Dle fatal error load_template on a non-object

dle fatal error load_template on a non-object

24, 25, Returns an empty list if no commands are defined. 42, return self.load_template(template_name, template_dirs) 24, except Exception. So far, tests have not demonstrated any improvement from forcing correct alignment. __del__>, '__dict__'. Fatal error: Uncaught ValueError: Missing format specifier at end of string I'm not using a plugin for this, it's the native “search product widget”. dle fatal error load_template on a non-object

Consider, that: Dle fatal error load_template on a non-object

Server error 5100 canon printer
Dle fatal error load_template on a non-object
SYSTEM ERROR E007 CANON
Crotocal error 80 40
Dle fatal error load_template on a non-object

Overview of the issue

If you are using the Themify theme with WPML 4.5.0, you will see an error message on the front-end toolbar when you open the homepage: “Builder is not available on this page. Turn On Builder”

You will also see the following PHP error:

Fatal error: Uncaught Error: Cannot use object of type Closure as array in …/wp-content/themes/themify-ultra/themify/themify-template-tags.php:1824 Stack trace: #0 …/wp-content/themes/themify-ultra/header.php(120): themify_menu_nav() #1 …/wp-includes/template.php(770): require_once(‘/var/www/sites/…’) #2 …/wp-includes/template.php(716): load_template() #3 …/wp-includes/general-template.php(48): locate_template() #4 …/wp-content/themes/themify-ultra/index.php(8): get_header() #5 …/wp-includes/template.php(772): dle fatal error load_template on a non-object #6 …/wp-includes/template.php(716): load_template() #7 …/wp-includes/general-template.php(204): locate_template() #8 …/wp-content/themes/themify-ultra/page.php(4): get_template_part() #9 /var/www/sites/sepia-m in …/wp-content/themes/themify-ultra/themify/themify-template-tags.php on line 1824

Workaround

Please, make a full backup of your site before proceeding.

  1. Open this file: /wp-content/themes/themify-ultra/themify/themify-template-tags.php.
  2. Look for line 1824.
  3. Replace this line: if ( is_a( $filter['function'][0], 'WPML_LS_Render' ) ) {
  4. With: if ( is_array( $filter['function'] ) && is_a( $filter['function'][0], 'WPML_LS_Render' ) ) {

Issues

15701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661

This is now above the header. The site is pretty screwed at this point.

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/971b1341-9753-4348-904b-4e9260a17e8f.css): failed to open stream: No such file or directory in dle fatal error load_template on a non-object on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/1a482112-ddd9-4dde-84f4-49ad306bf6b4.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/ffa6ee52-38ba-4f96-ac74-4d5110409b2b.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/6f5caebe-ecbc-42fe-a26c-18367bc01257.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/cdcd0567-ab6b-4bfb-bc37-4981bbcf54a5.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/d8ffe96d-4d74-4770-b0e2-d1efff970f47.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/f447d209-2a31-4700-849f-c34228f01ab2.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/5c0ce921-9bbc-4402-a68d-2730ddbfbd7d.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/c1bcbede-8002-4acd-9d98-d4ef54b43a0f.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/62ec0dcd-0b25-46bf-88bb-662a22d7be36.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/9673bb96-20a7-4a66-a08f-5dcdd89e2b57.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/2292b92c-2a7a-41c8-97bb-5d43edf5a963.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/0ff01897-dc6d-4013-a901-09442109c75a.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/9c9df227-357d-4529-847e-8546927cc8d0.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/3c9049ba-6c52-413a-8142-cea03e4eac14.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/15998e39-c0ce-49e7-a6e2-3f55207c0696.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/0a81da62-e92b-4d6b-b97a-ec7062f1dfe1.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/845b3dd9-9113-4dcb-9ed8-a64021bd46fc.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/5f54039a-ea8d-4793-b70b-b048c6652e27.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/ad29267d-bd91-485d-b09a-d51614a7c3ca.css): failed dle fatal error load_template on a non-object open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/182f0854-d539-433b-a223-81f2f5d41d62.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/fa1f946b-eade-4e15-b829-f3fb7a8d071d.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/ccb223f2-f174-4250-bb25-55743be9eb7a.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/fcb973d0-4be7-47dc-98b2-93730d078ea9.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/9842a84d-90b5-4b1d-ad36-0943236a7576.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/904ee7dc-3650-4684-8637-ea5fb8c7bbd7.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/69ecde63-87f6-4619-ada0-1918f14d88bc.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/e0c8a86e-8ac5-46a0-9452-07977371f61c.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/7ee99d01-bb1a-4b78-bcd7-5a8e7688de56.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/d1e4dcac-f793-4c05-a1aa-d29e0cd6da93.css): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

Warning: file_get_contents(/home1/prymetym/public_html/https://hb.wpmucdn.com/www.prymetymeentertainment.net/8451ff60-1a96-4495-80f2-5cba7a0699a2.js): failed to open stream: No such file or directory in /home1/prymetym/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php on line 480

sasmodels package

Subpackages

Submodules

sasmodels.alignment module

GPU data alignment.

Some web sites say that maximizing performance for OpenCL code requires aligning data on certain memory boundaries. The mssoap soap error unspecified http error functions provide this service:

aligns an existing array, returning a new array of the correct alignment.

to create an empty array of the correct alignment.

Set alignment to gpu environment attribute boundary.

Note: This code is unused. So far, dle fatal error load_template on a non-object have not demonstrated any improvement from forcing correct alignment. The tests should be repeated with arrays forced away from the target boundaries to decide whether it is really required.

sasmodels.alignment.align_data(x, dtype, alignment=128)[source]

Return a copy of an array on the alignment boundary.

sasmodels.alignment.align_empty(shape, dtype, alignment=128)[source]

Return an empty array aligned on the alignment boundary.

sasmodels.bumps_model module

Wrap sasmodels for direct use by bumps.

is a wrapper for the sasmodels kernel which defines a bumps Parameter box for each kernel parameter. Model accepts keyword arguments to set the initial value for each parameter.

combines the Model function with a data file loaded by the sasview data loader. Experiment takes a cutoff parameter controlling how far the polydispersity integral extends.

sasmodels.bumps_model.BumpsParameter

alias of

classsasmodels.bumps_model.Data1D(x:Optional[ndarray]=None, y:Optional[ndarray]=None, dx:Optional[ndarray]=None, dy:Optional[ndarray]=None)[source]

Bases:

1D data object.

Note that this definition matches the attributes from sasview, with some generic 1D data vectors and some SAS specific definitions. Some refactoring to allow consistent naming conventions between 1D, 2D and SESANS data would be helpful.

Attributes

x, dx: \(q\) vector and gaussian resolution

y, dy: \(I(q)\) vector and measurement uncertainty

mask: values to include in plotting/analysis

dxl: slit widths for slit smeared data, with dx ignored

qmin, qmax: range of \(q\) values in x

filename: label for the data line

_xaxis, dle fatal error load_template on a non-object, _xunit: label and units for the x axis

_yaxis, _yunit: label and units for the y axis

__dict__=mappingproxy({'__module__':'sasmodels.data','__doc__':'\n    1Ddataobject.\n\n    Notethatthisdefinitionmatchestheattributesfromsasview,with\n    somegeneric1DdatavectorsandsomeSASspecificdefinitions.  Some\n    refactoringtoallowconsistentnamingconventionsbetween1D,2Dand\n    SESANSdatawouldbehelpful.\n\n    **Attributes**\n\n    *x*,*dx*:$q$vectorandgaussianresolution\n\n    *y*,*dy*:$I(q)$vectorandmeasurementuncertainty\n\n    *mask*:valuestoincludeinplotting/analysis\n\n    *dxl*:slitwidthsforslitsmeareddata,with*dx*ignored\n\n    *qmin*,*qmax*:rangeof$q$valuesin*x*\n\n    *filename*:labelforthedataline\n\n    *_xaxis*,*_xunit*:labelandunitsforthe*x*axis\n\n    *_yaxis*,*_yunit*:labelandunitsforthe*y*axis\n    ','__init__':<functionData1D.__init__>,'xaxis':<functionData1D.xaxis>,'yaxis':<functionData1D.yaxis>,'__dict__':<attribute'__dict__'of'Data1D'objects>,'__weakref__':<attribute'__weakref__'of'Data1D'objects>,'__annotations__':{}})
__doc__='\n    1Ddataobject.\n\n    Notethatthisdefinitionmatchestheattributesfromsasview,with\n    somegeneric1DdatavectorsandsomeSASspecificdefinitions.  Some\n    refactoringtoallowconsistentnamingconventionsbetween1D,2Dand\n    SESANSdatawouldbehelpful.\n\n    **Attributes**\n\n    *x*,*dx*:$q$vectorandgaussianresolution\n\n    *y*,*dy*:$I(q)$vectorandmeasurementuncertainty\n\n    *mask*:valuestoincludeinplotting/analysis\n\n    *dxl*:slitwidthsforslitsmeareddata,with*dx*ignored\n\n    *qmin*,*qmax*:rangeof$q$valuesin*x*\n\n    *filename*:labelforthedataline\n\n    *_xaxis*,*_xunit*:labelandunitsforthe*x*axis\n\n    *_yaxis*,*_yunit*:labelandunitsforthe*y*axis\n    '
__init__(x:Optional[ndarray]=None, y:Optional[ndarray]=None, dx:Optional[ndarray]=None, dy:Optional[ndarray]=None)→None[source]
__module__='sasmodels.data'
__weakref__

list of weak references to the object (if defined)

xaxis(label:str, unit:str)→None[source]

set the x axis label and unit

yaxis(label:str, unit:str)→None[source]

set the y axis label and unit

classsasmodels.bumps_model.Data2D(x:Optional[ndarray]=None, y:Optional[ndarray]=None, z:Optional[ndarray]=None, dx:Optional[ndarray]=None, dy:Optional[ndarray]=None, dz:Optional[ndarray]=None)[source]

Bases:

2D data object.

Note that this definition matches the attributes from sasview. Samsung error 4e refactoring to allow consistent naming conventions between 1D, 2D and SESANS data would be helpful.

Attributes

qx_data, dqx_data: \(q_x\) matrix and gaussian resolution

qy_data, dqy_data: \(q_y\) matrix and gaussian resolution

data, err_data: \(I(q)\) matrix and measurement uncertainty

mask: values to exclude from plotting/analysis

qmin, qmax: range of \(q\) values in x

filename: label for the data line

_xaxis, _xunit: label and units for the x axis

_yaxis, _yunit: label and units for the y axis

_zaxis, _zunit: label and units for the y axis

Q_unit, I_unit: units for Q and intensity

x_bins, y_bins: grid steps in x and y directions

__dict__=mappingproxy({'__module__':'sasmodels.data','__doc__':'\n    2Ddataobject.\n\n    Notethatthisdefinitionmatchestheattributesfromsasview.Some\n    refactoringtoallowconsistentnamingconventionsbetween1D,2Dand\n    SESANSdatawouldbehelpful.\n\n    **Attributes**\n\n    *qx_data*,*dqx_data*:$q_x$matrixandgaussianresolution\n\n    *qy_data*,*dqy_data*:$q_y$matrixandgaussianresolution\n\n    *data*,*err_data*:$I(q)$matrixandmeasurementuncertainty\n\n    *mask*:valuestoexcludefromplotting/analysis\n\n    *qmin*,*qmax*:rangeof$q$valuesin*x*\n\n    *filename*:labelforthedataline\n\n    *_xaxis*,*_xunit*:labelandunitsforthe*x*axis\n\n    *_yaxis*,*_yunit*:labelandunitsforthe*y*axis\n\n    *_zaxis*,*_zunit*:labelandunitsforthe*y*axis\n\n    *Q_unit*,*I_unit*:unitsforQandintensity\n\n    *x_bins*,*y_bins*:gridstepsin*x*and*y*directions\n    ','__init__':<functionData2D.__init__>,'xaxis':<functionData2D.xaxis>,'yaxis':<functionData2D.yaxis>,'zaxis':<functionData2D.zaxis>,'__dict__':<attribute'__dict__'of'Data2D'objects>,'__weakref__':<attribute'__weakref__'of'Data2D'objects>,'__annotations__':{}})
__doc__='\n    2Ddataobject.\n\n    Notethatthisdefinitionmatchestheattributesfromsasview.Some\n    refactoringtoallowconsistentnamingconventionsbetween1D,2Dand\n    SESANSdatawouldbehelpful.\n\n    **Attributes**\n\n    *qx_data*,*dqx_data*:$q_x$matrixandgaussianresolution\n\n    *qy_data*,*dqy_data*:$q_y$matrixandgaussianresolution\n\n    *data*,*err_data*:$I(q)$matrixandmeasurementuncertainty\n\n    *mask*:valuestoexcludefromplotting/analysis\n\n    *qmin*,*qmax*:rangeof$q$valuesin*x*\n\n    *filename*:labelforthedataline\n\n    *_xaxis*,*_xunit*:labelandunitsforthe*x*axis\n\n    *_yaxis*,*_yunit*:labelandunitsforthe*y*axis\n\n    *_zaxis*,*_zunit*:labelandunitsforthe*y*axis\n\n    *Q_unit*,*I_unit*:unitsforQandintensity\n\n    *x_bins*,*y_bins*:gridstepsin*x*and*y*directions\n    '
__init__(x:Optional[ndarray]=None, y:Optional[ndarray]=None, z:Optional[ndarray]=None, dx:Optional[ndarray]=None, dle fatal error load_template on a non-object, dy:Optional[ndarray]=None, dz:Optional[ndarray]=None)→None[source]
__module__='sasmodels.data'
__weakref__

list of weak references to the object (if defined)

xaxis(label:str, unit:str)→None[source]

set the x axis label and unit

yaxis(label:str, unit:str)→None[source]

set the y axis label and unit

zaxis(label:str, unit:str)→None[source]

set the y axis label and unit

classsasmodels.bumps_model.DataMixin[source]

Bases:

DataMixin captures the common aspects of evaluating a SAS model for a particular data set, including calculating Iq and evaluating the resolution function. It is used in particular bydle fatal error load_template on a non-object, which evaluates a SAS model parameters as key word arguments to the calculator method, and bywhich wraps the model and data for use with the Bumps fitting engine. It is not currently used by since this will require a number of changes to SasView before we can do it.

_interpret_data initializes the data structures necessary to manage the calculations. This sets attributes in the child class such as data_type and resolution.

_calc_theory evaluates the model at the given control values.

_set_data bde error 12289 the intensity data in the data object, possibly with random noise added. This is useful for simulating a dataset with the results from _calc_theory.

__dict__=mappingproxy({'__module__':'sasmodels.direct_model','__doc__':'\n    DataMixincapturesthecommonaspectsofevaluatingaSASmodelfora\n    particulardataset,includingcalculatingIqandevaluatingthe\n    resolutionfunction.  Itisusedinparticularby:class:`DirectModel`,\n    whichevaluatesaSASmodelparametersaskeywordargumentstothe\n    calculatormethod,andby:class:`.bumps_model.Experiment`,whichwrapsthe\n    modelanddataforusewiththeBumpsfittingengine.  Itisnot\n    currentlyusedby:class:`.sasview_model.SasviewModel`sincethiswill\n    requireanumberofchangestoSasViewbeforewecandoit.\n\n    *_interpret_data*initializesthedatastructuresnecessary\n    tomanagethecalculations.  Thissetsattributesinthechildclass\n    suchas*data_type*and*resolution*.\n\n    *_calc_theory*evaluatesthemodelatthegivencontrolvalues.\n\n    *_set_data*setstheintensitydatainthedataobject,\n    possiblywithrandomnoiseadded.  Thisisusefulforsimulatinga\n    datasetwiththeresultsfrom*_calc_theory*.\n    ','_interpret_data':<functionDataMixin._interpret_data>,'_set_data':<functionDataMixin._set_data>,'_calc_theory':<functionDataMixin._calc_theory>,'__dict__':<attribute'__dict__'of'DataMixin'objects>,'__weakref__':<attribute'__weakref__'of'DataMixin'objects>,'__annotations__':{}})
__doc__='\n    DataMixincapturesthecommonaspectsofevaluatingaSASmodelfora\n    particulardataset,includingcalculatingIqandevaluatingthe\n    resolutionfunction.  Itisusedinparticularby:class:`DirectModel`,\n    whichevaluatesaSASmodelparametersaskeywordargumentstothe\n    calculatormethod,andby:class:`.bumps_model.Experiment`,whichwrapsthe\n    modelanddataforusewiththeBumpsfittingengine.  Itisnot\n    currentlyusedby:class:`.sasview_model.SasviewModel`sincethiswill\n    qt importerror no module named site *_interpret_data*initializesthedatastructuresnecessary\n    tomanagethecalculations.  Thissetsattributesinthechildclass\n    suchas*data_type*and*resolution*.\n\n    *_calc_theory*evaluatesthemodelatthegivencontrolvalues.\n\n    *_set_data*setstheintensitydatainthedataobject,\n    possiblywithrandomnoiseadded.  Thisisusefulforsimulatinga\n    datasetwiththeresultsfrom*_calc_theory*.\n    '
__module__='sasmodels.direct_model'
__weakref__

list of weak references to the object (if defined)

_calc_theory(pars:Mapping[str,float], cutoff:float=0.0)→ndarray[source]
_interpret_data(data:Union[Data1D,Data2D,SesansData], model:KernelModel)→None[source]
_set_data(Iq:ndarray, noise:Optional[float]=None)→None[source]
classsasmodels.bumps_model.Experiment(data:Union[Data1D,Data2D], model:Model, cutoff:float=1e-05, dle fatal error load_template on a non-object, name:Optional[str]=None, extra_pars:Optional[Dict[str,Parameter]]=None)[source]

Bases:

Bumps wrapper for a SAS experiment.

data is a or object. Use or to define \(q, \Delta q\) calculation points for displaying the SANS curve when there is no measured data.

model is a object.

cutoff is the integration cutoff, which avoids computing the the SAS model where the polydispersity weight is low.

The resulting model can be used directly in a Bumps FitProblem call.

__doc__='\n    BumpswrapperforaSASexperiment.\n\n    *data*isa:class:`.data.Data1D`,:class:`.data.Data2D`or\n    :class:`.data.SesansData`object.  Use:func:`.data.empty_data1D`or\n    :func:`.data.empty_data2D`todefine$q,\\Deltaq$calculation\n    pointsfordisplayingtheSANScurvewhenthereisnomeasureddata.\n\n    *model*isa:class:`Model`object.\n\n    *cutoff*istheintegrationcutoff,whichavoidscomputingthe\n    theSASmodelwherethepolydispersityweightislow.\n\n    TheresultingmodelcanbeuseddirectlyinaBumpsFitProblemcall.\n    '
__getstate__()→Dict[str,Any][source]
__init__(data:Union[Data1D,Data2D], model:Model, cutoff:float=1e-05, name:Optional[str]=None, extra_pars:Optional[Dict[str,Parameter]]=None)→None[source]
__module__='sasmodels.bumps_model'
__setstate__(state:Dict[str,Any])→None[source]
_cache:Dict[str,ndarray]=None
nllf()→float[source]

Return the negative log likelihood of seeing data given the model parameters, up to a normalizing constant which depends on the data uncertainty.

numpoints()→float[source]

Return the number of data points

parameters()→Dict[str,Parameter][source]

Return a dictionary of parameters

plot(view:Optional[str]=None)→None[source]

Plot the data and residuals.

residuals()→ndarray[source]

Return theory minus data normalized by uncertainty.

propertyresolution

applied counter terrorism 2 the data, if any.

save(basename:str)→None[source]

Save the model parameters and data into a file.

Not Implemented except for sesans fits.

simulate_data(noise:Optional[float]=None)→None[source]

Generate simulated data.

theory()→ndarray[source]

Return the theory corresponding to the model parameters.

This method uses lazy evaluation, and requires model.update() to be called when the parameters have changed.

update()→None[source]

Call when samba read_fd_with_timeout client 0.0.0.0 read error parameters have changed and theory needs to be recalculated.

classsasmodels.bumps_model.KernelModel[source]

Bases:

Model definition for the compute engine.

__dict__=mappingproxy({'__module__':'sasmodels.kernel','__doc__':'\n    Modeldefinitionforthecomputeengine.\n    ','info':None,'dtype':None,'make_kernel':<functionKernelModel.make_kernel>,'release':<functionKernelModel.release>,'__dict__':<attribute'__dict__'of'KernelModel'objects>,'__weakref__':<attribute'__weakref__'of'KernelModel'objects>,'__annotations__':{'info':'ModelInfo','dtype':'np.dtype'}})
__doc__='\n    Modeldefinitionforthecomputeengine.\n    '
__module__='sasmodels.kernel'
__weakref__

list of weak references to the object (if defined)

dtype:dtype=None
info:ModelInfo=None
make_kernel(q_vectors:List[ndarray])→Kernel[source]

Instantiate a kernel for evaluating the model at q_vectors.

release()→None[source]

Free resources associated with the kernel.

classsasmodels.bumps_model.Model(model:KernelModel, **kwargs:Dict[str,Union[float,Parameter]])[source]

Bases:

Bumps wrapper for a SAS model.

model is a runnable module as returned from .

cutoff is the polydispersity weight cutoff.

Any additional key=value pairs are model dependent parameters.

__dict__=mappingproxy({'__module__':'sasmodels.bumps_model','__doc__':'\n    BumpswrapperforaSASmodel.\n\n    *model*isarunnablemoduleasreturnedfrom:func:`.core.load_model`.\n\n    *cutoff*isthepolydispersityweightcutoff.\n\n    Anyadditional*key=value*pairsaremodeldependentparameters.\n    ','__init__':<functionModel.__init__>,'parameters':<functionModel.parameters>,'state':<functionModel.state>,'__dict__':<attribute'__dict__'of'Model'objects>,'__weakref__':<attribute'__weakref__'of'Model'objects>,'__annotations__':{}})
__doc__='\n    BumpswrapperforaSASmodel.\n\n    *model*isarunnablemoduleasreturnedfrom:func:`.core.load_model`.\n\n    *cutoff*isthepolydispersityweightcutoff.\n\n    Anyadditional*key=value*pairsaremodeldependentparameters.\n    '
__init__(model:KernelModel, **kwargs:Dict[str,Union[float,Parameter]])→None[source]
__module__='sasmodels.bumps_model'
__weakref__

list of weak references to the object (if defined)

parameters()→Dict[str,Parameter][source]

Return a dictionary of parameters objects for the parameters, excluding polydispersity distribution type.

state()→Dict[str,Union[Parameter,str]][source]

Return a dictionary of current values for all the parameters, dle fatal error load_template on a non-object, including polydispersity distribution type.

classsasmodels.bumps_model.ModelInfo[source]

Bases:

Interpret the model definition file, dle fatal error load_template on a non-object, categorizing the parameters.

The module can be loaded with a normal python import statement if you know which module you need, or with __import__(‘sasmodels.model.’+name) if the name is in a string.

The structure should be mostly static, other than the delayed definition of Iq, Iqac and Iqabc if they need to be defined.

Imagnetic:Union[None,str,Callable[[.],np.ndarray]]=None

Returns I(qx, qy, a, b, …). The interface follows .

Iq:Union[None,str,Callable[[.],np.ndarray]]=None

Returns I(q, a, b, …) for parameters a, b, etc. defined by the parameter table. Iq can be defined as a python function, or as a C function. If it is defined in C, then set Iq to the body of the C function, including the return statement. This function takes values for q and each of the parameters as separate double values (which may be converted to float or long double by sasmodels). All source code files listed in will be loaded before the Iq function is defined. If Iq is not present, then sources should define static double Grub loading stage2read error q, double a, dle fatal error load_template on a non-object, double b, dle fatal error load_template on a non-object, …) which will return I(q, a, b, dle fatal error load_template on a non-object, …). Multiplicity parameters are sent as pointers to doubles. Constants in canon ix5000 error 5c00 point expressions should include the decimal point. See for more details. If have_Fq is True, then Iq should return an interleaved array of \([\sum F(q_1), \sum F^2(q_1), \ldots, dle fatal error load_template on a non-object, \sum F(q_n), \sum F^2(q_n)]\).

Iqabc:Union[None,str,Callable[[.],np.ndarray]]=None

Returns I(qa, qb, qc, a, b, …). The interface follows .

Iqac:Union[None,str,Callable[[.],np.ndarray]]=None

Returns I(qab, qc, a, b, …). The interface follows .

Iqxy:Union[None,str,Callable[[.],np.ndarray]]=None

Returns I(qx, qy, dle fatal error load_template on a non-object, a, b, …). The interface follows .

__dict__=mappingproxy({'__module__':'sasmodels.modelinfo','__doc__':"\n    Interpretthemodeldefinitionfile,categorizingtheparameters.\n\n    Themodulecanbeloadedwithanormalpythonimportstatementifyou\n    knowwhichmoduleyouneed,orwith__import__('sasmodels.model.'+name)\n    ifthenameisinastring.\n\n    Thestructureshouldbemostlystatic,otherthanthedelayeddefinition\n    of*Iq*,*Iqac*and*Iqabc*iftheyneedtobedefined.\n    ",'filename':None,'basefile':None,'id':None,'name':None,'title':None,'description':None,'parameters':None,'base':None,'translation':None,'composition':None,'hidden':None,'docs':None,'category':None,'single':None,'opencl':None,'structure_factor':None,'have_Fq':False,'radius_effective_modes':None,'source':None,'c_code':None,'valid':None,'form_volume':None,'shell_volume':None,'radius_effective':None,'Iq':None,'Iqxy':None,'Iqac':None,'Iqabc':None,'Imagnetic':None,'profile':None,'profile_axes':None,'sesans':None,'random':None,'lineno':None,'tests':None,'__init__':<functionModelInfo.__init__>,'get_hidden_parameters':<functionModelInfo.get_hidden_parameters>,'__dict__':<attribute'__dict__'of'ModelInfo'objects>,'__weakref__':<attribute'__weakref__'of'ModelInfo'objects>,'__annotations__':{'filename':'Optional[str]','basefile':'Optional[str]','id':'str','name':'str','title':'str','description':'str','parameters':'ParameterTable','base':'ParameterTable','translation':'Optional[str]','composition':'Optional[Tuple[str,List[ModelInfo]]]','hidden':'Optional[Callable[[int],Set[str]]]','docs':'str','category':'Optional[str]','single':'bool','opencl':'bool','structure_factor':'bool','radius_effective_modes':'List[str]','source':'List[str]','c_code':'Optional[str]','valid':'str','form_volume':'Union[None,str,Callable[[np.ndarray],float]]','shell_volume':'Union[None,str,Callable[[np.ndarray],float]]','radius_effective':'Union[None,Callable[[int,np.ndarray],float]]','Iq':'Union[None,str,Callable[[.],np.ndarray]]','Iqxy':'Union[None,str,Callable[[.],np.ndarray]]','Iqac':'Union[None,str,Callable[[.],np.ndarray]]','Iqabc':'Union[None,str,Callable[[.],np.ndarray]]','Imagnetic':'Union[None,str,Callable[[.],np.ndarray]]','profile':'Optional[Callable[[np.ndarray],None]]','profile_axes':'Tuple[str,str]','sesans':'Optional[Callable[[np.ndarray],np.ndarray]]','random':'Optional[Callable[[],Dict[str,float]]]','lineno':'Dict[str,int]','tests':'List[TestCondition]'}})
__doc__="\n    Interpretthemodeldefinitionfile,categorizingtheparameters.\n\n    Themodulecanbeloadedwithanormalpythonimportstatementifyou\n    knowwhichmoduleyouneed,orwith__import__('sasmodels.model.'+name)\n    ifthenameisinastring.\n\n    Thestructureshouldbemostlystatic,otherthanthedelayeddefinition\n    of*Iq*,*Iqac*and*Iqabc*iftheyneedtobedefined.\n    "
__init__()→None[source]
__module__='sasmodels.modelinfo'
__weakref__

list of weak references to the object (if defined)

base:ParameterTable=None

For reparameterized systems, base is the base parameter table. For normal systems it is simply a copy of parameters.

basefile:Optional[str]=None

Base file is usually filename, but not when a model has been reparameterized, in which case it is the file containing the original model definition. This is needed to signal an additional dependency for the model time stamp, and so that the compiler reports correct file for syntax errors.

c_code:Optional[str]=None

inline source code, added after all elements of source

category:Optional[str]=None

Location of the model description in the documentation. This takes the form of “section” or “section:subsection”. So for example, porod uses category=”shape-independent” so it is in the Shape-Independent Functions section whereas capped_cylinder uses: category=”shape:cylinder”, which puts it in the Cylinder Functions section.

composition:Optional[Tuple[str,List[ModelInfo]]]=None

Composition is None if this is an independent model, or it is a tuple with comoposition type (‘product’ or ‘misture’) and a list of blocks for the composed objects. This allows us to rebuild a complete mixture or product model from the info block. composition is not given in the model definition file, but instead arises when the model is constructed using names such as sphere*hardsphere or oki 610 error 161 description of the dle fatal error load_template on a non-object string from the top of the model file. This should be formatted using ReStructuredText format, with latex markup in “. math” environments, or in dollar signs. This will be automatically extracted to a .rst file bythen converted to HTML or PDF by Sphinx.

filename:Optional[str]=None

Full path to the file defining the kernel, if any.

form_volume:Union[None,str,Callable[[np.ndarray],float]]=None

Returns the form volume for python-based models. Form volume is needed for volume normalization in the polydispersity integral. If no parameters are volume parameters, then form volume is not needed. For C-based models, (with defined, or with defined using a string containing C code), form_volume must also be C code, either defined as a string, dle fatal error load_template on a non-object, or in the sources.

get_hidden_parameters(control)[source]

Returns the set of hidden parameters for the model. control is the value of the control parameter. Note ata drdy error multiplicity models have an implicit control parameter, which is the parameter that controls the multiplicity.

have_Fq=False

True if the model defines an Fq function with signature

hidden:Optional[Callable[[int],Set[str]]]=None

Different variants require different parameters. In order to show just the parameters needed for the variant selected, you should provide a function hidden(control) -> set([‘a’, ‘b’, …]) indicating which parameters need to be hidden. For multiplicity models, you need to use the complete name of the parameter, including its number. So for example, if variant “a” uses only sld1 and sld2, dle fatal error load_template on a non-object, then sld3, sld4 and sld5 of multiplicity parameter sld[5] should be in the hidden set.

id:str=None

Id of the kernel used to load it from the filesystem.

lineno:Dict[str,int]=None

Line numbers for symbols defining C code

name:str=None

Display name of the model, which defaults to the model id but with capitalization of the parts so for example core_shell defaults to “Core Shell”.

opencl:bool=None

True if the model can be run as an opencl model. If for some reason the model cannot be run in opencl (e.g., because the model passes functions by reference), then set this to false.

parameters:ParameterTable=None

Model parameter table. Parameters are defined using a list of parameter definitions, each of which is contains parameter name, units, default value, limits, type and description. See for details on the individual parameters. The parameters are gathered into awhich provides various views into the parameter list.

profile:Optional[Callable[[np.ndarray],None]]=None

Returns a model profile curve x, y. If profile is defined, this curve dle fatal error load_template on a non-object appear in response to the Show button in SasView. Use to set the axis labels. Note that y values will be scaled by 1e6 before plotting.

profile_axes:Tuple[str,str]=None

Axis labels ami bios error beep codes the plot. The default is [‘x’, ‘y’]. Only the x component is used for now.

radius_effective:Union[None,Callable[[int,np.ndarray],float]]=None

Computes visual c+ + fatal error c1189 effective radius of the shape given the volume parameters. Only needed for models defined in python that can be used for monodisperse approximation for non-dilute solutions, P@S. The first argument is the integer effective radius mode, with default 0.

radius_effective_modes:List[str]=None

List of options for computing the effective radius of the shape, or None if the model is not usable as a form factor model.

random:Optional[Callable[[],Dict[str,float]]]=None

Returns a random parameter set for the model

sesans:Optional[Callable[[np.ndarray],np.ndarray]]=None

Returns sesans(z, a, b, …) for models which can directly compute the SESANS correlation function. Note: not currently implemented.

shell_volume:Union[None,str,Callable[[np.ndarray],float]]=None

Returns the shell volume for python-based models. Form volume and shell volume are needed for volume normalization in the polydispersity integral and structure interactions for hollow shapes. If no parameters are volume parameters, then shell volume is not needed. For C-based models, (with defined, or with defined using a string containing C code), shell_volume must also be C code, either defined as a string, or in the sources.

single:bool=None

True if the model can be computed accurately with single precision. This is True by default, but models such as bcc_paracrystal set it to False because they require double precision calculations.

source:List[str]=None

List of C source files used to define the model. The source files should define the Iq function, and possibly Iqac or Iqabc if the model defines orientation parameters. Files containing the most basic functions must appear first in the list, followed by the files that use those functions.

structure_factor:bool=None

True if the model is a structure factor used to model the interaction between form factor models. This will default to False if it is not provided in the file.

tests:List[TestCondition]=None

The set of tests that must pass. The format of the tests is described in .

title:str=None

Short description of the model.

translation:Optional[str]=None

Parameter translation code to convert from parameters table from caller to the base table used to evaluate the model.

valid:str=None

Expression which evaluates to True if the input parameters are valid and the model can be computed, or False otherwise. Invalid parameter sets will not be included in the weighted \(I(Q)\) calculation or its volume normalization. Use C syntax for the expressions, with

"Fossies" - the Fresh Open Source Software Archive

Member "PURELIB/trac/env.py" (9 May 2021, 46409 Bytes) of package /windows/misc/Trac-1.4.3.win-amd64.exe:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here viewor downloadthe uninterpreted source code file. See also the latest Fossies "Diffs"side-by-side code changes report for "env.py": 1.4.2_vs_1.4.3.

1 # -*- coding: utf-8 -*- 2 # 3 # Copyright (C) 2003-2021 Edgewall Error al instalar vbulletin 4 # Copyright (C) 2003-2007 Jonas Borgström <jonas@edgewall.com> 5 # All rights reserved. 6 # dle fatal error load_template on a non-object 7 # This software is licensed as described in the file COPYING, which error 85 paskal 8 # you should have received as part of this distribution. The terms 9 # are also available at https://trac.edgewall.org/wiki/TracLicense. 10 # 11 # This software consists of voluntary contributions made by many 12 # individuals. For the exact contribution history, see the revision 13 miranda ntdll.dll error history and logs, available at https://trac.edgewall.org/log/. 14 # 15 # Author: Jonas Borgström <jonas@edgewall.com> 16 17 """Trac Environment model and related APIs.""" 18 19 from contextlib import contextmanager 20 import hashlib 21 import os.path dle fatal error load_template on a non-object 22 import setuptools 23 import shutil 24 import sys 25 import time 26 from ConfigParser import RawConfigParser 27 from subprocess import PIPE 28 from tempfile import mkdtemp 29 from urlparse import urlsplit 30 31 from trac import log 32 from trac.admin.api import(AdminCommandError, IAdminCommandProvider, 33 get_dir_list) 34 from trac.api import IEnvironmentSetupParticipant, ISystemInfoProvider 35 from trac.cache import CacheManager, cached 36 from trac.config import BoolOption, ChoiceOption, ConfigSection, \ 37 Configuration, IntOption, Option, PathOption 38 from trac.core import Component, ComponentManager, ExtensionPoint, \ 39 TracBaseError, TracError, implements 40 from trac.db.api import(DatabaseManager, QueryContextManager, 41 TransactionContextManager, parse_connection_uri) 42 from trac.db.convert import copy_tables 43 from trac.loader import load_components 44 from trac.util import as_bool, backup_config_file, copytree, create_file, \ 45 mutoh error e068 get_pkginfo, is_path_below, lazy, makedirs 46 from trac.util.compat import Popen, close_fds 47 from trac.util.concurrency import threading 48 from trac.util.datefmt import pytz 49 from trac.util.text import exception_to_unicode, path_to_unicode, printerr, \ 50 printferr, printfout, printout 51 from trac.util.translation import _, N_ 52 from trac.web.chrome import Chrome 53 from trac.web.href import Href 54 55 __all__ = ['Environment','IEnvironmentSetupParticipant','open_environment'] 56 57 58 # Content of the VERSION file in the environment 59 _VERSION ='Trac Environment Version 1' 60 61 62 classBackupError(TracBaseError,RuntimeError): 63 """Exception raised during an upgrade when the DB backup fails.""" 64 65 66 classEnvironment(Component, dle fatal error load_template on a non-object, ComponentManager): 67 """Trac environment manager. 68 69 Trac stores project information in a Trac environment. It consists 70 of a directory structure containing among other things: 71 72 * a configuration file, 73 * project-specific templates and plugins, 74 * the wiki and ticket attachments files, 75 * the SQLite database file (stores tickets, wiki pages.) 76 in case the database backend is SQLite 77 78 """ 79 80 implements(ISystemInfoProvider) 81 82 required =True 83 84 system_info_providers =ExtensionPoint(ISystemInfoProvider) 85 setup_participants =ExtensionPoint(IEnvironmentSetupParticipant) 86 87 components_section =ConfigSection('components', 88 """This section is used to enable or disable components 89 provided by plugins, as well as by Trac itself. The component 90 to enable/disable is specified via the name of the 91 option. Whether its enabled is determined by the option value; 92 setting the value to `enabled` or `on` will enable the 93 component, any other value (typically `disabled` or `off`) 94 will disable the component. 95 96 The option name is either the fully qualified name of the 97 components or the module/package prefix of the component. The 98 former enables/disables a specific component, while the latter 99 enables/disables any component in the specified 100 package/module. 101 102 Consider the following configuration snippet: 103 {{{ 104 [components] 105 trac.ticket.report.ReportModule = disabled 106 acct_mgr.* = enabled 107 }}} 108 109 The first option tells Trac to disable the 110 [wiki:TracReports report module]. 111 The second option instructs Trac to enable all components in 112 the `acct_mgr` package. Note that the trailing wildcard is 113 required for module/package matching. 114 115 To view the list of active components, go to the ''Plugins'' 116 page on ''About Trac'' (requires `CONFIG_VIEW` 117 [wiki:TracPermissions permissions]). 118 119 See also: Error en cartuchos hp 1410 120 """) 121 122 shared_plugins_dir =PathOption('inherit','plugins_dir','', 123 """Path to the //shared plugins directory//. 124 125 Plugins in that directory are loaded in addition to those in 126 the directory of the environment `plugins`, with this one 127 taking precedence. 128 129 Non-absolute paths are relative to the Environment `conf` 130 directory. 131 """) 132 133 base_url =Option('trac','base_url','', 134 """Reference URL for the Trac deployment. 135 136 This is the base URL that will be used when producing 137 dle fatal error load_template on a non-object documents that will be used outside of the web browsing 138 context, like for example when inserting URLs pointing to Trac 139 resources in notification e-mails.""") 140 141 base_url_for_redirect =BoolOption('trac','use_base_url_for_redirect', 142 False, 143 """Optionally use `[trac] base_url` for redirects. 144 145 In some configurations, usually involving running Trac behind 146 a HTTP proxy, Trac can't automatically reconstruct the URL 147 that is used to access it. You may need to use this option to 148 force Trac to use the `base_url` setting also for 149 redirects. This introduces the obvious limitation that this 150 squid youtube error environment will only be usable when accessible from that URL, 151 as redirects are frequently used. 152 """) 153 154 secure_cookies =BoolOption('trac','secure_cookies',False, 155 """Restrict cookies to HTTPS connections. 156 157 When true, set the `secure` flag on all cookies so that they 158 are only sent to the server on HTTPS connections. Use this if set error jandler your Trac instance is only accessible through HTTPS. 160 """) 161 162 anonymous_session_lifetime =IntOption( 163 'trac','anonymous_session_lifetime','90', 164 """Lifetime of the anonymous session, in days. 165 166 Set the option to 0 to disable purging old anonymous sessions. 167 (''since 1.0.17'')""") 168 169 project_name =Option('project','name','My Project', 170 """Name of the project.""") 171 172 project_description =Option('project','descr','My example project', 173 """Short description of the project.""") 174 175 project_url =Option('project','url','', 176 """URL of the main project web site, usually the website in 177 which the `base_url` resides. This is used in notification 178 e-mails.""") 179 180 project_admin =Option('project','admin','', 181 """E-Mail address of the project's administrator.""") asus bios ucpu loading error 183 project_admin_trac_url =Option('project','admin_trac_url','.', 184 """Base URL of a Trac instance where errors in this Trac 185 should be reported. 186 187 This can be an absolute or relative URL, or '.' to reference 188 this Trac instance. An empty value will disable the reporting 189 buttons. 190 """) 191 192 project_footer =Option('project','footer', 193 N_('Visit the Trac open source project at<br />' 194 '<a href="https://trac.edgewall.org/">' 195 'https://trac.edgewall.org/</a>'), 196 """Page footer text (right-aligned).""") 197 198 project_icon =Option('project','icon','common/trac.ico', 199 """URL of the icon of the project.""") 200 201 log_type =ChoiceOption('logging','log_type', 202 log.LOG_TYPES + log.LOG_TYPE_ALIASES, 203 """Logging facility to use. 204 205 Should be one of (`none`, `file`, `stderr`, `syslog`, `winlog`).""", dle fatal error load_template on a non-object, 206 case_sensitive=False) 207 208 log_file =Option('logging','log_file','trac.log', 209 """If `log_type` is `file`, this should be a path to the 210 log-file. Relative paths are resolved relative to the `log` 211 directory of the environment.""") 212 213 log_level =ChoiceOption('logging','log_level', 214 log.LOG_LEVELS + log.LOG_LEVEL_ALIASES, 215 """Level of verbosity in log. 216 217 Should be one of (`CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`). 218 """, case_sensitive=False) 219 220 log_format =Option('logging','log_format',None, 221 """Custom logging format. 222 223 If nothing is set, the following will be used: 224 225 `Trac[$(module)s] $(levelname)s: $(message)s` 226 227 In addition to regular key names supported by the 228 [http://docs.python.org/library/logging.html Python logger library] 229 dle fatal error load_template on a non-object one could use: 230 231 - `$(path)s` the path for the current environment 232 - `$(basename)s` the last path component of the current environment 233 - `$(project)s` the project name 234 235 Note the usage of `$(.)s` instead of `%(.)s` as the latter form 236 would be interpreted by the !ConfigParser itself. 237 238 Example: 239 `($(thread)d) Trac[$(basename)s:$(module)s] $(levelname)s: $(message)s` 240 """) 241 242 def__init__(self, path, create=False, options=[]): 243 """Initialize the Trac environment. 244 245 :param path: the absolute path to the Trac environment 246 :param create: if `True`, the environment is created and 247 populated with default data; otherwise, the 248 environment is expected to already exist. 249 :param options: A list of `(section, name, value)` tuples that 250 define configuration options 251 """ 252 ComponentManager.__init__(self) 253 254 self.path = os.path.normpath(os.path.normcase(path)) 255 self.log =None 256 self.config =None 257 258 if create: 259 self.create(options) 260 for setup_participant in self.setup_participants: 261 setup_participant.environment_created() 262 else: 263 self.verify() 264 self.setup_config() 265 266 def__repr__(self): 267 return'<%s %r>'% (self.__class__.__name__, self.path) 268 269 @lazy 270 defname(self): 271 """The environment name. 272 273 :since: 1.2 274 """ 275 return os.path.basename(self.path) 276 277 @property 278 defenv(self): 279 """Property returning the `Environment` object, dle fatal error load_template on a non-object, which is often 280 required for functions and methods that take a `Component` instance. 281 """ 282 # The cached decorator requires the object have an `env` attribute. 283 return self 284 285 @property 286 defsystem_info(self): 287 """List of `(name, version)` tuples describing the name and 288 version information of external packages used by Trac and plugins. 289 """ 290 info = [] 291 for provider in self.system_info_providers: 292 info.extend(provider.get_system_info()or[]) 293 returnsorted(set(info), 294 key=lambda args: (args[0] !='Trac', args[0].lower())) 295 296 defget_systeminfo(self): 297 """Return a list of `(name, version)` tuples describing the name 298 and version information of external packages used by Trac and plugins, dle fatal error load_template on a non-object. 299 300 :since 1.3.1: deprecated and will be removed in 1.5.1. Use 301 system_info property instead. 302 """ 303 return self.system_info 304 305 # ISystemInfoProvider methods 306 307 defget_system_info(self): 308 yield'Trac', self.trac_version 309 yield'Python', sys.version 310 yield'setuptools', setuptools.__version__ 311 if pytz is not None: 312 yield'pytz', pytz.__version__ 313 ifhasattr(self,'webfrontend_version'): 314 yield self.webfrontend, self.webfrontend_version 315 316 defcomponent_activated(self, component): 317 """Initialize additional member variables for components. 318 319 Every component activated through the `Environment` object 320 gets three member variables: `env` (the environment object), 321 `config` (the environment configuration) and `log` (a logger 322 object).""" 323 component.env = self 324 component.config = self.config 325 component.log = self.log 326 327 def_component_name(self, name_or_class): 328 name = name_or_class 329 if notisinstance(name_or_class, basestring): 330 name = name_or_class.__module__+'.'+ name_or_class.__name__ 331 return name.lower() 332 333 @lazy 334 def_component_rules(self): 335 _rules = {} 336 for name, value in self.components_section.options(): 337 name = name.rstrip('.*').lower() 338 _rules[name] =as_bool(value) 339 return _rules 340 341 defis_component_enabled(self, cls): 342 """Implemented to only allow activation of components that are 343 not disabled in the configuration. 344 345 This is called by the `ComponentManager` base class when a 346 component is about to be activated. If this method returns 347 `False`, the component does not get activated. If it returns 348 `None`, the component only gets activated if it is located in 349 the `plugins` directory of the environment. 350 """ 351 error 400 aim component_name = self._component_name(cls) 352 353 rules = dev home senser error 354 cname = component_name 355 while cname: 356 enabled = rules.get(cname) dle fatal error load_template on a non-object if enabled is not None: 358 return enabled 359 idx = cname.rfind('.') 360 if idx <0: 361 break 362 cname = cname[:idx] 363 364 # By default, all components in the trac package except 365 # in trac.test or trac.tests are enabled 366 return component_name.startswith('trac.')and \ 367 not component_name.startswith('trac.test.')and \ 368 not component_name.startswith('trac.tests.')or None 369 370 defenable_component(self, cls): 371 """Enable a component or module.""" 372 ssl_accept error from mac self._component_rules[self._component_name(cls)] =True 373 super(Environment, dle fatal error load_template on a non-object, self).enable_component(cls) 374 375 @contextmanager 376 defcomponent_guard(self, component, reraise=False): 377 """Traps any runtime exception raised when working with a component 378 samsung mtp device driver error and logs the error. 379 380 :param component: the component responsible for any error that 381 could happen inside the context 382 :param reraise: if `True`, an error is logged but not suppressed. 383 By default, errors are suppressed. 384 385 """ 386 try: 387 yield 388 except TracError as e: 389 self.log.warning("Component%sfailed with%s", 390 microsoft sql error 926 component,exception_to_unicode(e)) 391 if reraise: 392 raise 393 exceptExceptionas e: 394 self.log.error("Component%sfailed with%s", component, dle fatal error load_template on a non-object, 395 exception_to_unicode(e, traceback=True)) 396 if reraise: 397 raise 398 399 defverify(self): 400 """Verify that the provided path points to a valid Trac environment 401 directory.""" 402 try: 403 with open(os.path.join(self.path,'VERSION'))as f: 404 dle fatal error load_template on a non-object tag = f.readline().rstrip() 405 exceptExceptionas e: 406 raiseTracError(_("No Trac environment found at%(path)s\n" 407 "%(e)s", 408 path=self.path, e=exception_to_unicode(e))) 409 if tag != _VERSION: 410 raiseTracError(_("Unknown Trac environment type '%(type)s'", 411 type=tag)) 412 413 @lazy 414 defdb_exc(self): 415 """Return an object (typically dle fatal error load_template on a non-object module) containing all the 416 backend-specific exception sharepoint error code 1000 as attributes, named 417 according to the Python Database API 418 (http://www.python.org/dev/peps/pep-0249/). 419 420 To catch a database exception, use the following pattern:: 421 422 try: 423 with env.db_transaction as db: 424 . 425 except env.db_exc.IntegrityError as e: 426 ., dle fatal error load_template on a non-object. 427 """ 428 returnDatabaseManager(self).get_exceptions() 429 430 @property 431 defdb_query(self): 432 """Return a context manager 433 (`~trac.db.api.QueryContextManager`) which can be used to 434 obtain a read-only database connection. 435 436 Example:: 437 438 with env.db_query as db: 439 error 3006 diablo 3 cursor = db.cursor() 440 cursor.execute("SELECT .") 441 for row in cursor.fetchall(): 442 . 443 444 Note that a connection retrieved this way can be "called" 445 directly in order to execute a query:: 446 447 with env.db_query as db: 448 for row in db("SELECT ."): 449 . 450 451 :warning: after a `with env.db_query as db` block, though the 452 `db` variable is still defined, you shouldn't use it as it 453 might have been closed when exiting the context, if this 454 context was the outermost context (`db_query` or 455 syntax error speed 750 `db_transaction`). 456 457 If you don't need to manipulate the connection itself, this 458 can even be simplified to:: 459 460 for row in env.db_query("SELECT ."): 461 . 462 463 """ 464 returnQueryContextManager(self) 465 466 @property 467 defdb_transaction(self): 468 """Return a context manager 469 (`~trac.db.api.TransactionContextManager`) which can be used 470 to obtain a writable database connection. 471 472 Example:: 473 474 with env.db_transaction as db: 475 cursor = db.cursor() 476 usb hdd current pending errors count cursor.execute("UPDATE .") 477 478 Upon successful exit of the context, the context manager will 479 commit the transaction. In case of nested contexts, only the 480 outermost context performs a commit. However, should an 481 exception happen, any context manager will perform a rollback. 482 You should *not* call `commit()` yourself progress appserver error 7175 such block, 483 as this will force a commit even if that transaction is part 484 of a larger transaction. 485 486 Like for its read-only counterpart, you can directly execute a 487 DML query on the `db`:: 488 489 with env.db_transaction as db: 490 db("UPDATE .") 491 492 :warning: after a `with env.db_transaction` as db` block, 493 though the `db` variable is still available, you shouldn't 494 use it as it might have been closed when exiting the 495 context, if this context was the outermost context 496 (`db_query` or `db_transaction`), dle fatal error load_template on a non-object. 497 498 If you don't need to manipulate the connection itself, this 499 can also be simplified to:: 500 501 env.db_transaction("UPDATE .") 502 503 """ 504 returnTransactionContextManager(self) 505 506 defshutdown(self, tid=None): 507 """Close the environment.""" 508 from trac.versioncontrol.api import RepositoryManager 509 RepositoryManager(self).shutdown(tid) 510 DatabaseManager(self).shutdown(tid) 511 if tid is None: 512 log.shutdown(self.log) 513 514 defcreate(self, options=[]): 515 """Create the basic directory structure of the environment, 516 initialize the database and populate the configuration file 517 with default values. 518 519 If options contains ('inherit', 'file'), default values will 520 not be loaded; they are expected to be provided by that file 521 or other options. 522 523 :raises TracError: if the base directory of `path` does not exist. 524 :raises TracError: if `path` exists and is not empty. 525 """ 526 base_dir = os.path.dirname(self.path) 527 if not os.path.exists(base_dir): 528 raiseTracError(_( 529 "Base directory '%(env)s' does not exist. Please create it " 530 "and retry.", env=base_dir)) 531 532 if os.path.exists(self.path)and os.listdir(self.path): 533 raiseTracError(_("Directory exists and is not empty.")) 534 535 # Create the directory structure 536 if not os.path.exists(self.path): 537 os.mkdir(self.path) 538 os.mkdir(self.htdocs_dir) 539 os.mkdir(self.log_dir) 540 os.mkdir(self.plugins_dir) 541 os.mkdir(self.templates_dir) 542 543 # Create a few files 544 create_file(os.path.join(self.path,'VERSION'), dle fatal error load_template on a non-object, _VERSION +'\n') 545 create_file(os.path.join(self.path,'README'), 546 'This directory contains a Trac environment.\n' 547 'Visit https://trac.edgewall.org/ for more information.\n') 548 549 # Setup the default configuration 550 os.mkdir(self.conf_dir) 551 config =Configuration(self.config_file_path) 552 for section, dle fatal error load_template on a non-object, name, value in options: 553 config.set(section, name, value) 554 config.save() 555 self.setup_config() 556 if notany((section, option) == ('inherit','file') 557 for section, option, value in options): 558 self.config.set_defaults(self) 559 self.config.save() 560 561 # Create the sample configuration 562 create_file(self.config_file_path +'.sample') 563 self._update_sample_config() 564 565 # Create the database 566 DatabaseManager(self).init_db() 567 568 @lazy 569 defdatabase_version(self): 570 """Returns the current version of the database. 571 572 :since 1.0.2: 573 """ 574 returnDatabaseManager(self) \ 575 .get_database_version('database_version') 576 577 @lazy 578 defdatabase_initial_version(self): 579 """Returns the version of the database at the time of creation. 580 581 In practice, for a database created before 0.11, this will wis 10022 error return `False` which is "older" than any db version number. 583 584 :since 1.0.2: 585 """ 586 returnDatabaseManager(self) \ 587 .get_database_version('initial_database_version') 588 589 @lazy 590 deftrac_version(self): 591 """Returns the version of Trac. 592 :since: 1.2 593 """ 594 from trac import core, __version__ 595 returnget_pkginfo(core).get('version', __version__) 596 597 defsetup_config(self): 598 """Load the configuration file.""" 599 self.config =Configuration(self.config_file_path, 600 {'envname': self.name}) 601 if not self.config.exists: 602 raiseTracError(_("The configuration file is not found at " 603 "%(path)s", path=self.config_file_path)) 604 self.setup_log() 605 dle fatal error load_template on a non-object plugins_dir = self.shared_plugins_dir 606 load_components(self, plugins_dir and(plugins_dir,)) 607 608 @lazy 609 defconfig_file_path(self): 610 """Path of the trac.ini file.""" 611 return os.path.join(self.conf_dir,'trac.ini') 612 613 @lazy 614 deflog_file_path(self): 615 """Path to the log file.""" 616 if not os.path.isabs(self.log_file): 617 return os.path.join(self.log_dir, self.log_file) 618 return self.log_file 619 620 def_get_path_to_dir(self, *dirs): 621 path = self.path 622 fordirin dirs: 623 path = os.path.join(path,dir) 624 return os.path.realpath(path) 625 626 @lazy 627 defattachments_dir(self): 628 """Absolute path to the attachments directory. 629 630 :since: 1.3.1 631 """ 632 return sql select error varchar int implicit 633 634 @lazy 635 defconf_dir(self): 636 """Absolute path to the conf directory. 637 638 :since: 1.0.11 639 """ 640 return self._get_path_to_dir('conf') 641 642 @lazy 643 deffiles_dir(self): 644 """Absolute path to the files directory. 645 646 :since: 1.3.2 647 """ 648 return self._get_path_to_dir('files') 649 650 @lazy 651 defhtdocs_dir(self): 652 """Absolute path to the htdocs directory. 653 654 :since: 1.0.11 655 """ 656 return self._get_path_to_dir('htdocs') 657 658 @lazy 659 deflog_dir(self): 660 """Absolute path to the log directory. 661 662 :since: 1.0.11 663 """ 664 return self._get_path_to_dir('log') 665 666 @lazy 667 defplugins_dir(self): 668 """Absolute path to the plugins directory. 669 670 :since: 1.0.11 671 """ 672 return self._get_path_to_dir('plugins') 673 674 @lazy 675 deftemplates_dir(self): 676 """Absolute path to the templates directory. 677 678 :since: 1.0.11 679 """ 680 return self._get_path_to_dir('templates') 681 682 defsetup_log(self): 683 """Initialize the logging sub-system.""" 684 self.log, log_handler = \ 685 self.create_logger(self.log_type, self.log_file_path, 686 self.log_level, self.log_format) 687 self.log.addHandler(log_handler) 688 self.log.info('-'*32+' environment startup [Trac%s] '+'-'*32, dle fatal error load_template on a non-object, 689 self.trac_version) 690 chernobyl terrorist attack 2011/eng/demo 691 defcreate_logger(self, log_type, log_file, log_level, log_format): 692 log_id ='Trac.%s'% hashlib.sha1(self.path).hexdigest() 693 if log_format: 694 log_format = log_format.replace('$(','%(') \ 695 .replace('%(path)s', self.path) \ 696 .replace('%(basename)s', self.name) \ 697 .replace('%(project)s', self.project_name) 698 return log.logger_handler_factory(log_type, log_file, log_level, 699 log_id, format=log_format) 700 701 defget_known_users(self, as_dict=False): 702 """Returns information about all known users, i.e. users that 703 have logged in to this Trac environment and possibly set their 704 name and email. 705 706 By default this function returns an iterator that yields one 707 tuple for every user, of the form (username, name, email), 708 ordered alpha-numerically by username. When `as_dict` is `True` 709 the function returns a dictionary mapping username to a 710 (name, email) tuple. 711 712 :since 1.2: the `as_dict` parameter is available. 713 """ 714 return self._known_users_dict if as_dict elseiter(self._known_users) 715 716 @cached 717 def_known_users(self): 718 return self.db_query(""" 719 SELECT DISTINCT s.sid, n.value, e.value 720 FROM session AS s 721 LEFT JOIN session_attribute AS n ON (n.sid=s.sid 722 AND n.authenticated=1 AND n.name = 'name') 723 LEFT JOIN session_attribute AS e ON (e.sid=s.sid 724 AND e.authenticated=1 AND e.name = 'email') 725 WHERE s.authenticated=1 ORDER BY s.sid 726 """) 727 728 @cached 729 def_known_users_dict(self): 730 return{u[0]: (u[1], u[2])for u in self._known_users} 731 732 definvalidate_known_users_cache(self): 733 """Clear the known_users cache.""" 734 del self._known_users 735 del self._known_users_dict 736 737 defbackup(self, dest=None): 738 """Create a backup of the database. 739 740 :param dest: Destination file; if not specified, the backup is 741 stored in a file called db_name.trac_version.bak 742 """ 743 returnDatabaseManager(self).backup(dest) 744 745 defneeds_upgrade(self): 746 """Return whether the environment needs to be upgraded.""" 747 for participant in self.setup_participants: 748 try: 749 with self.component_guard(participant, reraise=True): 750 if participant.environment_needs_upgrade(): 751 self.log.warning( 752 "Component%srequires an environment upgrade", 753 participant) 754 return True 755 exceptExceptionas e: 756 raiseTracError(_("Unable to check for upgrade of " 757 "%(module)s.%(name)s:%(err)s", 758 module=participant.__class__.__module__, 759 name=participant.__class__.__name__, 760 err=exception_to_unicode(e))) 761 return False 762 763 defupgrade(self, backup=False, backup_dest=None): 764 """Upgrade database. 765 766 :param backup: whether or not to backup before upgrading 767 :param backup_dest: name of the backup file 768 :return: whether the upgrade was performed 769 """ 770 upgraders = [] 771 for participant in self.setup_participants: 772 with self.component_guard(participant, reraise=True): 773 if participant.environment_needs_upgrade(): 774 upgraders.append(participant) 775 if not upgraders: 776 return 777 778 if backup: 779 try: 780 self.backup(backup_dest) 781 exceptExceptionas e: 782 raiseBackupError(e) 783 784 for participant in upgraders: 785 self.log.info("upgrading%s.", participant) 786 with self.component_guard(participant, reraise=True): 787 participant.upgrade_environment() 788 # Database schema may have changed, so close all connections 789 dbm =DatabaseManager(self) 790 if dbm.connection_uri !='sqlite::memory:': 791 dbm.shutdown() 792 793 self._update_sample_config() 794 del self.database_version 795 return True 796 797 @lazy 798 defhref(self): 799 """The application root path""" 800 returnHref(urlsplit(self.abs_href.base).path) 801 802 @lazy 803 defabs_href(self): 804 """The application URL""" 805 if not self.base_url: 806 self.log.warning("[trac] base_url option not set in " 807 "configuration, generated links may be incorrect") 808 returnHref(self.base_url) 809 810 def_update_sample_config(self): 811 filename = os.path.join(self.config_file_path +'.sample') 812 if not os.path.isfile(filename): 813 return 814 config =Configuration(filename) 815 config.set_defaults() 816 try: 817 config.save() 818 exceptEnvironmentErroras e: 819 self.log.warning("Couldn't write sample configuration file (%s)%s", 820 e,exception_to_unicode(e, traceback=True)) 821 else: 822 self.log.info("Wrote sample configuration file with the new " 823 "settings and their default values:%s", 824 filename) 825 826 827 env_cache = {} 828 env_cache_lock = threading.Lock() 829 830 831 defopen_environment(env_path=None, use_cache=False): 832 """Open an existing environment object, and verify that the database is up 833 to date. 834 835 :param env_path: absolute path to the environment directory; if 836 omitted, the value of the `TRAC_ENV` environment 837 3ds max 2012 registration-activation error variable is used 838 :param use_cache: whether the environment should be cached for 839 subsequent invocations of this function 840 :return: the `Environment` object 841 """ 842 if not env_path: 843 env_path = os.getenv('TRAC_ENV') 844 if not env_path: 845 raiseTracError(_('Missing environment variable "TRAC_ENV". ' 846 'Trac requires this variable to point to a valid ' 847 'Trac environment.')) 848 849 if use_cache: 850 with env_cache_lock: 851 env = env_cache.get(env_path) 852 if env and env.config.parse_if_needed(): 853 # The environment configuration has changed, so shut it down 854 # and remove it from the cache so that it gets reinitialized 855 env.log.info('Reloading environment due to configuration ' 856 'change') 857 env.shutdown() 858 del env_cache[env_path] 859 env =None 860 if env is None: 861 env = env_cache.setdefault(env_path, 862 open_environment(env_path)) 863 else: 864 CacheManager(env).reset_metadata() 865 else: 866 env =Environment(env_path) 867 try: 868 needs_upgrade = env.needs_upgrade() 869 except TracError as e: 870 env.log.error("Exception caught while checking for upgrade:%s", 871 exception_to_unicode(e)) 872 raise 873 exceptExceptionas e:# e.g. no database connection 874 env.log.error("Exception caught while checking for upgrade:%s", 875 exception_to_unicode(e, traceback=True)) 876 raise 877 else: 878 if needs_upgrade: 879 raiseTracError(_('The Trac Environment needs to be upgraded. ' 880 'Run:\n\ntrac-admin "%(path)s" upgrade', 881 path=env_path)) 882 883 return env 884 885 886 classEnvironmentAdmin(Component): 887 """trac-admin command provider for environment administration.""" 888 889 implements(IAdminCommandProvider) 890 891 # IAdminCommandProvider methods 892 893 defget_admin_commands(self): 894 yield('convert_db','<dburi> [new_env]', 895 """Convert database 896 897 dle fatal error load_template on a non-object Converts the database backend in the environment in which 898 the command is run (in-place), or in a new copy of the 899 environment. For an in-place conversion, the data is 900 copied to the database specified in <dburi> and the 901 [trac] database setting is changed to point to the new 902 database. The new database must be empty, which for an 903 SQLite database means the file should not exist. The data 904 in the existing database is left unmodified. 905 906 For a database conversion in a new copy of the environment, 907 the environment in which the command is executed is copied 908 and the [trac] database setting is changed in the new 909 environment. The existing environment is left unmodified. 910 911 Be sure to create a backup (see `hotcopy`) before converting 912 the database, particularly when doing an in-place conversion. 913 """, 914 self._complete_convert_db, self._do_convert_db) 915 yield('deploy','<directory>', 916 'Extract static resources dle fatal error load_template on a non-object Trac and all plugins', 917 None, self._do_deploy) 918 yield('hotcopy','<backupdir> [--no-database]', 919 """Make a hot backup copy of an environment 920 921 The database is backed up to the 'db' directory of the 922 destination, unless the --no-database option is 923 specified. 924 """, 925 None, self._do_hotcopy) 926 yield('upgrade','[--no-backup]', 927 """Upgrade database to current version 928 929 The database is backed up to the directory specified by [trac] terrorisme islamique russie backup_dir (the default is 'db'), unless the --no-backup 931 option is specified. The shorthand alias -b can also be used 932 to specify --no-backup. 933 """, 934 None, self._do_upgrade) 935 936 def_do_convert_db(self, dburi, env_path=None): 937 if env_path: 938 return self._do_convert_db_in_new_env(dburi, env_path) 939 else: 940 return self._do_convert_db_in_place(dburi) 941 942 def_complete_convert_db(self, args): 943 iflen(args) ==2: 944 returnget_dir_list(args[1]) 945 946 def_do_deploy(self, dest): 947 target = os.path.normpath(dest) 948 chrome_target = os.path.join(target,'htdocs') 949 script_target = os.path.join(target,'cgi-bin') 950 chrome =Chrome(self.env) 951 952 # Check source and destination to avoid recursively copying files 953 for provider in chrome.template_providers: 954 paths =list(provider.get_htdocs_dirs()or[]) 955 if not paths: 956 continue 957 for key, root in paths: 958 if not root: 959 continue 960 source = os.path.normpath(root) 961 dest = os.path.join(chrome_target, key) 962 if os.path.exists(source)andis_path_below(dest, source): 963 raiseAdminCommandError( 964 _("Resources cannot be deployed to a target " 965 "directory that is equal to or below the source " 966 "directory dle fatal error load_template on a non-object choose a " 967 "different target directory and try again.", 968 source=source)) dle fatal error load_template on a non-object 970 # Copy static content 971 makedirs(target, overwrite=True) 972 makedirs(chrome_target, overwrite=True) 973 printout(_("Copying resources from:")) 974 for provider in chrome.template_providers: 975 paths =list(provider.get_htdocs_dirs()or[]) 976 if not paths: 977 continue 978 printout('%s.%s'% (provider.__module__, 979 provider.__class__.__name__)) 980 for key, root in paths: 981 if not root: 982 continue 983 source = os.path.normpath(root) 984 printout(' dle fatal error load_template on a non-object, source) 985 if os.path.exists(source): 986 dest = os.path.join(chrome_target, key) 987 copytree(source, dest, overwrite=True) 988 989 # Create and copy scripts 990 makedirs(script_target, overwrite=True) 991 printout(_("Creating scripts.")) 992 data = {'env': self.env,'executable': sys.executable,'repr':repr} 993 for script in('cgi','fcgi','wsgi'): 994 dest = os.path.join(script_target,'trac.'+ script) 995 template = chrome.load_template('deploy_trac.'+ script, text=True) 996 text = chrome.render_template_string(template, data, text=True) 997 998 with open(dest,'w')as out: 999 out.write(text.encode('utf-8')) 1000 1001 def_do_hotcopy(self, dest, no_db=None): 1002 if no_db not in(None,'--no-database'): 1003 raiseAdminCommandError(_("Invalid argument '%(arg)s'", arg=no_db), 1004 show_usage=True) 1005 1006 if os.path.exists(dest): 1007 raiseTracError(_("hotcopy can't overwrite existing '%(dest)s'", 1008 dest=path_to_unicode(dest))) 1009 1010 printout(_("Hotcopying%(src)sto%(dst)s.", 1011 src=path_to_unicode(self.env.path), 1012 dst=path_to_unicode(dest))) 1013 db_str = self.env.config.get('trac','database') 1014 prefix, db_path = db_str.split(':',1) 1015 skip = [] 1016 1017 if prefix =='sqlite': 1018 db_path = os.path.join(self.env.path, os.path.normpath(db_path)) 1019 # don't copy the journal (also, dle fatal error load_template on a non-object, this would fail on Windows) 1020 skip = [db_path +'-journal', db_path +'-stmtjrnl', 1021 db_path +'-shm', db_path +'-wal'] 1022 if no_db: 1023 skip.append(db_path) 1024 1025 # Bogus statement to lock the database while copying files 1026 with self.env.db_transaction as db: 1027 db("UPDATE "+ db.quote('system') + 1028 " SET name=NULL WHERE name IS NULL") 1029 try: 1030 copytree(self.env.path, dest, symlinks=1, skip=skip) 1031 except shutil.Error as e: 1032 runtime error 1004 vba excel samsung scx4200 internal error =1 1033 printerr(_("The following errors happened while copying " 1034 "the environment:")) 1035 for src, dst, err in e.args[0]: 1036 if src in err: 1037 printerr('%s'% err) 1038 else: 1039 printerr("%s: '%s'"% (err,path_to_unicode(src))) 1040 else: 1041 retval =0 1042 1043 # db backup for non-sqlite 1044 if prefix !='sqlite'and not no_db: 1045 printout(_("Backing up database .")) 1046 sql_backup = os.path.join(dest,'db', 1047 '%s-db-backup.sql'% prefix) 1048 self.env.backup(sql_backup) 1049 1050 printout(_("Hotcopy done.")) 1051 return retval 1052 1053 def_do_upgrade(self, no_backup=None): 1054 if no_backup not in(None,'-b','--no-backup'): 1055 raiseAdminCommandError(_("Invalid arguments"), dle fatal error load_template on a non-object, show_usage=True) 1056 1057 if not self.env.needs_upgrade(): 1058 printout(_("Database is up to date, no upgrade necessary.")) 1059 return 1060 1061 try: 1062 self.env.upgrade
NameDescriptionCVE-2022-36582An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-36580An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via canon error 5100 pixma crafted PHP file. CVE-2022-36262An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. CVE-2022-35426UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file, dle fatal error load_template on a non-object. CVE-2022-35239The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file. CVE-2022-34971An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-34965OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-33900PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. CVE-2022-32420College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. CVE-2022-32409A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request. CVE-2022-31627In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. CVE-2022-31626In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. CVE-2022-31625In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service, dle fatal error load_template on a non-object. CVE-2022-31374An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. CVE-2022-31181PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature. CVE-2022-31158LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds. CVE-2022-31157LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, dle fatal error load_template on a non-object, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds. CVE-2022-31140Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, dle fatal error load_template on a non-object database connection exception showing database IP address/username/password, or a timeout detail / out of memory detail. Attackers could use this information for potential data exfiltration, denial of service attacks, enumeration attacks, etc. Version 0.12.0 contains a patch for this vulnerability, dle fatal error load_template on a non-object. CVE-2022-31109laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a `Laminas\Diactoros\Uri` instance associated with the incoming server request modified to reflect values from `X-Forwarded-*` headers. Such changes can potentially lead to XSS attacks (if a fully-qualified URL is used in links) and/or URL poisoning. Since the `X-Forwarded-*` headers do have valid use cases, particularly in clustered environments using a load balancer, the library offers mitigation measures only in the v2 releases, as doing otherwise would break these use cases immediately. Users of v2 releases from 2.11.1 can provide an additional argument to `Laminas\Diactoros\ServerRequestFactory::fromGlobals()` in the form of a `Laminas\Diactoros\RequestFilter\RequestFilterInterface` instance, including the shipped `Laminas\Diactoros\RequestFilter\NoOpRequestFilter` implementation which ignores the `X-Forwarded-*` headers. Starting in version 3.0, the library will reverse behavior to use the `NoOpRequestFilter` by default, and require users to opt-in to `X-Forwarded-*` header usage via a configured `Laminas\Diactoros\RequestFilter\LegacyXForwardedHeaderFilter` instance. Users are advised to upgrade to version 2.11.1 or later to resolve this issue, dle fatal error load_template on a non-object. Users unable to upgrade may configure web servers to reject `X-Forwarded-*` headers at the web server level. CVE-2022-31091Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together. CVE-2022-31090Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), dle fatal error load_template on a non-object, if dle fatal error load_template on a non-object choose to follow it, we should remove the `CURLOPT_HTTPAUTH` drupal ecommerce an ajax http error occurred before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Dle fatal error load_template on a non-object users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of dle fatal error load_template on a non-object curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather frame rx. with crc error curl. CVE-2022-31087LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory. CVE-2022-31086LDAP Account Manager (LAM) is a webfrontend for dle fatal error load_template on a non-object entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue. CVE-2022-31085LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in idle air control system overspeed error 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. CVE-2022-31043Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. CVE-2022-31042Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request shadow system/video bios error the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware dle fatal error load_template on a non-object re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach keyboard interface error hp use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. CVE-2022-30887Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. CVE-2022-30482Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. CVE-2022-30478Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. CVE-2022-30464ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. CVE-2022-30459ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. CVE-2022-30449Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. CVE-2022-30448Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php, dle fatal error load_template on a non-object. CVE-2022-30287Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. CVE-2022-30007GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server. CVE-2022-29725An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-29655An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-29651An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-29624An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-29347An arbitrary file upload vulnerability in [email protected] 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. CVE-2022-29318An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-29254silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability. CVE-2022-29248Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware. CVE-2022-29221Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. CVE-2022-28960A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. CVE-2022-28440An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-28368Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). CVE-2022-28102A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. CVE-2022-28093SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. CVE-2022-28053Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27991Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters, dle fatal error load_template on a non-object. CVE-2022-27862Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. CVE-2022-27357Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27352Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file, dle fatal error load_template on a non-object. CVE-2022-27351Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27349Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27346Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27257A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. CVE-2022-27256A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. CVE-2022-27140An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27131An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27129An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27127zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. CVE-2022-27125zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. CVE-2022-27064Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-27061AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-26982SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. CVE-2022-26645A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. CVE-2022-26635PHP-Memcached v2.2.0 and below contains an improper NULL dle fatal error load_template on a non-object which allows attackers to execute CLRF injection. CVE-2022-26613PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. CVE-2022-26607A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. CVE-2022-26521Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). CVE-2022-26265Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. CVE-2022-26254WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. CVE-2022-2594The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available, dle fatal error load_template on a non-object. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release. CVE-2022-25866The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. CVE-2022-2579A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src="" onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. CVE-2022-2578A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The error code 80072ee7 windows mobile has been disclosed to the public and may be used. CVE-2022-2552The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. CVE-2022-25495The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. CVE-2022-25411A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-25402An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. CVE-2022-25101A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-25099A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-25018Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. CVE-2022-25016Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-24977ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ./// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. CVE-2022-24953The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. CVE-2022-24828Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. CVE-2022-24800October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory. This vulnerability affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface and does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. The issue has been patched in Build 476 (v1.0.476), v1.1.12, and v2.2.15. Those who are unable to upgrade may apply with patch to their installation manually as a workaround. CVE-2022-24748Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework, dle fatal error load_template on a non-object. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds. CVE-2022-24747Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds, dle fatal error load_template on a non-object. CVE-2022-24746Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue. CVE-2022-24745Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache. CVE-2022-24744Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1, dle fatal error load_template on a non-object. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. CVE-2022-24734MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, dle fatal error load_template on a non-object, which allows administrators to add, edit, dle fatal error load_template on a non-object, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds, dle fatal error load_template on a non-object. CVE-2022-24712CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, dle fatal error load_template on a non-object, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. CVE-2022-24711CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability. CVE-2022-24708Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with elements of JavaScript. Such script could then be executed in user browser on subsequent requests on pages where primary group name was displayed. This is vulnerability has been fixed in version 1.20.0.5646. Users who are unable to upgrade may modify ttUser.class.php to use an additional call to htmlspecialchars when printing group name. CVE-2022-24707Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests, dle fatal error load_template on a non-object. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input. CVE-2022-24688An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved by exploiting the Broken Access Control with further Brute-force attack or SQL Injection.) The uploaded file is stored within the database and copied to the sync web folder if the attacker visits a certain .php?action= page. CVE-2022-24665PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. CVE-2022-24664PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. CVE-2022-24663PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. CVE-2022-24652sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. CVE-2022-24651sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. CVE-2022-24637Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter. CVE-2022-2444The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. CVE-2022-2437The Feed Them Social &#8211; for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. CVE-2022-24248RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, dle fatal error load_template on a non-object, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints. CVE-2022-24247RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution. CVE-2022-24232A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-24136Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it. CVE-2022-24108The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to dle fatal error load_template on a non-object to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data. CVE-2022-23993/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. CVE-2022-23940SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution. CVE-2022-23880An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. CVE-2022-2381The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, dle fatal error load_template on a non-object, which could allow attackers to make canon mp140 error e22 logged in admin upload arbitrary files, such as PHP via a CSRF attack CVE-2022-23655Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation. CVE-2022-23638svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available. CVE-2022-23626m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. CVE-2022-2362The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP dle fatal error load_template on a non-object certain HTTP headers over PHP's REMOTE_ADDR, which makes keygen terrorist takedown 2 possible to bypass IP-based download blocking restrictions. CVE-2022-23614Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary Dle fatal error load_template on a non-object code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. CVE-2022-23601Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. CVE-2022-2314The VR Calendar WordPress plugin through 2.2.2 lets any user execute arbitrary PHP functions on the site. CVE-2022-23048Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in dle fatal error load_template on a non-object format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands. CVE-2022-22990A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. CVE-2022-2297A dle fatal error load_template on a non-object, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?> leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. CVE-2022-2268The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading error detecting device lockdown error-5 RCE CVE-2022-22142Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. CVE-2022-21805Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. CVE-2022-2180The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE). CVE-2022-21715CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only. CVE-2022-21705Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The error unhandled exception irradiance has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to dle fatal error load_template on a non-object installation manually. CVE-2022-21664WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. CVE-2022-21663WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, dle fatal error load_template on a non-object, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. CVE-2022-21662WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. CVE-2022-21661WordPress dle fatal error load_template on a non-object a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. CVE-2022-21648Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks, dle fatal error load_template on a non-object. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources. CVE-2022-21647CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. Users unable to upgrade as advised to not use the `old()` function and form_helper nor `RedirectResponse::withInput()` and `redirect()->withInput()`. CVE-2022-2102Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed. CVE-2022-1939The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to CVE-2022-1837A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public. CVE-2022-1667Client-side JavaScript controls dle fatal error load_template on a non-object be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script CVE-2022-1657Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function. CVE-2022-1648Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege. CVE-2022-1614The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. CVE-2022-1600The YOP Poll WordPress plugin before 6.4.3 dle fatal error load_template on a non-object getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. CVE-2022-1574The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, dle fatal error load_template on a non-object, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server CVE-2022-1463The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1, dle fatal error load_template on a non-object. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site. CVE-2022-1409The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code CVE-2022-1390The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique CVE-2022-1273The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE CVE-2022-1217The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin dle fatal error load_template on a non-object, leading to Reflected Cross-Site Scripting, dle fatal error load_template on a non-object. CVE-2022-1216The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. CVE-2022-1166The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. CVE-2022-1103The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, dle fatal error load_template on a non-object, which could lead to RCE CVE-2022-1075A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Phoenix winphlash error 161 Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication. CVE-2022-1008The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, dle fatal error load_template on a non-object, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed CVE-2022-0885The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and handle php error not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. CVE-2022-0863The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip dle fatal error load_template on a non-object containing malicious php code, leading to remote code execution. CVE-2022-0828The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. CVE-2022-0782The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection CVE-2022-0687The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. CVE-2022-0661The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. Further it is also possible to inject PHP code, leading to a Remote Code execution (RCE) vulnerability, even if the DISALLOW_FILE_EDIT and DISALLOW_FILE_MOD constants are both set. CVE-2022-0594The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. CVE-2022-0537The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further dcp-115c machine error 50 name parameter is not sanitized, dle fatal error load_template on a non-object, allowing the payload to be uploaded to any directory to which the server has write access, dle fatal error load_template on a non-object. CVE-2022-0499The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files ad replication error 8457 as PHP ones. CVE-2022-0440The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) CVE-2022-0380The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER['PHP_SELF'] found in the ~/options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3. CVE-2021-46824Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. CVE-2021-46743In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. CVE-2021-46433In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is bamboo error 4002. CVE-2021-46367RiteCMS version 3.1.0 and below suffers from dle fatal error load_template on a non-object remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. CVE-2021-46360Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. CVE-2021-46113In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service. CVE-2021-46076Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. CVE-2021-46024Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. CVE-2021-46013An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users. CVE-2021-45435An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. CVE-2021-45268** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons. CVE-2021-45010A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. CVE-2021-44967A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. CVE-2021-44912In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, dle fatal error load_template on a non-object can upload the PHP type file to GETSHELL. CVE-2021-44911XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php, dle fatal error load_template on a non-object. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. CVE-2021-44664An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte hp error 6d9 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination dle fatal error load_template on a non-object abusing path traversal in the 'mediapath' variable. CVE-2021-44663A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. CVE-2021-44114Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. CVE-2021-44095A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. CVE-2021-44087A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. CVE-2021-43852OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__``constructor[prototype]`, and `constructor.prototype` to mitigate this issue. CVE-2021-43851Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior disk error press any key to restart to not properly checking of the "group" and "status" parameters in POST requests, dle fatal error load_template on a non-object. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607, dle fatal error load_template on a non-object. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use dle fatal error load_template on a non-object in the access check block in the file. CVE-2021-43847HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue. CVE-2021-43836Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language. CVE-2021-43835Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0, dle fatal error load_template on a non-object. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually. CVE-2021-43822Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible, you can escape all places where `$property` is used to filter `sv:name` in the class `Jackalope\Transport\DoctrineDBAL\Query\QOMWalker`: `XPath::escape($property)`. Node names and xpaths can contain `"` or `;` according to the JCR specification. The jackalope component that translates the query object model into doctrine dbal queries does not properly escape the names and paths, so that a accordingly crafted node name can lead to an SQL injection. If queries are never done from user input, or if you validate the user input to not contain `;`, you are not affected. CVE-2021-43692youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. CVE-2021-43678Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. CVE-2021-43675Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user. CVE-2021-43617Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload. CVE-2021-43430An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. CVE-2021-43421A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. CVE-2021-43281MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed on Change Settings pages. CVE-2021-43176The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied &#8220;action&#8221; parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize dle fatal error load_template on a non-object user input that specifies the action. This permits an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. Combined with CVE-2021-43175, it is possible for the attacker to do this without valid credentials. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C CVE-2021-43175The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C CVE-2021-43158In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. CVE-2021-43157Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. CVE-2021-43156In ProjectWorlds Online Book Store PHP 1.0 a Dle fatal error load_template on a non-object vulnerability in admin_delete.php allows a remote attacker to delete any book. CVE-2021-43155Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. CVE-2021-42840SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328. CVE-2021-42675Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution. CVE-2021-42671An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization. CVE-2021-42670A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. CVE-2021-42669A file dle fatal error load_template on a non-object vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id. CVE-2021-42668A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server. CVE-2021-42667A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web file name error and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. CVE-2021-42666A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. CVE-2021-42665An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, dle fatal error load_template on a non-object, which can allow an attacker to bypass authentication. column count doesnt match error number 1136 CVE-2021-42664A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters dle fatal error load_template on a non-object add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. CVE-2021-42663An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice. CVE-2021-42662A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Dle fatal error load_template on a non-object System in Dle fatal error load_template on a non-object via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. CVE-2021-42645CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" error 0x8009030d. 10001 to upload a PHP payload to get a reverse shell from the vulnerable host. CVE-2021-42643cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability. CVE-2021-4225The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. CVE-2021-42169The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. CVE-2021-42078PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., wsa error 10051 perform actions on the page in the context of other users, or to deface the site. CVE-2021-42077PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form, dle fatal error load_template on a non-object. CVE-2021-42040An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion. CVE-2021-41870An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. CVE-2021-41662The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution. CVE-2021-41661Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by dle fatal error load_template on a non-object a PHP webshell. CVE-2021-41646Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters. CVE-2021-41644Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. CVE-2021-41597SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive. CVE-2021-41421A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. CVE-2021-41402flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote essbase error1006023 data cache is full user execute arbitrary PHP code. CVE-2021-41273Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute dle fatal error load_template on a non-object CSRF-based attack against the following endpoints: Sending a test email and Generating a node setup selfextract an error 82 token. At no point would any data be exposed to the malicious user, this would simply trigger email spam to an administrative user, dle fatal error load_template on a non-object, or generate a single auto-deployment token unexpectedly. This token is not revealed to the malicious user, it is simply created unexpectedly in the system. This has been addressed in release `1.6.6`. Users may optionally manually apply the fixes released in v1.6.6 to patch their own systems. CVE-2021-41270Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection, dle fatal error load_template on a non-object. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`, dle fatal error load_template on a non-object. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `'` to prefix formulas and add the prefix to cells starting by `\t`, `\r` as well as `=`, `+`, `-` and `@`. CVE-2021-41268Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version 5.3.0, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with version 5.3.12, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore. CVE-2021-41267Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the "trusted_headers" allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted. CVE-2021-41236OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible. CVE-2021-41176Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go, dle fatal error load_template on a non-object. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3. CVE-2021-41169Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade. CVE-2021-41139Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible to craft the URI with malicious JavaScript, use social engineering to convince logged on user to click on such link, and have the attacker-supplied JavaScript to be executed in user's browser. This issue is patched in version 1.19.30.5600. As a workaround, one may introduce `ttValidDbDateFormatDate` function as in the latest version and add a call to it within the access checks block in time.php, dle fatal error load_template on a non-object. CVE-2021-41129Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `[email protected]__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel's cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at canon error 225 position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, dle fatal error load_template on a non-object, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere. CVE-2021-41126October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package, dle fatal error load_template on a non-object. There are no workarounds for this issue and all users should update. CVE-2021-41116Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version, dle fatal error load_template on a non-object. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. CVE-2021-41114TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941), dle fatal error load_template on a non-object. A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability. CVE-2021-41113TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require activex chrome runtime error attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described. CVE-2021-41034The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che. CVE-2021-40940Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. CVE-2021-40928Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. CVE-2021-40925Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter, dle fatal error load_template on a non-object. CVE-2021-40909Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. CVE-2021-40904The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. CVE-2021-40889CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully dle fatal error load_template on a non-object their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code, dle fatal error load_template on a non-object. CVE-2021-40887Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ./ to move all PHP files or any file on the system that has permissions to /upload/files/ folder. CVE-2021-40845The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory. CVE-2021-40595SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. CVE-2021-40579https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote). CVE-2021-40578Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. CVE-2021-40577A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management Nraas relationship panel script error in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. CVE-2021-40373playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. CVE-2021-40344An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution. CVE-2021-40247SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. CVE-2021-40188PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php. php7. phtml. php5. .". An attacker can upload a malicious file and execute code on the server. CVE-2021-40102An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). CVE-2021-40097An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter, dle fatal error load_template on a non-object. CVE-2021-39608Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote dle fatal error load_template on a non-object user exeuct arbitrary php code. CVE-2021-39503PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. CVE-2021-39459Remote code execution in the modules component in Error sending on udp 0x2741 Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. CVE-2021-39412Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php. CVE-2021-39322The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. CVE-2021-39321Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function. CVE-2021-39320The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file, dle fatal error load_template on a non-object. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. CVE-2021-39310The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2, dle fatal error load_template on a non-object. CVE-2021-39291Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, dle fatal error load_template on a non-object, NB1800, NB1810, NB2700, NB2710, dle fatal error load_template on a non-object, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. CVE-2021-39249Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function. CVE-2021-39203WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release. CVE-2021-39202WordPress is a free and open-source content management system written in Canon mf8180c error codes and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8. CVE-2021-39201WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress) CVE-2021-39200WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix. CVE-2021-38752A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. CVE-2021-38341The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. CVE-2021-38339The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. CVE-2021-38337The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, dle fatal error load_template on a non-object, in versions up to and including 1.1. CVE-2021-38336The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Dle fatal error load_template on a non-object due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. CVE-2021-38335The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, dle fatal error load_template on a non-object, in versions up to and including 1.0. CVE-2021-38333The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. CVE-2021-38332The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. CVE-2021-38330The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. CVE-2021-38329The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. CVE-2021-38328The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. CVE-2021-38327The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. CVE-2021-38320The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0. CVE-2021-38319The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions squid transparent ssl_error_rx_record_too_long to and including 0.0.2. CVE-2021-38314The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site&#8217;s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`. CVE-2021-37770Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, dle fatal error load_template on a non-object, so as to take down website resources. CVE-2021-37626Contao is an open source CMS that allows you dle fatal error load_template on a non-object create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify fields that are shown in the front end. Update to Contao 4.4.56, 4.9.18 or 4.11.7 to resolve. If you cannot update then disable the login for untrusted back end registration-activation error max 2009. CVE-2021-37372Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution. CVE-2021-37221A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. CVE-2021-37144CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. CVE-2021-36800Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the product. CVE-2021-36766Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. CVE-2021-36697With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request. CVE-2021-36560Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. CVE-2021-36548A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. CVE-2021-36547A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. CVE-2021-3603PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), httpd.exe syntax error cannot load the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names. CVE-2021-34812Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. CVE-2021-34667The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. CVE-2021-34663The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5. CVE-2021-34658The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7. CVE-2021-34653The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9. CVE-2021-34644The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7. CVE-2021-34643The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web dle fatal error load_template on a non-object, in versions up to and including 1.3.2. CVE-2021-34640The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, dle fatal error load_template on a non-object, in versions up to and including 3.5.4, dle fatal error load_template on a non-object. CVE-2021-34637The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5. CVE-2021-34257Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. CVE-2021-34128LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ././././phpinfo.php pathname. CVE-2021-34073A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php. CVE-2021-33898In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes, dle fatal error load_template on a non-object. In certain contexts, dle fatal error load_template on a non-object, this can result in remote code execution. The attacker's input must be hosted at http://www.geoplugin.net (cleartext HTTP), and thus a successful attack requires spoofing that site or obtaining control of it. CVE-2021-33816The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism autocad2012 internal error namespace mismatch which system, exec, and shell_exec are blocked but backticks are not blocked. CVE-2021-32924Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. CVE-2021-32831Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed hp error 54.14 version 3.4.9. CVE-2021-3277Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. CVE-2021-32768TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described. CVE-2021-32767TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text, dle fatal error load_template on a non-object. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability. CVE-2021-32737Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating. CVE-2021-32708Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially nx6 error - 18 a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1. CVE-2021-32696The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS. CVE-2021-32693Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it, dle fatal error load_template on a non-object. CVE-2021-32682elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. CVE-2021-32669TYPO3 is an fatal error class xsltprocessor not found source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability. CVE-2021-32668TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, dle fatal error load_template on a non-object, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability, dle fatal error load_template on a non-object. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue. CVE-2021-32667TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue. CVE-2021-32650October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to xconfig error 2 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. CVE-2021-32649October CMS is a self-hosted content management system (CMS) platform error field has incomplete type qt on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, dle fatal error load_template on a non-object, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. CVE-2021-32648octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. CVE-2021-32630Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could rename the php shell with a .phar extension, visit the file, triggering the payload for a reverse/bind shell. This can be mitigated by excluding a .phar file extension to be uploaded (like you did with .php .phtml .php5 etc). The vulnerability is patched in version 4.0.4. CVE-2021-31933A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g. phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution. CVE-2021-31769MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. CVE-2021-31731A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ./ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. CVE-2021-31646Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack. CVE-2021-3120An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a dle fatal error load_template on a non-object path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images. CVE-2021-30461A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php, dle fatal error load_template on a non-object. CVE-2021-30177There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE. CVE-2021-30149Composr 10.0.36 allows upload and execution of PHP files. CVE-2021-30124The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder. CVE-2021-3007** DISPUTED ** Laminas Dle fatal error load_template on a non-object laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized. CVE-2021-29641Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com). CVE-2021-29625Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`). CVE-2021-29487octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package zn5 critical error febe 0047 attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5. CVE-2021-29476Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. CVE-2021-29472Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, dle fatal error load_template on a non-object, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives sql error 17002 sqlstate 08006 also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue. CVE-2021-29454Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. CVE-2021-29447Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading dle fatal error load_template on a non-object XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. CVE-2021-29436Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, dle fatal error load_template on a non-object, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed(). CVE-2021-29377Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt. CVE-2021-29090Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users dle fatal error load_template on a non-object execute arbitrary SQL command via unspecified vectors. CVE-2021-29055Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. CVE-2021-28428File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE. CVE-2021-28132LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI. CVE-2021-27811A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php. CVE-2021-27230ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. CVE-2021-26938** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the PHP version running on this hosts. CVE-2021-26800Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. CVE-2021-26794Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file, dle fatal error load_template on a non-object. CVE-2021-26753NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data. CVE-2021-26595** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, dle fatal error load_template on a non-object, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. CVE-2021-25780An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. CVE-2021-25294OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, dle fatal error load_template on a non-object, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp, dle fatal error load_template on a non-object. CVE-2021-25119The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE CVE-2021-25094The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, dle fatal error load_template on a non-object, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. CVE-2021-25053The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. CVE-2021-25052The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu error code 980 allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. CVE-2021-25051The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. CVE-2021-25004The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. CVE-2021-25003The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE CVE-2021-24998The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation, dle fatal error load_template on a non-object. CVE-2021-24981The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. CVE-2021-24962The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. CVE-2021-24950The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks CVE-2021-24884The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited. CVE-2021-24857The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain. CVE-2021-24825The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs. htaccess etc), dle fatal error load_template on a non-object, as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed) CVE-2021-24820The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout CVE-2021-24790The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize() function without dle fatal error load_template on a non-object first validated. CVE-2021-24721The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations. CVE-2021-24663The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE CVE-2021-24620The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload dle fatal error load_template on a non-object malicious PHP file, which would lead to RCE CVE-2021-24579The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other kyocera mita error codes plugins dle fatal error load_template on a non-object the blog could allow such issue to be exploited and lead to RCE in some cases. CVE-2021-24546The Gutenberg Block Editor Toolkit &#8211; EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code CVE-2021-24537The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin. CVE-2021-24534The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "php_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue. CVE-2021-24499The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the dle fatal error load_template on a non-object directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts. CVE-2021-24498The Calendar Event Multi View WordPress plugin before 1.4.01 visual studio error cvt1100 not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue. CVE-2021-24493The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading to RCE CVE-2021-24430

source: trac.git/trac/env.py@ ed1e46e5

1# -*- coding: utf-8 -*-2#3# Copyright (C) 2003-2020 Edgewall Software4# Copyright (C) 2003-2007 Jonas Borgström <[email protected]>5# All rights reserved.6#7# This software is licensed as described in the file COPYING, which8# you should have received as part of this distribution. The terms9# are also available at https://trac.edgewall.org/wiki/TracLicense.10#11# This software consists of voluntary contributions made by many12# individuals. For the exact contribution history, see the revision13# history and logs, available at https://trac.edgewall.org/log/.14#15# Author: Jonas Borgström <[email protected]>1617"""Trac Environment model and related APIs."""1819fromcontextlibimportcontextmanager20importhashlib21importos.path22importsetuptools23importshutil24importsys25importtime26fromConfigParserimportRawConfigParser27fromsubprocessimportPIPE28fromtempfileimportmkdtemp29fromurlparseimporturlsplit3031fromtracimportlog32fromtrac.admin.apiimport(AdminCommandError,IAdminCommandProvider,33get_dir_list)34fromtrac.apiimportIEnvironmentSetupParticipant,ISystemInfoProvider35fromtrac.cacheimportCacheManager,cached36fromtrac.configimportBoolOption,ChoiceOption,ConfigSection, \ 37Configuration,IntOption,Option,PathOption38fromtrac.coreimportComponent,ComponentManager,ExtensionPoint, \ 39TracBaseError,TracError,implements40fromtrac.db.apiimport(DatabaseManager,QueryContextManager,41TransactionContextManager,parse_connection_uri)42fromtrac.db.convertimportcopy_tables43fromtrac.loaderimportload_components44fromtrac.utilimportas_bool,backup_config_file,copytree,create_file, \ 45get_pkginfo,is_path_below,lazy,makedirs46fromtrac.util.compatimportPopen,close_fds47fromtrac.util.concurrencyimportthreading48fromtrac.util.datefmtimportpytz49fromtrac.util.textimportexception_to_unicode,path_to_unicode,printerr, \ 50printferr,printfout,printout51fromtrac.util.translationimport_,N_52fromtrac.web.chromeimportChrome53fromtrac.web.hrefimportHref5455__all__=['Environment','IEnvironmentSetupParticipant','open_environment']565758# Content of the VERSION file in the environment59_VERSION='Trac Environment Version 1'606162classBackupError(TracBaseError,RuntimeError):63"""Exception raised during an upgrade when the DB backup fails."""646566classEnvironment(Component,ComponentManager):67"""Trac environment manager.6869 Trac stores project information in a Trac environment, dle fatal error load_template on a non-object. It consists70 of a directory structure containing among other things:7172 * a configuration file,73 rm cannot remove file input/output error * project-specific templates and plugins,74 * the wiki and ticket attachments files,75 * the SQLite database file (stores tickets, wiki pages.)76 in case the database backend is SQLite7778 """7980implements(ISystemInfoProvider)8182required=True8384system_info_providers=ExtensionPoint(ISystemInfoProvider)85setup_participants=ExtensionPoint(IEnvironmentSetupParticipant)8687components_section=ConfigSection('components',88"""Enable or disable components provided by Trac and plugins.89 The component to enable/disable is specified by the option name.90 The enabled state is determined by the option value: setting91 the value to `enabled` or `on` will enable the component, any92 other value (typically `disabled` or `off`) will disable the93 component.9495 The option name is either the fully qualified name of the96 component or the module/package prefix of dle fatal error load_template on a non-object component. The97 former enables/disables a specific component, while the latter98 enables/disables any component in the specified package/module.99100 Consider the following configuration snippet:101 {{{#!ini102 [components]103 trac.ticket.report.ReportModule = disabled104 acct_mgr.* = enabled105 }}}106107 The first option tells Trac to disable the108 [TracReports report module].109 The second option instructs Trac to enable all components in110 the `acct_mgr` package. The trailing wildcard is required for111 module/package matching.112113 To view the list of active components, go to the ''Plugins''114 section of ''About Trac'' (requires `CONFIG_VIEW`115 [TracPermissions permission]).116117 See also: TracPlugins118 """)119120shared_plugins_dir=PathOption('inherit','plugins_dir','',121"""Path to the //shared plugins directory//.122123 Plugins in that directory are loaded in addition to those in124 the directory of the environment `plugins`, with this one125 taking precedence.126127 Non-absolute paths are relative to the Environment `conf`128 directory.129 """)130131base_url=Option('trac','base_url','',132"""Base URL of the Trac site.133134 This is used to produce documents outside of the web browsing135 context, such as URLs in notification e-mails that point to136 Trac resources.137 """)138139base_url_for_redirect=BoolOption('trac','use_base_url_for_redirect',140False,141"""Optionally use `[trac] base_url` for redirects.142143 In some configurations, usually involving running Trac behind144 a HTTP proxy, Trac can't automatically reconstruct the URL145 that is used to access it. You may need to use this option to146 force Trac to use the `base_url` setting also for147 redirects. This introduces the obvious limitation that this148 environment will only be usable when accessible from that URL,149 as redirects are frequently used.150 """)151152secure_cookies=BoolOption('trac','secure_cookies',False,153"""Restrict cookies to HTTPS connections.154155 When true, set the `secure` flag on all cookies so that they156 are only sent to the server on HTTPS connections. Use this if157 your Trac instance is only accessible through HTTPS.158 """)159160anonymous_session_lifetime=IntOption(161'trac','anonymous_session_lifetime','90',162"""Lifetime of the anonymous session, in days.163164 Set the option to 0 to disable purging old anonymous sessions.165 (''since 1.0.17'')""")166167project_name=Option('project','name','My Project',168"""Name of the project.""")169170project_description=Option('project','descr','My example project',171"""Short description of the project.""")172173project_url=Option('project','url','',174"""URL of the project web site.175176 This is usually the domain in which the `base_url` resides.177 For example, the project URL might be !https://myproject.com,178 with the Trac site (`base_url`) residing at either179 !https://trac.myproject.com or !https://myproject.com/trac.180 The project URL is added to the footer of notification e-mails.181 """)182183project_admin=Option('project','admin','',184"""E-Mail address of the project's administrator.""")185186project_admin_trac_url=Option('project','admin_trac_url','.',187"""Base URL of a Trac instance where errors in this Trac188 should be reported.189190 This can be an absolute or relative URL, or '.' error code 0x80070241 vista reference191 this Trac instance. An empty value will disable the reporting192 buttons.193 """)194195project_footer=Option('project','footer',196N_('Visit the Trac open source project at<br />'197'<a href="https://trac.edgewall.org/">'198'https://trac.edgewall.org/</a>'),199"""Page footer text (right-aligned).""")200201project_icon=Option('project','icon','common/trac.ico',202"""URL of the icon of the project.""")203204log_type=ChoiceOption('logging','log_type',205log.LOG_TYPES+log.LOG_TYPE_ALIASES,206"""Logging facility to use.207208 Should be one of (`none`, `file`, `stderr`, `syslog`, dle fatal error load_template on a non-object, `winlog`).""",209case_sensitive=False)210211log_file=Option('logging','log_file','trac.log',212"""If `log_type` is `file`, this should be a path to the213 log-file. Relative paths are resolved relative to the `log`214 directory of the environment.""")215216log_level=ChoiceOption('logging','log_level',217log.LOG_LEVELS+log.LOG_LEVEL_ALIASES,218"""Level of verbosity in log.219220 Should be one of (`CRITICAL`, dle fatal error load_template on a non-object, `ERROR`, `WARNING`, `INFO`, `DEBUG`).221 """,case_sensitive=False)222223log_format=Option('logging','log_format',None,224"""Custom logging format.225226 If nothing is set, the following will be used:227228 `Trac[$(module)s] $(levelname)s: $(message)s`229230 In addition to regular key names supported by the231 [http://docs.python.org/library/logging.html Python logger library]232 one could use:233234 - `$(path)s` the path for the current environment235 - `$(basename)s` the last path component of the current environment236 - `$(project)s` the project name237238 Note the usage of `$(.)s` instead of `%(.)s` as the latter form239 would be interpreted by the !ConfigParser itself.240241 Example:242 `($(thread)d) Trac[$(basename)s:$(module)s] $(levelname)s: $(message)s`243 """)244245def__init__(self,path,create=False,options=[],default_data=True):246"""Initialize the Trac environment.247248 :param path: the absolute path to the Trac environment249 :param create: if `True`, the environment is created and otherwise,250 the environment is expected to already exist.251 :param options: A list of `(section, name, value)` tuples that252 define configuration options253 :param default_data: if `True` (the default), the environment is254 populated with default data when created.255 """256ComponentManager.__init__(self)257258self.path=os.path.normpath(os.path.normcase(path))259self.log=None260self.config=None261262ifcreate:263self.create(options,default_data)264forsetup_participantinself.setup_participants:265setup_participant.environment_created()266else:267self.verify()268self.setup_config()269270def__repr__(self):271return'<%s%r>'%(self.__class__.__name__,self.path)272273@lazy274defname(self):275"""The environment name.276277 :since: 1.2278 """279returnos.path.basename(self.path)280281@property282defenv(self):283"""Property returning the `Environment` object, which is often284 required for functions and methods that take a `Component` instance.285 """286# The cached decorator requires the object have an `env` attribute.287returnself288289@property290defsystem_info(self):291"""List of `(name, version)` tuples describing the name and292 version information of external packages used by Trac and plugins.293 """294info=[]295forproviderinself.system_info_providers:296info.extend(provider.get_system_info()or[])297returnsorted(set(info),298key=lambdaargs:(args[0]!='Trac',args[0].lower()))299300# ISystemInfoProvider methods301302defget_system_info(self):303yield'Trac',self.trac_version304yield'Python',sys.version305yield'setuptools',setuptools.__version__306ifpytzisnotNone:307yield'pytz',pytz.__version__308ifhasattr(self,'webfrontend_version'):309yieldself.webfrontend,self.webfrontend_version310311defcomponent_activated(self,component):312"""Initialize additional member variables for components.313314 Every component activated through the `Environment` object315 gets three member variables: `env` (the environment object),316 `config` (the environment configuration) and `log` (a logger317 object)."""318component.env=self319component.config=self.config320component.log=self.log321322def_component_name(self,name_or_class):323name=name_or_class324ifnotisinstance(name_or_class,basestring):325name=name_or_class.__module__+'.'+name_or_class.__name__326returnname.lower()327328@lazy329def_component_rules(self):330_rules={}331forname,valueinself.components_section.options():332name=name.rstrip('.*').lower()333_rules[name]=as_bool(value)334return_rules335336defis_component_enabled(self,cls):337"""Implemented to only allow activation of components that are338 not disabled in the configuration.339340 This is called by the `ComponentManager` base class when a341 component is about to be activated. If this method returns342 `False`, the component does not get activated. If it returns343 `None`, the component only gets activated if it is located in344 the `plugins` directory of the environment.345 """346component_name=self._component_name(cls)347348rules=self._component_rules349cname=component_name350whilecname:351enabled=rules.get(cname)352ifenabledisnotNone:353returnenabled354idx=cname.rfind('.')355ifidx<0:356break357cname=cname[:idx]358359# By default, all components in the trac package except360# in trac.test or trac.tests are enabled361returncomponent_name.startswith('trac.')and \ 362notcomponent_name.startswith('trac.test.')and \ 363notcomponent_name.startswith('trac.tests.')orNone364365defenable_component(self,cls):366"""Enable a component or module."""367self._component_rules[self._component_name(cls)]=True368super(Environment,self).enable_component(cls)369370@contextmanager371defcomponent_guard(self,component,reraise=False):372"""Traps any runtime exception raised when working with a component373 and logs the error.374375 :param component: the component responsible for any error that376 could happen inside the context377 :param reraise: if `True`, an error is logged but not suppressed.378 By default, errors are suppressed.379380 """381try:382yield383exceptTracErrorase:384self.log.warning("Component %s failed with %s",385component,exception_to_unicode(e))386ifreraise:387raise388exceptExceptionase:389self.log.error("Component %s failed with %s",component,390exception_to_unicode(e,traceback=True))391ifreraise:392raise393394defverify(self):395"""Verify that the provided path points to a valid Trac environment396 directory."""397try:398withopen(os.path.join(self.path,'VERSION'))asf:399tag=f.readline().rstrip('\n')400exceptExceptionase:401raiseTracError(_("No Trac environment found at %(path)s\n"402"%(e)s",403path=self.path,e=exception_to_unicode(e)))404iftag!=_VERSION:405raiseTracError(_("Unknown Trac environment type '%(type)s'",406type=tag))407408@lazy409defdb_exc(self):410"""Return an object (typically a module) containing all the411 backend-specific exception types as attributes, named412 according to the Python Database API413 error runtime error 2 at 00004ad4 To catch a database exception, dle fatal error load_template on a non-object, use the following pattern::416417 try:418 with env.db_transaction as db:419 .420 except env.db_exc.IntegrityError as e:421 .422 """423returnDatabaseManager(self).get_exceptions()424425@property426defdb_query(self):427"""Return a context manager428 (`~trac.db.api.QueryContextManager`) which can be used to429 obtain a read-only database connection.430431 Example::432433 with env.db_query as db:434 dle fatal error load_template on a non-object cursor = db.cursor()435 cursor.execute("SELECT .")436 for row in cursor.fetchall():437 mysql error 2013 .438439 Note that a connection retrieved this way can be "called"440 directly in order to execute a query::441442 with env.db_query as db:443 dle fatal error load_template on a non-object for row in db("SELECT ."):444 .445446 :warning: after a `with env.db_query as db` block, though the447 `db` variable is still defined, you shouldn't use it as it448 might have been closed when exiting the context, if this449 context was the outermost context (`db_query` or450 `db_transaction`).451452 If you don't need to manipulate the connection itself, this453 can even be simplified to::454455 for row in env.db_query("SELECT ."):456 .457458 """459returnQueryContextManager(self)460461@property462defdb_transaction(self):463"""Return a context manager464 (`~trac.db.api.TransactionContextManager`) which can be used465 to obtain a writable database connection.466467 Example::468469 with env.db_transaction as db:470 cursor = db.cursor()471 cursor.execute("UPDATE .")472473 Upon successful exit of the context, the context manager will474 commit the transaction. Corel x5 error 1316 case of nested contexts, only the475 outermost context performs a commit. However, should an476 exception happen, any context manager will perform a rollback.477 You should *not* call `commit()` yourself within such block,478 as this will force a commit even if that transaction is part479 of a larger transaction.480481 Like for its read-only counterpart, you can directly execute a482 DML query on the `db`::483484 with env.db_transaction as db:485 db("UPDATE .")486487 :warning: after a `with env.db_transaction` as db` block,488 though the `db` variable is still available, you shouldn't489 use it as it might have been closed when exiting the490 context, if this context was the outermost context491 (`db_query` or `db_transaction`).492493 If you don't need to manipulate the connection itself, this494 can also be simplified to::495496 dle fatal error load_template on a non-object env.db_transaction("UPDATE .")497498 """499returnTransactionContextManager(self)500501defshutdown(self,tid=None):502"""Close the environment."""503fromtrac.versioncontrol.apiimportRepositoryManager504RepositoryManager(self).shutdown(tid)505DatabaseManager(self).shutdown(tid)506iftidisNone:507log.shutdown(self.log)508509defcreate(self,options=[],default_data=True):510"""Create the basic directory structure of the environment,511 initialize the database and populate the configuration file512 with default values.513514 If options contains ('inherit', 'file'), default values will515 not be loaded; they are expected to be provided by that file516 or other options.517518 :raises TracError: if the base directory of `path` does not exist.519 :raises TracError: if `path` exists and is not empty.520 """521base_dir=os.path.dirname(self.path)522ifnotos.path.exists(base_dir):523raiseTracError(_(524"Base directory '%(env)s' does not exist. Please create it "525"and retry.",env=base_dir))526527ifos.path.exists(self.path)andos.listdir(self.path):528raiseTracError(_("Directory exists and is not empty."))529530# Create the directory structure531ifnotos.path.exists(self.path):532os.mkdir(self.path)533os.mkdir(self.htdocs_dir)534os.mkdir(self.log_dir)535os.mkdir(self.plugins_dir)536os.mkdir(self.templates_dir)537538# Create a few files539create_file(os.path.join(self.path,'VERSION'),_VERSION+'\n')540create_file(os.path.join(self.path,'README'),541'This directory contains a Trac environment.\n'542'Visit https://trac.edgewall.org/ for more information.\n')543544# Setup the default configuration545os.mkdir(self.conf_dir)546config=Configuration(self.config_file_path)547forsection,name,valueinoptions:548config.set(section,name,value)549config.save()550self.setup_config()551ifnotany((section,option)==('inherit','file')552forsection,option,valueinoptions):553self.config.set_defaults(self)554self.config.save()555556# Create the sample configuration557create_file(self.config_file_path+'.sample')558self._update_sample_config()559560# Oracle raise application error the database561dbm=DatabaseManager(self)562dbm.init_db()563ifdefault_data:564dbm.insert_default_data()565566@lazy567defdatabase_version(self):568"""Returns the current version of the database.569570 :since 1.0.2:571 """572returnDatabaseManager(self) \ 573.get_database_version('database_version')574575@lazy576defdatabase_initial_version(self):577"""Returns the version of the database at the time of creation.578579 In practice, for a database created before 0.11, this will580 return `False` which is "older" than any db version number.581582 :since 1.0.2:583 """584returnDatabaseManager(self) \ 585.get_database_version('initial_database_version')586587@lazy588deftrac_version(self):589"""Returns the version of Trac.590 :since: 1.2591 """592fromtracimportcore,__version__593returnget_pkginfo(core).get('version',__version__)594595defsetup_config(self):596"""Load the configuration file."""597self.config=Configuration(self.config_file_path,598{'envname':self.name})599ifnotself.config.exists:600raiseTracError(_("The configuration file is not found at "601"%(path)s",path=self.config_file_path))602self.setup_log()603plugins_dir=self.shared_plugins_dir604load_components(self,plugins_dirand(plugins_dir,))605606@lazy607defconfig_file_path(self):608"""Path of the trac.ini file."""609returnos.path.join(self.conf_dir,'trac.ini')610611@lazy612deflog_file_path(self):613"""Path to the log file."""614ifnotos.path.isabs(self.log_file):615returnos.path.join(self.log_dir,self.log_file)616returnself.log_file617618def_get_path_to_dir(self,*dirs):619path=self.path620fordirindirs:621path=os.path.join(path,dir)622returnos.path.realpath(path)623624@lazy625defattachments_dir(self):626"""Absolute path to the attachments directory.627628 :since: 1.3.1629 """630returnself._get_path_to_dir('files','attachments')631632@lazy633defconf_dir(self):634"""Absolute path to the conf directory.635636 :since: 1.0.11637 """638returnself._get_path_to_dir('conf')639640@lazy641deffiles_dir(self):642"""Absolute path to the files directory.643644 :since: 1.3.2645 """646returnself._get_path_to_dir('files')647648@lazy649defhtdocs_dir(self):650"""Absolute path to the htdocs directory.651652 dle fatal error load_template on a non-object 1.0.11653 award bios bios rom checksum errorystem halted """654returnself._get_path_to_dir('htdocs')655656@lazy657deflog_dir(self):658"""Absolute path to the log directory.659660 :since: 1.0.11661 """662returnself._get_path_to_dir('log')663664@lazy665defplugins_dir(self):666"""Absolute path to the plugins directory.667668 :since: 1.0.11669 """670returnself._get_path_to_dir('plugins')671672@lazy673deftemplates_dir(self):674"""Absolute path to the templates directory.675676 :since: 1.0.11677 """678returnself._get_path_to_dir('templates')679680defsetup_log(self):681"""Initialize the logging sub-system."""682self.log,log_handler= \ 683self.create_logger(self.log_type,self.log_file_path,684self.log_level,self.log_format)685self.log.addHandler(log_handler)686self.log.info('-'*32+' environment startup [Trac %s] '+'-'*32,687self.trac_version)688689defcreate_logger(self,log_type,log_file,log_level,log_format):690log_id='Trac.%s'%hashlib.sha1(self.path).hexdigest()691iflog_format:692log_format=log_format.replace('$(','%(') \ 693.replace('%(path)s',self.path) \ 694.replace('%(basename)s',self.name) \ 695.replace('%(project)s',self.project_name)696returnlog.logger_handler_factory(log_type,log_file,log_level,697log_id,format=log_format)698699defget_known_users(self,as_dict=False):700"""Returns information about all known users, i.e. users that701 have logged in to this Trac environment and possibly set their702 name and email.703704 By default this function returns system error 32007 iterator that yields one705 tuple for every user, of the form (username, name, email),706 ordered alpha-numerically by username. When `as_dict` is `True`707 the function returns a dictionary mapping username to a708 (name, dle fatal error load_template on a non-object, email) tuple.709710 :since 1.2: the `as_dict` parameter is available.711 p2k advanced editor - 1 error """712returnself._known_users_dictifas_dictelseiter(self._known_users)713714@cached715def_known_users(self):716returnself.db_query("""717 SELECT DISTINCT s.sid, n.value, e.value718 FROM session AS s719 LEFT JOIN session_attribute AS n ON (n.sid=s.sid720 AND n.authenticated=1 AND n.name = 'name')721 LEFT JOIN session_attribute AS e ON (e.sid=s.sid722 AND e.authenticated=1 AND e.name = 'email')723 WHERE s.authenticated=1 ORDER BY s.sid724 """)725726@cached727def_known_users_dict(self):728return{u[0]:(u[1],u[2])foruinself._known_users}729730definvalidate_known_users_cache(self):731"""Clear the known_users cache."""732delself._known_users733delself._known_users_dict734735defbackup(self,dest=None):736"""Create a backup of the database.737738 :param dest: Destination file; if not specified, the backup is739 stored in a file called db_name.trac_version.bak740 """741returnDatabaseManager(self).backup(dest)742743defneeds_upgrade(self):744"""Return whether the environment needs to be upgraded."""745forparticipantinself.setup_participants:746try:747withself.component_guard(participant,reraise=True):748ifparticipant.environment_needs_upgrade():749self.log.warning(750"Component %s requires an environment upgrade",751participant)752returnTrue753exceptExceptionase:754raiseTracError(_("Unable to check for upgrade of "755"%(module)s.%(name)s: %(err)s",756module=participant.__class__.__module__,757name=participant.__class__.__name__,758err=exception_to_unicode(e)))759returnFalse760761defupgrade(self,backup=False,backup_dest=None):762"""Upgrade database.763764 :param backup: whether or not to backup before upgrading765 :param backup_dest: name of the backup file766 :return: whether the upgrade was performed767 """768upgraders=[]769forparticipantinself.setup_participants:770withself.component_guard(participant,reraise=True):771ifparticipant.environment_needs_upgrade():772upgraders.append(participant)773ifnotupgraders:774return775776ifbackup:777try:778self.backup(backup_dest)779exceptExceptionase:780raiseBackupError(e)781782forparticipantinupgraders:783self.log.info("upgrading %s.",participant)784withself.component_guard(participant,reraise=True):785participant.upgrade_environment()786# Database schema may have changed, so close all connections787dbm=DatabaseManager(self)788ifdbm.connection_uri!='sqlite::memory:':789dbm.shutdown()790791self._update_sample_config()792delself.database_version793returnTrue794795@lazy796defhref(self):797"""The application root path"""798returnHref(urlsplit(self.abs_href.base).path)799800@lazy801defabs_href(self):802"""The application URL"""803ifnotself.base_url:804self.log.warning("[trac] base_url option not set in "805"configuration, generated links may be incorrect")806returnHref(self.base_url)807808def_update_sample_config(self):809filename=os.path.join(self.config_file_path+'.sample')810ifnotos.path.isfile(filename):811return812config=Configuration(filename)813config.set_defaults()814try:815config.save()816exceptEnvironmentErrorase:817self.log.warning("Couldn't write sample configuration file (%s)%s",818e,exception_to_unicode(e,traceback=True))819else:820self.log.info("Wrote sample configuration file with the new "821"settings and their default values: %s",822filename)823824825env_cache={}826env_cache_lock=threading.Lock()827828829defopen_environment(env_path=None,use_cache=False):830"""Open an existing environment object, and verify that the database is up831 to date.832833 :param env_path: absolute path to the environment directory; if834 omitted, the value of the `TRAC_ENV` environment835 variable is used836 :param use_cache: whether the environment should be cached for837 subsequent invocations of this function838 :return: the `Environment` object839 """840ifnotenv_path:841env_path=os.getenv('TRAC_ENV')842ifnotenv_path:843raiseTracError(_('Missing environment variable "TRAC_ENV". '844'Trac requires this variable to point to a valid '845'Trac environment.'))846847ifuse_cache:848withenv_cache_lock:849env=env_cache.get(env_path)850ifenvandenv.config.parse_if_needed():851# The environment configuration has changed, so shut it down852# and remove it from the cache so that it gets reinitialized853env.log.info('Reloading environment due to configuration '854'change')855env.shutdown()856delenv_cache[env_path]857env=None858ifenvisNone:859env=env_cache.setdefault(env_path,860open_environment(env_path))861else:862CacheManager(env).reset_metadata()863else:864env=Environment(env_path)865try:866needs_upgrade=env.needs_upgrade()867exceptTracErrorase:868env.log.error("Exception caught while checking for upgrade: %s",869exception_to_unicode(e))870raise871exceptExceptionase:# e.g. no database connection872env.log.error("Exception caught while checking for upgrade: %s",873exception_to_unicode(e,traceback=True))874raise875else:876ifneeds_upgrade:877raiseTracError(_('The Trac Environment needs to be upgraded. '878'Run:\n\n trac-admin "%(path)s" upgrade',879path=env_path))880881returnenv882883884classEnvironmentAdmin(Component):885"""trac-admin command provider for environment administration."""886887implements(IAdminCommandProvider)888889# IAdminCommandProvider methods890891defget_admin_commands(self):892yield('convert_db','<dburi> [new_env]',893"""Convert database894895 Converts the database backend in the environment in which896 the command is run (in-place), or in a new copy of the897 environment. For an in-place dle fatal error load_template on a non-object, the data is898 copied to the database specified in <dburi> and the899 [trac] database setting is changed to point to the new900 database. The new database must be empty, dle fatal error load_template on a non-object, which for an901 SQLite database means the file should not exist. The data902 in the existing database is left unmodified.903904 For a database conversion in a new copy of the environment,905 the environment in which the command is executed is copied906 dle fatal error load_template on a non-object and the [trac] database setting is changed in the new907 environment. The existing environment is left unmodified.908909 Be sure to create a backup (see `hotcopy`) before converting910 the database, particularly when doing an in-place conversion.911 """,912self._complete_convert_db,self._do_convert_db)913yield('deploy','<directory>',914'Extract static resources from Trac and all plugins',915None,self._do_deploy)916yield('hotcopy','<backupdir> [--no-database]',917"""Make a hot backup copy of an environment918919 The database is backed up to the 'db' directory of the920 destination, unless the --no-database option is921 specified.922 """,923None,self._do_hotcopy)924yield('upgrade','[--no-backup]',925"""Upgrade database to current version926927 The database is backed up to the directory specified by [trac]928 backup_dir (the default is 'db'), unless the --no-backup929 option is specified. The shorthand alias -b can also be used930 dle fatal error load_template on a non-object specify --no-backup.931 """,932None,self._do_upgrade)933934def_do_convert_db(self,dburi,env_path=None):935ifenv_path:936returnself._do_convert_db_in_new_env(dburi,env_path)937else:938returnself._do_convert_db_in_place(dburi)939940def_complete_convert_db(self,args):941iflen(args)==2:942returnget_dir_list(args[1])943944def_do_deploy(self,dest):945target=os.path.normpath(dest)946chrome_target=os.path.join(target,'htdocs')947script_target=os.path.join(target,'cgi-bin')948chrome=Chrome(self.env)949950# Check source and destination to avoid recursively copying files951forproviderinchrome.template_providers:952paths=list(provider.get_htdocs_dirs()or[])953ifnotpaths:954continue955forkey,rootinpaths:956ifnotroot:957continue958source=os.path.normpath(root)959dest=os.path.join(chrome_target,key)960ifos.path.exists(source)andis_path_below(dest,source):961raiseAdminCommandError(962_("Resources cannot be deployed to a target "963"directory that is equal to or below the source "964"directory '%(source)s'.\n\nPlease choose a "965"different target directory and try again.",966source=source))967968# Copy static content969makedirs(target,overwrite=True)970makedirs(chrome_target,overwrite=True)971printout(_("Copying resources from:"))972forproviderinchrome.template_providers:973paths=list(provider.get_htdocs_dirs()or[])974ifnotpaths:975continue976printout(' %s.%s'%(provider.__module__,977provider.__class__.__name__))978forkey,rootinpaths:979ifnotroot:980continue981source=os.path.normpath(root)982printout(' ',source)983ifos.path.exists(source):984dest=os.path.join(chrome_target,key)985copytree(source,dest,overwrite=True)986987# Create and copy scripts988makedirs(script_target,overwrite=True)989printout(_("Creating scripts."))990data={'env':self.env,'executable':sys.executable,'repr':repr}991forscriptin('cgi','fcgi','wsgi'):992dest=os.path.join(script_target,'trac.'+script)993template=chrome.load_template('deploy_trac.'+script,text=True)994text=chrome.render_template_string(template,data,text=True)995996withopen(dest,'w')asout:997out.write(text.encode('utf-8'))998999def_do_hotcopy(self,dest,no_db=None):1000ifno_dbnotin(None,'--no-database'):1001raiseAdminCommandError(_("Invalid argument '%(arg)s'",arg=no_db),1002show_usage=True)10031004ifos.path.exists(dest):1005raiseTracError(_("hotcopy can't overwrite existing '%(dest)s'",1006dest=path_to_unicode(dest)))10071008printout(_("Hotcopying listtv import jtv error to %(dst)s .",1009src=path_to_unicode(self.env.path),1010dst=path_to_unicode(dest)))1011db_str=self.env.config.get('trac','database')1012prefix,db_path=db_str.split(':',1)1013skip=[]10141015ifprefix=='sqlite':1016db_path=os.path.join(self.env.path,os.path.normpath(db_path))1017# don't copy the journal (also, this would fail on Windows)1018skip=[db_path+'-journal',db_path+'-stmtjrnl',1019db_path+'-shm',db_path+'-wal']1020ifno_db:1021skip.append(db_path)10221023# Bogus statement to lock the database while copying files1024withself.env.db_transactionasdb:1025db("UPDATE "+db.quote('system')

Dle fatal error load_template on a non-object - really

source: trac.git/trac/env.py@ ed1e46e5

1# -*- coding: utf-8 -*-2#3# Copyright (C) 2003-2020 Edgewall Software4# Copyright (C) 2003-2007 Jonas Borgström <[email protected]>5# All rights reserved.6#7# This software is licensed as described in the file COPYING, which8# you should have received as part of this distribution. The terms9# are also available at https://trac.edgewall.org/wiki/TracLicense.10#11# This software consists of voluntary contributions made by many12# individuals. For the exact contribution history, see the revision13# history and logs, available at https://trac.edgewall.org/log/.14#15# Author: Jonas Borgström <[email protected]>1617"""Trac Environment model and related APIs."""1819fromcontextlibimportcontextmanager20importhashlib21importos.path22importsetuptools23importshutil24importsys25importtime26fromConfigParserimportRawConfigParser27fromsubprocessimportPIPE28fromtempfileimportmkdtemp29fromurlparseimporturlsplit3031fromtracimportlog32fromtrac.admin.apiimport(AdminCommandError,IAdminCommandProvider,33get_dir_list)34fromtrac.apiimportIEnvironmentSetupParticipant,ISystemInfoProvider35fromtrac.cacheimportCacheManager,cached36fromtrac.configimportBoolOption,ChoiceOption,ConfigSection, \ 37Configuration,IntOption,Option,PathOption38fromtrac.coreimportComponent,ComponentManager,ExtensionPoint, \ 39TracBaseError,TracError,implements40fromtrac.db.apiimport(DatabaseManager,QueryContextManager,41TransactionContextManager,parse_connection_uri)42fromtrac.db.convertimportcopy_tables43fromtrac.loaderimportload_components44fromtrac.utilimportas_bool,backup_config_file,copytree,create_file, \ 45get_pkginfo,is_path_below,lazy,makedirs46fromtrac.util.compatimportPopen,close_fds47fromtrac.util.concurrencyimportthreading48fromtrac.util.datefmtimportpytz49fromtrac.util.textimportexception_to_unicode,path_to_unicode,printerr, \ 50printferr,printfout,printout51fromtrac.util.translationimport_,N_52fromtrac.web.chromeimportChrome53fromtrac.web.hrefimportHref5455__all__=['Environment','IEnvironmentSetupParticipant','open_environment']565758# Content of the VERSION file in the environment59_VERSION='Trac Environment Version 1'606162classBackupError(TracBaseError,RuntimeError):63"""Exception raised during an upgrade when the DB backup fails."""646566classEnvironment(Component,ComponentManager):67"""Trac environment manager.6869 Trac stores project information in a Trac environment. It consists70 of a directory structure containing among other things:7172 * a configuration file,73 * project-specific templates and plugins,74 * the wiki and ticket attachments files,75 * the SQLite database file (stores tickets, wiki pages...)76 in case the database backend is SQLite7778 """7980implements(ISystemInfoProvider)8182required=True8384system_info_providers=ExtensionPoint(ISystemInfoProvider)85setup_participants=ExtensionPoint(IEnvironmentSetupParticipant)8687components_section=ConfigSection('components',88"""Enable or disable components provided by Trac and plugins.89 The component to enable/disable is specified by the option name.90 The enabled state is determined by the option value: setting91 the value to `enabled` or `on` will enable the component, any92 other value (typically `disabled` or `off`) will disable the93 component.9495 The option name is either the fully qualified name of the96 component or the module/package prefix of the component. The97 former enables/disables a specific component, while the latter98 enables/disables any component in the specified package/module.99100 Consider the following configuration snippet:101 {{{#!ini102 [components]103 trac.ticket.report.ReportModule = disabled104 acct_mgr.* = enabled105 }}}106107 The first option tells Trac to disable the108 [TracReports report module].109 The second option instructs Trac to enable all components in110 the `acct_mgr` package. The trailing wildcard is required for111 module/package matching.112113 To view the list of active components, go to the ''Plugins''114 section of ''About Trac'' (requires `CONFIG_VIEW`115 [TracPermissions permission]).116117 See also: TracPlugins118 """)119120shared_plugins_dir=PathOption('inherit','plugins_dir','',121"""Path to the //shared plugins directory//.122123 Plugins in that directory are loaded in addition to those in124 the directory of the environment `plugins`, with this one125 taking precedence.126127 Non-absolute paths are relative to the Environment `conf`128 directory.129 """)130131base_url=Option('trac','base_url','',132"""Base URL of the Trac site.133134 This is used to produce documents outside of the web browsing135 context, such as URLs in notification e-mails that point to136 Trac resources.137 """)138139base_url_for_redirect=BoolOption('trac','use_base_url_for_redirect',140False,141"""Optionally use `[trac] base_url` for redirects.142143 In some configurations, usually involving running Trac behind144 a HTTP proxy, Trac can't automatically reconstruct the URL145 that is used to access it. You may need to use this option to146 force Trac to use the `base_url` setting also for147 redirects. This introduces the obvious limitation that this148 environment will only be usable when accessible from that URL,149 as redirects are frequently used.150 """)151152secure_cookies=BoolOption('trac','secure_cookies',False,153"""Restrict cookies to HTTPS connections.154155 When true, set the `secure` flag on all cookies so that they156 are only sent to the server on HTTPS connections. Use this if157 your Trac instance is only accessible through HTTPS.158 """)159160anonymous_session_lifetime=IntOption(161'trac','anonymous_session_lifetime','90',162"""Lifetime of the anonymous session, in days.163164 Set the option to 0 to disable purging old anonymous sessions.165 (''since 1.0.17'')""")166167project_name=Option('project','name','My Project',168"""Name of the project.""")169170project_description=Option('project','descr','My example project',171"""Short description of the project.""")172173project_url=Option('project','url','',174"""URL of the project web site.175176 This is usually the domain in which the `base_url` resides.177 For example, the project URL might be !https://myproject.com,178 with the Trac site (`base_url`) residing at either179 !https://trac.myproject.com or !https://myproject.com/trac.180 The project URL is added to the footer of notification e-mails.181 """)182183project_admin=Option('project','admin','',184"""E-Mail address of the project's administrator.""")185186project_admin_trac_url=Option('project','admin_trac_url','.',187"""Base URL of a Trac instance where errors in this Trac188 should be reported.189190 This can be an absolute or relative URL, or '.' to reference191 this Trac instance. An empty value will disable the reporting192 buttons.193 """)194195project_footer=Option('project','footer',196N_('Visit the Trac open source project at<br />'197'<a href="https://trac.edgewall.org/">'198'https://trac.edgewall.org/</a>'),199"""Page footer text (right-aligned).""")200201project_icon=Option('project','icon','common/trac.ico',202"""URL of the icon of the project.""")203204log_type=ChoiceOption('logging','log_type',205log.LOG_TYPES+log.LOG_TYPE_ALIASES,206"""Logging facility to use.207208 Should be one of (`none`, `file`, `stderr`, `syslog`, `winlog`).""",209case_sensitive=False)210211log_file=Option('logging','log_file','trac.log',212"""If `log_type` is `file`, this should be a path to the213 log-file. Relative paths are resolved relative to the `log`214 directory of the environment.""")215216log_level=ChoiceOption('logging','log_level',217log.LOG_LEVELS+log.LOG_LEVEL_ALIASES,218"""Level of verbosity in log.219220 Should be one of (`CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`).221 """,case_sensitive=False)222223log_format=Option('logging','log_format',None,224"""Custom logging format.225226 If nothing is set, the following will be used:227228 `Trac[$(module)s] $(levelname)s: $(message)s`229230 In addition to regular key names supported by the231 [http://docs.python.org/library/logging.html Python logger library]232 one could use:233234 - `$(path)s` the path for the current environment235 - `$(basename)s` the last path component of the current environment236 - `$(project)s` the project name237238 Note the usage of `$(...)s` instead of `%(...)s` as the latter form239 would be interpreted by the !ConfigParser itself.240241 Example:242 `($(thread)d) Trac[$(basename)s:$(module)s] $(levelname)s: $(message)s`243 """)244245def__init__(self,path,create=False,options=[],default_data=True):246"""Initialize the Trac environment.247248 :param path: the absolute path to the Trac environment249 :param create: if `True`, the environment is created and otherwise,250 the environment is expected to already exist.251 :param options: A list of `(section, name, value)` tuples that252 define configuration options253 :param default_data: if `True` (the default), the environment is254 populated with default data when created.255 """256ComponentManager.__init__(self)257258self.path=os.path.normpath(os.path.normcase(path))259self.log=None260self.config=None261262ifcreate:263self.create(options,default_data)264forsetup_participantinself.setup_participants:265setup_participant.environment_created()266else:267self.verify()268self.setup_config()269270def__repr__(self):271return'<%s%r>'%(self.__class__.__name__,self.path)272273@lazy274defname(self):275"""The environment name.276277 :since: 1.2278 """279returnos.path.basename(self.path)280281@property282defenv(self):283"""Property returning the `Environment` object, which is often284 required for functions and methods that take a `Component` instance.285 """286# The cached decorator requires the object have an `env` attribute.287returnself288289@property290defsystem_info(self):291"""List of `(name, version)` tuples describing the name and292 version information of external packages used by Trac and plugins.293 """294info=[]295forproviderinself.system_info_providers:296info.extend(provider.get_system_info()or[])297returnsorted(set(info),298key=lambdaargs:(args[0]!='Trac',args[0].lower()))299300# ISystemInfoProvider methods301302defget_system_info(self):303yield'Trac',self.trac_version304yield'Python',sys.version305yield'setuptools',setuptools.__version__306ifpytzisnotNone:307yield'pytz',pytz.__version__308ifhasattr(self,'webfrontend_version'):309yieldself.webfrontend,self.webfrontend_version310311defcomponent_activated(self,component):312"""Initialize additional member variables for components.313314 Every component activated through the `Environment` object315 gets three member variables: `env` (the environment object),316 `config` (the environment configuration) and `log` (a logger317 object)."""318component.env=self319component.config=self.config320component.log=self.log321322def_component_name(self,name_or_class):323name=name_or_class324ifnotisinstance(name_or_class,basestring):325name=name_or_class.__module__+'.'+name_or_class.__name__326returnname.lower()327328@lazy329def_component_rules(self):330_rules={}331forname,valueinself.components_section.options():332name=name.rstrip('.*').lower()333_rules[name]=as_bool(value)334return_rules335336defis_component_enabled(self,cls):337"""Implemented to only allow activation of components that are338 not disabled in the configuration.339340 This is called by the `ComponentManager` base class when a341 component is about to be activated. If this method returns342 `False`, the component does not get activated. If it returns343 `None`, the component only gets activated if it is located in344 the `plugins` directory of the environment.345 """346component_name=self._component_name(cls)347348rules=self._component_rules349cname=component_name350whilecname:351enabled=rules.get(cname)352ifenabledisnotNone:353returnenabled354idx=cname.rfind('.')355ifidx<0:356break357cname=cname[:idx]358359# By default, all components in the trac package except360# in trac.test or trac.tests are enabled361returncomponent_name.startswith('trac.')and \ 362notcomponent_name.startswith('trac.test.')and \ 363notcomponent_name.startswith('trac.tests.')orNone364365defenable_component(self,cls):366"""Enable a component or module."""367self._component_rules[self._component_name(cls)]=True368super(Environment,self).enable_component(cls)369370@contextmanager371defcomponent_guard(self,component,reraise=False):372"""Traps any runtime exception raised when working with a component373 and logs the error.374375 :param component: the component responsible for any error that376 could happen inside the context377 :param reraise: if `True`, an error is logged but not suppressed.378 By default, errors are suppressed.379380 """381try:382yield383exceptTracErrorase:384self.log.warning("Component %s failed with %s",385component,exception_to_unicode(e))386ifreraise:387raise388exceptExceptionase:389self.log.error("Component %s failed with %s",component,390exception_to_unicode(e,traceback=True))391ifreraise:392raise393394defverify(self):395"""Verify that the provided path points to a valid Trac environment396 directory."""397try:398withopen(os.path.join(self.path,'VERSION'))asf:399tag=f.readline().rstrip('\n')400exceptExceptionase:401raiseTracError(_("No Trac environment found at %(path)s\n"402"%(e)s",403path=self.path,e=exception_to_unicode(e)))404iftag!=_VERSION:405raiseTracError(_("Unknown Trac environment type '%(type)s'",406type=tag))407408@lazy409defdb_exc(self):410"""Return an object (typically a module) containing all the411 backend-specific exception types as attributes, named412 according to the Python Database API413 (http://www.python.org/dev/peps/pep-0249/).414415 To catch a database exception, use the following pattern::416417 try:418 with env.db_transaction as db:419 ...420 except env.db_exc.IntegrityError as e:421 ...422 """423returnDatabaseManager(self).get_exceptions()424425@property426defdb_query(self):427"""Return a context manager428 (`~trac.db.api.QueryContextManager`) which can be used to429 obtain a read-only database connection.430431 Example::432433 with env.db_query as db:434 cursor = db.cursor()435 cursor.execute("SELECT ...")436 for row in cursor.fetchall():437 ...438439 Note that a connection retrieved this way can be "called"440 directly in order to execute a query::441442 with env.db_query as db:443 for row in db("SELECT ..."):444 ...445446 :warning: after a `with env.db_query as db` block, though the447 `db` variable is still defined, you shouldn't use it as it448 might have been closed when exiting the context, if this449 context was the outermost context (`db_query` or450 `db_transaction`).451452 If you don't need to manipulate the connection itself, this453 can even be simplified to::454455 for row in env.db_query("SELECT ..."):456 ...457458 """459returnQueryContextManager(self)460461@property462defdb_transaction(self):463"""Return a context manager464 (`~trac.db.api.TransactionContextManager`) which can be used465 to obtain a writable database connection.466467 Example::468469 with env.db_transaction as db:470 cursor = db.cursor()471 cursor.execute("UPDATE ...")472473 Upon successful exit of the context, the context manager will474 commit the transaction. In case of nested contexts, only the475 outermost context performs a commit. However, should an476 exception happen, any context manager will perform a rollback.477 You should *not* call `commit()` yourself within such block,478 as this will force a commit even if that transaction is part479 of a larger transaction.480481 Like for its read-only counterpart, you can directly execute a482 DML query on the `db`::483484 with env.db_transaction as db:485 db("UPDATE ...")486487 :warning: after a `with env.db_transaction` as db` block,488 though the `db` variable is still available, you shouldn't489 use it as it might have been closed when exiting the490 context, if this context was the outermost context491 (`db_query` or `db_transaction`).492493 If you don't need to manipulate the connection itself, this494 can also be simplified to::495496 env.db_transaction("UPDATE ...")497498 """499returnTransactionContextManager(self)500501defshutdown(self,tid=None):502"""Close the environment."""503fromtrac.versioncontrol.apiimportRepositoryManager504RepositoryManager(self).shutdown(tid)505DatabaseManager(self).shutdown(tid)506iftidisNone:507log.shutdown(self.log)508509defcreate(self,options=[],default_data=True):510"""Create the basic directory structure of the environment,511 initialize the database and populate the configuration file512 with default values.513514 If options contains ('inherit', 'file'), default values will515 not be loaded; they are expected to be provided by that file516 or other options.517518 :raises TracError: if the base directory of `path` does not exist.519 :raises TracError: if `path` exists and is not empty.520 """521base_dir=os.path.dirname(self.path)522ifnotos.path.exists(base_dir):523raiseTracError(_(524"Base directory '%(env)s' does not exist. Please create it "525"and retry.",env=base_dir))526527ifos.path.exists(self.path)andos.listdir(self.path):528raiseTracError(_("Directory exists and is not empty."))529530# Create the directory structure531ifnotos.path.exists(self.path):532os.mkdir(self.path)533os.mkdir(self.htdocs_dir)534os.mkdir(self.log_dir)535os.mkdir(self.plugins_dir)536os.mkdir(self.templates_dir)537538# Create a few files539create_file(os.path.join(self.path,'VERSION'),_VERSION+'\n')540create_file(os.path.join(self.path,'README'),541'This directory contains a Trac environment.\n'542'Visit https://trac.edgewall.org/ for more information.\n')543544# Setup the default configuration545os.mkdir(self.conf_dir)546config=Configuration(self.config_file_path)547forsection,name,valueinoptions:548config.set(section,name,value)549config.save()550self.setup_config()551ifnotany((section,option)==('inherit','file')552forsection,option,valueinoptions):553self.config.set_defaults(self)554self.config.save()555556# Create the sample configuration557create_file(self.config_file_path+'.sample')558self._update_sample_config()559560# Create the database561dbm=DatabaseManager(self)562dbm.init_db()563ifdefault_data:564dbm.insert_default_data()565566@lazy567defdatabase_version(self):568"""Returns the current version of the database.569570 :since 1.0.2:571 """572returnDatabaseManager(self) \ 573.get_database_version('database_version')574575@lazy576defdatabase_initial_version(self):577"""Returns the version of the database at the time of creation.578579 In practice, for a database created before 0.11, this will580 return `False` which is "older" than any db version number.581582 :since 1.0.2:583 """584returnDatabaseManager(self) \ 585.get_database_version('initial_database_version')586587@lazy588deftrac_version(self):589"""Returns the version of Trac.590 :since: 1.2591 """592fromtracimportcore,__version__593returnget_pkginfo(core).get('version',__version__)594595defsetup_config(self):596"""Load the configuration file."""597self.config=Configuration(self.config_file_path,598{'envname':self.name})599ifnotself.config.exists:600raiseTracError(_("The configuration file is not found at "601"%(path)s",path=self.config_file_path))602self.setup_log()603plugins_dir=self.shared_plugins_dir604load_components(self,plugins_dirand(plugins_dir,))605606@lazy607defconfig_file_path(self):608"""Path of the trac.ini file."""609returnos.path.join(self.conf_dir,'trac.ini')610611@lazy612deflog_file_path(self):613"""Path to the log file."""614ifnotos.path.isabs(self.log_file):615returnos.path.join(self.log_dir,self.log_file)616returnself.log_file617618def_get_path_to_dir(self,*dirs):619path=self.path620fordirindirs:621path=os.path.join(path,dir)622returnos.path.realpath(path)623624@lazy625defattachments_dir(self):626"""Absolute path to the attachments directory.627628 :since: 1.3.1629 """630returnself._get_path_to_dir('files','attachments')631632@lazy633defconf_dir(self):634"""Absolute path to the conf directory.635636 :since: 1.0.11637 """638returnself._get_path_to_dir('conf')639640@lazy641deffiles_dir(self):642"""Absolute path to the files directory.643644 :since: 1.3.2645 """646returnself._get_path_to_dir('files')647648@lazy649defhtdocs_dir(self):650"""Absolute path to the htdocs directory.651652 :since: 1.0.11653 """654returnself._get_path_to_dir('htdocs')655656@lazy657deflog_dir(self):658"""Absolute path to the log directory.659660 :since: 1.0.11661 """662returnself._get_path_to_dir('log')663664@lazy665defplugins_dir(self):666"""Absolute path to the plugins directory.667668 :since: 1.0.11669 """670returnself._get_path_to_dir('plugins')671672@lazy673deftemplates_dir(self):674"""Absolute path to the templates directory.675676 :since: 1.0.11677 """678returnself._get_path_to_dir('templates')679680defsetup_log(self):681"""Initialize the logging sub-system."""682self.log,log_handler= \ 683self.create_logger(self.log_type,self.log_file_path,684self.log_level,self.log_format)685self.log.addHandler(log_handler)686self.log.info('-'*32+' environment startup [Trac %s] '+'-'*32,687self.trac_version)688689defcreate_logger(self,log_type,log_file,log_level,log_format):690log_id='Trac.%s'%hashlib.sha1(self.path).hexdigest()691iflog_format:692log_format=log_format.replace('$(','%(') \ 693.replace('%(path)s',self.path) \ 694.replace('%(basename)s',self.name) \ 695.replace('%(project)s',self.project_name)696returnlog.logger_handler_factory(log_type,log_file,log_level,697log_id,format=log_format)698699defget_known_users(self,as_dict=False):700"""Returns information about all known users, i.e. users that701 have logged in to this Trac environment and possibly set their702 name and email.703704 By default this function returns an iterator that yields one705 tuple for every user, of the form (username, name, email),706 ordered alpha-numerically by username. When `as_dict` is `True`707 the function returns a dictionary mapping username to a708 (name, email) tuple.709710 :since 1.2: the `as_dict` parameter is available.711 """712returnself._known_users_dictifas_dictelseiter(self._known_users)713714@cached715def_known_users(self):716returnself.db_query("""717 SELECT DISTINCT s.sid, n.value, e.value718 FROM session AS s719 LEFT JOIN session_attribute AS n ON (n.sid=s.sid720 AND n.authenticated=1 AND n.name = 'name')721 LEFT JOIN session_attribute AS e ON (e.sid=s.sid722 AND e.authenticated=1 AND e.name = 'email')723 WHERE s.authenticated=1 ORDER BY s.sid724 """)725726@cached727def_known_users_dict(self):728return{u[0]:(u[1],u[2])foruinself._known_users}729730definvalidate_known_users_cache(self):731"""Clear the known_users cache."""732delself._known_users733delself._known_users_dict734735defbackup(self,dest=None):736"""Create a backup of the database.737738 :param dest: Destination file; if not specified, the backup is739 stored in a file called db_name.trac_version.bak740 """741returnDatabaseManager(self).backup(dest)742743defneeds_upgrade(self):744"""Return whether the environment needs to be upgraded."""745forparticipantinself.setup_participants:746try:747withself.component_guard(participant,reraise=True):748ifparticipant.environment_needs_upgrade():749self.log.warning(750"Component %s requires an environment upgrade",751participant)752returnTrue753exceptExceptionase:754raiseTracError(_("Unable to check for upgrade of "755"%(module)s.%(name)s: %(err)s",756module=participant.__class__.__module__,757name=participant.__class__.__name__,758err=exception_to_unicode(e)))759returnFalse760761defupgrade(self,backup=False,backup_dest=None):762"""Upgrade database.763764 :param backup: whether or not to backup before upgrading765 :param backup_dest: name of the backup file766 :return: whether the upgrade was performed767 """768upgraders=[]769forparticipantinself.setup_participants:770withself.component_guard(participant,reraise=True):771ifparticipant.environment_needs_upgrade():772upgraders.append(participant)773ifnotupgraders:774return775776ifbackup:777try:778self.backup(backup_dest)779exceptExceptionase:780raiseBackupError(e)781782forparticipantinupgraders:783self.log.info("upgrading %s...",participant)784withself.component_guard(participant,reraise=True):785participant.upgrade_environment()786# Database schema may have changed, so close all connections787dbm=DatabaseManager(self)788ifdbm.connection_uri!='sqlite::memory:':789dbm.shutdown()790791self._update_sample_config()792delself.database_version793returnTrue794795@lazy796defhref(self):797"""The application root path"""798returnHref(urlsplit(self.abs_href.base).path)799800@lazy801defabs_href(self):802"""The application URL"""803ifnotself.base_url:804self.log.warning("[trac] base_url option not set in "805"configuration, generated links may be incorrect")806returnHref(self.base_url)807808def_update_sample_config(self):809filename=os.path.join(self.config_file_path+'.sample')810ifnotos.path.isfile(filename):811return812config=Configuration(filename)813config.set_defaults()814try:815config.save()816exceptEnvironmentErrorase:817self.log.warning("Couldn't write sample configuration file (%s)%s",818e,exception_to_unicode(e,traceback=True))819else:820self.log.info("Wrote sample configuration file with the new "821"settings and their default values: %s",822filename)823824825env_cache={}826env_cache_lock=threading.Lock()827828829defopen_environment(env_path=None,use_cache=False):830"""Open an existing environment object, and verify that the database is up831 to date.832833 :param env_path: absolute path to the environment directory; if834 omitted, the value of the `TRAC_ENV` environment835 variable is used836 :param use_cache: whether the environment should be cached for837 subsequent invocations of this function838 :return: the `Environment` object839 """840ifnotenv_path:841env_path=os.getenv('TRAC_ENV')842ifnotenv_path:843raiseTracError(_('Missing environment variable "TRAC_ENV". '844'Trac requires this variable to point to a valid '845'Trac environment.'))846847ifuse_cache:848withenv_cache_lock:849env=env_cache.get(env_path)850ifenvandenv.config.parse_if_needed():851# The environment configuration has changed, so shut it down852# and remove it from the cache so that it gets reinitialized853env.log.info('Reloading environment due to configuration '854'change')855env.shutdown()856delenv_cache[env_path]857env=None858ifenvisNone:859env=env_cache.setdefault(env_path,860open_environment(env_path))861else:862CacheManager(env).reset_metadata()863else:864env=Environment(env_path)865try:866needs_upgrade=env.needs_upgrade()867exceptTracErrorase:868env.log.error("Exception caught while checking for upgrade: %s",869exception_to_unicode(e))870raise871exceptExceptionase:# e.g. no database connection872env.log.error("Exception caught while checking for upgrade: %s",873exception_to_unicode(e,traceback=True))874raise875else:876ifneeds_upgrade:877raiseTracError(_('The Trac Environment needs to be upgraded. '878'Run:\n\n trac-admin "%(path)s" upgrade',879path=env_path))880881returnenv882883884classEnvironmentAdmin(Component):885"""trac-admin command provider for environment administration."""886887implements(IAdminCommandProvider)888889# IAdminCommandProvider methods890891defget_admin_commands(self):892yield('convert_db','<dburi> [new_env]',893"""Convert database894895 Converts the database backend in the environment in which896 the command is run (in-place), or in a new copy of the897 environment. For an in-place conversion, the data is898 copied to the database specified in <dburi> and the899 [trac] database setting is changed to point to the new900 database. The new database must be empty, which for an901 SQLite database means the file should not exist. The data902 in the existing database is left unmodified.903904 For a database conversion in a new copy of the environment,905 the environment in which the command is executed is copied906 and the [trac] database setting is changed in the new907 environment. The existing environment is left unmodified.908909 Be sure to create a backup (see `hotcopy`) before converting910 the database, particularly when doing an in-place conversion.911 """,912self._complete_convert_db,self._do_convert_db)913yield('deploy','<directory>',914'Extract static resources from Trac and all plugins',915None,self._do_deploy)916yield('hotcopy','<backupdir> [--no-database]',917"""Make a hot backup copy of an environment918919 The database is backed up to the 'db' directory of the920 destination, unless the --no-database option is921 specified.922 """,923None,self._do_hotcopy)924yield('upgrade','[--no-backup]',925"""Upgrade database to current version926927 The database is backed up to the directory specified by [trac]928 backup_dir (the default is 'db'), unless the --no-backup929 option is specified. The shorthand alias -b can also be used930 to specify --no-backup.931 """,932None,self._do_upgrade)933934def_do_convert_db(self,dburi,env_path=None):935ifenv_path:936returnself._do_convert_db_in_new_env(dburi,env_path)937else:938returnself._do_convert_db_in_place(dburi)939940def_complete_convert_db(self,args):941iflen(args)==2:942returnget_dir_list(args[1])943944def_do_deploy(self,dest):945target=os.path.normpath(dest)946chrome_target=os.path.join(target,'htdocs')947script_target=os.path.join(target,'cgi-bin')948chrome=Chrome(self.env)949950# Check source and destination to avoid recursively copying files951forproviderinchrome.template_providers:952paths=list(provider.get_htdocs_dirs()or[])953ifnotpaths:954continue955forkey,rootinpaths:956ifnotroot:957continue958source=os.path.normpath(root)959dest=os.path.join(chrome_target,key)960ifos.path.exists(source)andis_path_below(dest,source):961raiseAdminCommandError(962_("Resources cannot be deployed to a target "963"directory that is equal to or below the source "964"directory '%(source)s'.\n\nPlease choose a "965"different target directory and try again.",966source=source))967968# Copy static content969makedirs(target,overwrite=True)970makedirs(chrome_target,overwrite=True)971printout(_("Copying resources from:"))972forproviderinchrome.template_providers:973paths=list(provider.get_htdocs_dirs()or[])974ifnotpaths:975continue976printout(' %s.%s'%(provider.__module__,977provider.__class__.__name__))978forkey,rootinpaths:979ifnotroot:980continue981source=os.path.normpath(root)982printout(' ',source)983ifos.path.exists(source):984dest=os.path.join(chrome_target,key)985copytree(source,dest,overwrite=True)986987# Create and copy scripts988makedirs(script_target,overwrite=True)989printout(_("Creating scripts."))990data={'env':self.env,'executable':sys.executable,'repr':repr}991forscriptin('cgi','fcgi','wsgi'):992dest=os.path.join(script_target,'trac.'+script)993template=chrome.load_template('deploy_trac.'+script,text=True)994text=chrome.render_template_string(template,data,text=True)995996withopen(dest,'w')asout:997out.write(text.encode('utf-8'))998999def_do_hotcopy(self,dest,no_db=None):1000ifno_dbnotin(None,'--no-database'):1001raiseAdminCommandError(_("Invalid argument '%(arg)s'",arg=no_db),1002show_usage=True)10031004ifos.path.exists(dest):1005raiseTracError(_("hotcopy can't overwrite existing '%(dest)s'",1006dest=path_to_unicode(dest)))10071008printout(_("Hotcopying %(src)s to %(dst)s ...",1009src=path_to_unicode(self.env.path),1010dst=path_to_unicode(dest)))1011db_str=self.env.config.get('trac','database')1012prefix,db_path=db_str.split(':',1)1013skip=[]10141015ifprefix=='sqlite':1016db_path=os.path.join(self.env.path,os.path.normpath(db_path))1017# don't copy the journal (also, this would fail on Windows)1018skip=[db_path+'-journal',db_path+'-stmtjrnl',1019db_path+'-shm',db_path+'-wal']1020ifno_db:1021skip.append(db_path)10221023# Bogus statement to lock the database while copying files1024withself.env.db_transactionasdb:1025db("UPDATE "+db.quote('system')

Debugging PHP code is part of any project, but WordPress comes with specific debug systems designed to simplify the process as well as standardize code across the core, plugins and themes. This page describes the various debugging tools in WordPress and how to be more productive in your coding as well as increasing the overall quality and interoperativity of your code.

For non-programmers or general users, these options can be used to show detailed information about errors.

Example wp-config.php for Debugging

The following code, inserted in your wp-config.php file, will log all errors, notices, and warnings to a file called debug.log in the wp-content directory. It will also hide the errors so they do not interrupt page generation.

// Enable WP_DEBUG mode define( 'WP_DEBUG', true ); // Enable Debug logging to the /wp-content/debug.log file define( 'WP_DEBUG_LOG', true ); // Disable display of errors and warnings define( 'WP_DEBUG_DISPLAY', false ); @ini_set( 'display_errors', 0 ); // Use dev versions of core JS and CSS files (only needed if you are modifying these core files) define( 'SCRIPT_DEBUG', true );

NOTE: You must insert this BEFORE in the wp-config.php file.

Top ↑

WP_DEBUG

is a PHP constant (a permanent global variable) that can be used to trigger the “debug” mode throughout WordPress. It is assumed to be false by default and is usually set to true in the wp-config.php file on development copies of WordPress.

// This enables debugging. define( 'WP_DEBUG', true );// This disables debugging.
define( 'WP_DEBUG', false );

Note: The and values in the example are not surrounded by apostrophes (‘) because they are boolean (true/false) values. If you set constants to , they will be interpreted as true because the quotes make it a string rather than a boolean.

It is not recommended to use or the other debug tools on live sites; they are meant for local testing and staging installs.

Top ↑

PHP Errors, Warnings, and Notices

Enabling will cause all PHP errors, notices and warnings to be displayed. This is likely to modify the default behavior of PHP which only displays fatal errors and/or shows a white screen of death when errors are reached.

Showing all PHP notices and warnings often results in error messages for things that don’t seem broken, but do not follow proper data validation conventions inside PHP. These warnings are easy to fix once the relevant code has been identified, and the resulting code is almost always more bug-resistant and easier to maintain.

Top ↑

Deprecated Functions and Arguments

Enabling will also cause notices about deprecated functions and arguments within WordPress that are being used on your site. These are functions or function arguments that have not been removed from the core code yet but are slated for deletion in the near future. Deprecation notices often indicate the new function that should be used instead.

Top ↑

WP_DEBUG_LOG

is a companion to WP_DEBUG that causes all errors to also be saved to a debug.log log file This is useful if you want to review all notices later or need to view notices generated off-screen (e.g. during an AJAX request or wp-cron run).

Note that this allows you to write to log file using PHP’s built in function, which can be useful for instance when debugging Ajax events.

When set to , the log is saved to in the content directory (usually ) within your site’s filesystem. Alternatively, you can set it to a valid file path to have the file saved elsewhere.

define( 'WP_DEBUG_LOG', true ); -or- define( 'WP_DEBUG_LOG', '/tmp/wp-errors.log' );

Note: for to do anything, must be enabled (true). Remember you can turn off independently.

Top ↑

WP_DEBUG_DISPLAY

is another companion to that controls whether debug messages are shown inside the HTML of pages or not. The default is ‘true’ which shows errors and warnings as they are generated. Setting this to false will hide all errors. This should be used in conjunction with so that errors can be reviewed later.

define( 'WP_DEBUG_DISPLAY', false );

Note: for to do anything, must be enabled (true). Remember you can control independently.

Top ↑

SCRIPT_DEBUG

is a related constant that will force WordPress to use the “dev” versions of core CSS and JavaScript files rather than the minified versions that are normally loaded. This is useful when you are testing modifications to any built-in .js or .css files. Default is false.

Top ↑

SAVEQUERIES

The definition saves the database queries to an array and that array can be displayed to help analyze those queries. The constant defined as true causes each query to be saved, how long that query took to execute, and what function called it.

define( 'SAVEQUERIES', true );

The array is stored in the global .

NOTE: This will have a performance impact on your site, so make sure to turn this off when you aren’t debugging.

Top ↑

Debugging Plugins

There are many debugging plugins for WordPress that show more information about the internals, either for a specific component or in general. Here are some examples:

Top ↑

External Resources

Overview of the issue

If you are using the Themify theme with WPML 4.5.0, you will see an error message on the front-end toolbar when you open the homepage: “Builder is not available on this page. Turn On Builder”

You will also see the following PHP error:

Fatal error: Uncaught Error: Cannot use object of type Closure as array in …/wp-content/themes/themify-ultra/themify/themify-template-tags.php:1824 Stack trace: #0 …/wp-content/themes/themify-ultra/header.php(120): themify_menu_nav() #1 …/wp-includes/template.php(770): require_once(‘/var/www/sites/…’) #2 …/wp-includes/template.php(716): load_template() #3 …/wp-includes/general-template.php(48): locate_template() #4 …/wp-content/themes/themify-ultra/index.php(8): get_header() #5 …/wp-includes/template.php(772): require(‘/var/www/sites/…’) #6 …/wp-includes/template.php(716): load_template() #7 …/wp-includes/general-template.php(204): locate_template() #8 …/wp-content/themes/themify-ultra/page.php(4): get_template_part() #9 /var/www/sites/sepia-m in …/wp-content/themes/themify-ultra/themify/themify-template-tags.php on line 1824

Workaround

Please, make a full backup of your site before proceeding.

  1. Open this file: /wp-content/themes/themify-ultra/themify/themify-template-tags.php.
  2. Look for line 1824.
  3. Replace this line: if ( is_a( $filter['function'][0], 'WPML_LS_Render' ) ) {
  4. With: if ( is_array( $filter['function'] ) && is_a( $filter['function'][0], 'WPML_LS_Render' ) ) {


Warning: Illegal string offset 'lang' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1009

Warning: Illegal string offset 'timelocation' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1517

Warning: Illegal string offset 'learnmoreICS' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1621

Warning: Illegal string offset 'evosocial' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-frontend.php on line 295

Warning: count(): Parameter must be an array or an object that implements Countable in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1637

Warning: array_key_exists() expects parameter 2 to be array, string given in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar-helper.php on line 109

Warning: Illegal string offset 'day_block' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1818

Warning: Illegal string offset 'titles' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1828

Warning: Illegal string offset 'belowtitle' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1841

Warning: Illegal string offset 'close1' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1865

Warning: Illegal string offset 'close2' in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1867

Warning: count(): Parameter must be an array or an object that implements Countable in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1871

Fatal error: Uncaught Error: [] operator not supported for strings in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php:1985 Stack trace: #0 /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php(1049): EVO_generator->generate_event_data(Array, '', '9') #1 /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/templates/content-single-event.php(53): EVO_generator->get_single_event_data(16316, 'L1', 0) #2 /home/customer/www/cdu.org.uy/public_html/web/wp-includes/template.php(772): require('/home/customer/...') #3 /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/eventon-core-functions.php(941): load_template('/home/customer/...', false) #4 /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-single-event.php(34): eventon_get_template_part('content', 'single-event', '/home/customer/...') #5 /home/customer/www/cdu.org.uy/publi in /home/customer/www/cdu.org.uy/public_html/web/wp-content/plugins/eventon/includes/class-calendar_generator.php on line 1985

0 Comments

Leave a Comment