Welcome to the Cumulus Support forum.

Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024

Cumulus MX V4 beta test release 4.0.0 (build 4017) - 17 March 2024

Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)

Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki

PHP Web 'viewer' for Cumulus NOAA Style reports

Other discussion about creating web sites for Cumulus that doesn't have a specific subforum

Moderator: daj

User avatar
beteljuice
Posts: 3292
Joined: Tue 09 Dec 2008 1:37 pm
Weather Station: None !
Operating System: W10 - Threadripper 16core, etc
Location: Dudley, West Midlands, UK

BUG FIX Ver 3.5 ...

Post by beteljuice »

Bug fix ... get zip from first post

V3.5 - Jan 1st 2020
  • bug fix - now is corrected to 'yesterday' (latest possible record)
    CU possible error report if year report is missing - fixed


Don't know why this hasn't been pointed out over the years - or perhaps it's just the way error reporting now is ?

@mark ... code incomplete and not quite correct :o

Code: Select all

$now = date_create('now')->modify('-1 day');
$now_month = $now->format('m'); // mark said mm
$now_year = $now->format('Y');
$prior_month = $now_month - 1; // mark didn't mention
$prior_year = $now_year - 1; // mark didn't mention
Also I discovered an incomplete check further along ..

Code: Select all

//		if ($filesfound[$t] || ($yy == $now_year && $Naming != "CU")) { 
		if ((array_key_exists($t, $filesfound) && $filesfound[$t]) || ($yy == $now_year && $Naming != "CU")) { 
All OK now (I hope)
Image
......................Imagine, what you will KNOW tomorrow !
User avatar
mcrossley
Posts: 12689
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2/WLL
Operating System: Bullseye Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: BUG FIX Ver 3.5 ...

Post by mcrossley »

beteljuice wrote: Wed 01 Jan 2020 3:32 pm @mark ... code incomplete and not quite correct :o

Code: Select all

$now = date_create('now')->modify('-1 day');
$now_month = $now->format('m'); // mark said mm
$now_year = $now->format('Y');
$prior_month = $now_month - 1; // mark didn't mention
$prior_year = $now_year - 1; // mark didn't mention
Good spot on "m" vs. "mm" - amazingly the "mm" didn't affect the rest of the bullet proof code though!
And the two $prior_xxx values were not used for anything in my copy except for debug messages so they got commented out a while back.
Matt.j5b
Posts: 512
Joined: Mon 28 Nov 2011 2:13 am
Weather Station: Davis VP2/ WLL with DFARS
Operating System: RPi Raspbian (Buster)
Location: Ferny Grove, Brisbane, Australia
Contact:

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by Matt.j5b »

This is not a problem as these reports have been working just fine. But I however received an email (from an unknown person) saying a vulnerability (reflected cross site scripting) was found with my NOAA style report page when the following string is added to the end of the url of: <"/*'/*

Code: Select all

</Title/</Script/--><svg/**/; OnlOad=(alert)(document.domain)>/
So on my page to get this happening, which breaks the page badly:

Code: Select all

https://fernygroveweather.com/NOAA-reports.php/<"/*'/*</Title/</Script/--><svg/**/; Onload=(alert)(document.domain)>/
I didn't want to spend too much time on this, but I haven't been successful in resolving this. I doubt this is much of an issue anyway, but I thought I would advise of this just in case someone would like to come up with something to get around this.

Cheers
Regards, Matt of Brisbane, Australia
Ferny Grove Weather
Image
User avatar
beteljuice
Posts: 3292
Joined: Tue 09 Dec 2008 1:37 pm
Weather Station: None !
Operating System: W10 - Threadripper 16core, etc
Location: Dudley, West Midlands, UK

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by beteljuice »

This is one of many, many 'exploit' techniques ...
You (and others) will find more pages where it gives the alert (executes) or breaks some of the existing code functions. Many pages may return 404, or carry on regardless.

Nothing I can do about it I'm afraid :cry:
Image
......................Imagine, what you will KNOW tomorrow !
Matt.j5b
Posts: 512
Joined: Mon 28 Nov 2011 2:13 am
Weather Station: Davis VP2/ WLL with DFARS
Operating System: RPi Raspbian (Buster)
Location: Ferny Grove, Brisbane, Australia
Contact:

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by Matt.j5b »

That's a shame. Thanks for explaining that anyway.
Regards, Matt of Brisbane, Australia
Ferny Grove Weather
Image
Tigro11
Posts: 33
Joined: Thu 14 Nov 2019 5:41 pm
Weather Station: Davis
Operating System: Windows Seven

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by Tigro11 »

hope to be on the exact discussion.
I would like to be able to change in the noaa file that mx creates, the decimal value separator from, to. it's possible?
thanks
Valerio
tmabell
Posts: 25
Joined: Sat 07 Mar 2015 12:25 am
Weather Station: Vantage Pro II
Operating System: Windows 7
Location: Indiana

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by tmabell »

Using php 8.0.2 and NOAA Style reports V3.5 - Jan 1st 2020 I'm seeing this which breaks the script:
Fatal error: Uncaught TypeError: Unsupported operand types: string - string in C:\www\NOAA-reports.php:279 Stack trace: #0 {main} thrown in C:\www\NOAA-reports.php on line 279
User avatar
beteljuice
Posts: 3292
Joined: Tue 09 Dec 2008 1:37 pm
Weather Station: None !
Operating System: W10 - Threadripper 16core, etc
Location: Dudley, West Midlands, UK

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by beteljuice »

@tmabell ...

There is no code on line #279 ?

A link to your page pretty please ...
Has this ever worked, or is it only a problem with a migrate to PHP8 ?
Image
......................Imagine, what you will KNOW tomorrow !
tmabell
Posts: 25
Joined: Sat 07 Mar 2015 12:25 am
Weather Station: Vantage Pro II
Operating System: Windows 7
Location: Indiana

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by tmabell »

I added code at the top to enable error reporting which added 7 lines there. I had been using a very old version of this script until now so I cannot say if it worked or not prior to PHP 8. I'm attaching it and also here is the link:

https://mymishawakaweather.com/noaa-reports-new.php

Noaa-Reports.php.txt
You do not have the required permissions to view the files attached to this post.
User avatar
beteljuice
Posts: 3292
Joined: Tue 09 Dec 2008 1:37 pm
Weather Station: None !
Operating System: W10 - Threadripper 16core, etc
Location: Dudley, West Midlands, UK

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by beteljuice »

First of all you must tell us if you've done anything ...
I added code at the top to enable error reporting which added 7 lines there. ...
:bash:

Second ... I have a very bad feeling about PHP8

Try changing your line #279 and let's see if it gets any further :|

Code: Select all

	
// old
If($now_year - $first_year == 0 || !$use_nav) {$classic_nav = true;} // Don't create drop-down and js

// new
If($now_year == $first_year || !$use_nav) {$classic_nav = true;} // Don't create drop-down and js

Edit: BTW

mymishawakaweather.com/noaa-reports-new.php is a 'stand-alone' page - but you have told the script to act as an include (No headers or CSS will be created)
Image
......................Imagine, what you will KNOW tomorrow !
tmabell
Posts: 25
Joined: Sat 07 Mar 2015 12:25 am
Weather Station: Vantage Pro II
Operating System: Windows 7
Location: Indiana

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by tmabell »

FYI to avoid confusion I have the old (working) script live now. This problem child can be accessed here https://mymishawakaweather.com/Noaa-Reports-New.php

It is my intention to use it within a page that has headers and footers already so stand-alone is what I need. After your suggestion, this is what prints:
Select a Year or Month report

Warning: Undefined variable $full_nav2 in C:\www\Noaa-Reports-New.php on line 451
V/Λ
Warning: Undefined variable $advisory in C:\www\Noaa-Reports-New.php on line 458

Warning: Undefined variable $rpt in C:\www\Noaa-Reports-New.php on line 460
This is all that shows up in a browser.
User avatar
beteljuice
Posts: 3292
Joined: Tue 09 Dec 2008 1:37 pm
Weather Station: None !
Operating System: W10 - Threadripper 16core, etc
Location: Dudley, West Midlands, UK

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by beteljuice »

Looks like PHP8 has gone slightly more strict with numeric vs alpha in some for loops :?

Please try this extra line of cheat code (which may no longer work).

Code: Select all

// new
$first_year = $first_year *1;
// previously modified
If($now_year == $first_year || !$use_nav) {$classic_nav = true;} // Don't create drop-down and js

Image
......................Imagine, what you will KNOW tomorrow !
tmabell
Posts: 25
Joined: Sat 07 Mar 2015 12:25 am
Weather Station: Vantage Pro II
Operating System: Windows 7
Location: Indiana

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by tmabell »

I inserted that code at line 105. Now I get this error:
Warning: Undefined variable $first_year in C:\www\Noaa-Reports-New.php on line 106

Warning: Undefined variable $now_year in C:\www\Noaa-Reports-New.php on line 108
Select a Year or Month report
Warning: Undefined variable $full_nav2 in C:\www\Noaa-Reports-New.php on line 453
Warning: Undefined variable $advisory in C:\www\Noaa-Reports-New.php on line 460
Warning: Undefined variable $rpt in C:\www\Noaa-Reports-New.php on line 462
Honestly, if this is too much trouble I can revert to the old copy. I was primarily notifying you so that you'd be aware of what might be a problem eventually for other people.

That said, I would be happy to continue testing if you would like.
User avatar
beteljuice
Posts: 3292
Joined: Tue 09 Dec 2008 1:37 pm
Weather Station: None !
Operating System: W10 - Threadripper 16core, etc
Location: Dudley, West Midlands, UK

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by beteljuice »

I inserted that code at line 105.
No, no, no

approx your line #279 as before.

I appreciate your assistance as there are very few running PHP8 ATM ...
I may have to send you some special code snippets to see what's really happening, but if we can do a quick fix I can breathe a sigh of relief rather than have a muddy fart :oops:
Image
......................Imagine, what you will KNOW tomorrow !
tmabell
Posts: 25
Joined: Sat 07 Mar 2015 12:25 am
Weather Station: Vantage Pro II
Operating System: Windows 7
Location: Indiana

Re: PHP Web 'viewer' for Cumulus NOAA Style reports

Post by tmabell »

Just so I get this right, I'm to insert this at line 279 and leave all of the existing code in place. In other words I'm not removing anything. Is that correct?

EDIT.... that was a dumb question. Your code was self-explanatory. :groan:
Post Reply