefined variable $full_nav2 in C:\www\Noaa-Reports-New.php on line 451
V/Λ
Warning: Undefined variable $advisory in C:\www\Noaa-Reports-New.php on line 458
Warning: Undefined variable $rpt in C:\www\Noaa-Reports-New.php on line 460
This is all that shows up in a browser.
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Tue 23 Feb 2021 3:21 pm
by beteljuice
Looks like PHP8 has gone slightly more strict with numeric vs alpha in some for loops
Please try this extra line of cheat code (which may no longer work).
Code: Select all
// new
$first_year = $first_year *1;
// previously modified
If($now_year == $first_year || !$use_nav) {$classic_nav = true;} // Don't create drop-down and js
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Tue 23 Feb 2021 4:07 pm
by tmabell
I inserted that code at line 105. Now I get this error:
Warning: Undefined variable $first_year in C:\www\Noaa-Reports-New.php on line 106
Warning: Undefined variable $now_year in C:\www\Noaa-Reports-New.php on line 108
Select a Year or Month report
Warning: Undefined variable $full_nav2 in C:\www\Noaa-Reports-New.php on line 453
Warning: Undefined variable $advisory in C:\www\Noaa-Reports-New.php on line 460
Warning: Undefined variable $rpt in C:\www\Noaa-Reports-New.php on line 462
Honestly, if this is too much trouble I can revert to the old copy. I was primarily notifying you so that you'd be aware of what might be a problem eventually for other people.
That said, I would be happy to continue testing if you would like.
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Tue 23 Feb 2021 4:19 pm
by beteljuice
I inserted that code at line 105.
No, no, no
approx your line #279 as before.
I appreciate your assistance as there are very few running PHP8 ATM ...
I may have to send you some special code snippets to see what's really happening, but if we can do a quick fix I can breathe a sigh of relief rather than have a muddy fart
Re: PHP Web 'viewer' for Cumulus NOAA Style reports
Posted: Tue 23 Feb 2021 4:22 pm
by tmabell
Just so I get this right, I'm to insert this at line 279 and leave all of the existing code in place. In other words I'm not removing anything. Is that correct?
EDIT.... that was a dumb question. Your code was self-explanatory.
