Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
$now = date_create('now')->modify('-1 day');
$now_month = $now->format('m'); // mark said mm
$now_year = $now->format('Y');
$prior_month = $now_month - 1; // mark didn't mention
$prior_year = $now_year - 1; // mark didn't mention
Good spot on "m" vs. "mm" - amazingly the "mm" didn't affect the rest of the bullet proof code though!
And the two $prior_xxx values were not used for anything in my copy except for debug messages so they got commented out a while back.
This is not a problem as these reports have been working just fine. But I however received an email (from an unknown person) saying a vulnerability (reflected cross site scripting) was found with my NOAA style report page when the following string is added to the end of the url of: <"/*'/*
I didn't want to spend too much time on this, but I haven't been successful in resolving this. I doubt this is much of an issue anyway, but I thought I would advise of this just in case someone would like to come up with something to get around this.
This is one of many, many 'exploit' techniques ...
You (and others) will find more pages where it gives the alert (executes) or breaks some of the existing code functions. Many pages may return 404, or carry on regardless.
Nothing I can do about it I'm afraid
......................Imagine, what you will KNOW tomorrow !
hope to be on the exact discussion.
I would like to be able to change in the noaa file that mx creates, the decimal value separator from, to. it's possible?
thanks
Valerio
I added code at the top to enable error reporting which added 7 lines there. I had been using a very old version of this script until now so I cannot say if it worked or not prior to PHP 8. I'm attaching it and also here is the link:
// old
If($now_year - $first_year == 0 || !$use_nav) {$classic_nav = true;} // Don't create drop-down and js
// new
If($now_year == $first_year || !$use_nav) {$classic_nav = true;} // Don't create drop-down and js
Edit: BTW
mymishawakaweather.com/noaa-reports-new.php is a 'stand-alone' page - but you have told the script to act as an include (No headers or CSS will be created)
......................Imagine, what you will KNOW tomorrow !
It is my intention to use it within a page that has headers and footers already so stand-alone is what I need. After your suggestion, this is what prints:
Select a Year or Month report
Warning: Undefined variable $full_nav2 in C:\www\Noaa-Reports-New.php on line 451
V/Λ
Warning: Undefined variable $advisory in C:\www\Noaa-Reports-New.php on line 458
Warning: Undefined variable $rpt in C:\www\Noaa-Reports-New.php on line 460
I inserted that code at line 105. Now I get this error:
Warning: Undefined variable $first_year in C:\www\Noaa-Reports-New.php on line 106
Warning: Undefined variable $now_year in C:\www\Noaa-Reports-New.php on line 108
Select a Year or Month report
Warning: Undefined variable $full_nav2 in C:\www\Noaa-Reports-New.php on line 453
Warning: Undefined variable $advisory in C:\www\Noaa-Reports-New.php on line 460
Warning: Undefined variable $rpt in C:\www\Noaa-Reports-New.php on line 462
Honestly, if this is too much trouble I can revert to the old copy. I was primarily notifying you so that you'd be aware of what might be a problem eventually for other people.
That said, I would be happy to continue testing if you would like.
I appreciate your assistance as there are very few running PHP8 ATM ...
I may have to send you some special code snippets to see what's really happening, but if we can do a quick fix I can breathe a sigh of relief rather than have a muddy fart
......................Imagine, what you will KNOW tomorrow !
Just so I get this right, I'm to insert this at line 279 and leave all of the existing code in place. In other words I'm not removing anything. Is that correct?
EDIT.... that was a dumb question. Your code was self-explanatory.