Phoca Forum

Can you tell me what changed between version 1.2.0 and 1.2.1?

Thanks already

There was a security fix. Protection against XSS (there is a library called html purifier) which cleans 'dangerous scripts' from strings...

There is some error on your site in this library ...

Jan

Hi Jan,

I tried it even with the new version, but i still get the same error. So i will send you my FTP info and joomla info in a PM. Hope you can find the problem.

Thanks already.

Hi, in your administrator area, there is all right with guestbook, in frontend too, I left an message in guestbook, everything works ok ...

That's because i'm still running version 1.2.0 Beta. If i upgrade to any version above version 1.2.0 it doesn't work anymore.

Try for yourself and install the latest phoca guestbook Then i get the HTTP 500 error.

so please install the 1.3.1 and let me know login, password into the pm

Jan

Done, and thanks already.

The problem is here:

Fatal error: Call to undefined function ctype_lower() in ...components/com_phocaguestbook/assets/library/HTMLPurifier/Token.php on line 70

The HTML purifier is an external library which check the strings against XSS attacks becasue there is still some problem in Joomla! with clean method

I cannot say what can be the problem because it is an external script

I think your php server doesn't have inmplemented the Ctype functions

http://cz.php.net/manual/en/ref.ctype.php

Jan

On the website it's written:

In PHP versions before 4.4.1, ctype functions have a bug handling very large integers.
http://bugs.php.net/bug.php?id=34645

But my ISP is using 5.2.4-pl2-gentoo.

Shouldn't it be solved in this PHP version?

I found something:

'./configure' '--prefix=/usr/lib/php5' '--host=i686-pc-linux-gnu' '--mandir=/usr/lib/php5/man' '--infodir=/usr/lib/php5/info' '--sysconfdir=/etc' '--cache-file=./config.cache' '--enable-maintainer-zts' '--disable-cli' '--with-apxs2=/usr/sbin/apxs2' '--with-config-file-path=/etc/php/apache2-php5' '--with-config-file-scan-dir=/etc/php/apache2-php5/ext-active' '--without-pear' '--disable-bcmath' '--without-bz2' '--disable-calendar' '--disable-ctype' '--with-curl' '--without-curlwrappers' '--disable-dbase' '--disable-exif' '--without-fbsql' '--without-fdftk' '--disable-filter' '--disable-ftp' '--with-gettext' '--without-gmp' '--disable-hash' '--disable-json' '--without-kerberos' '--enable-mbstring' '--with-mcrypt' '--without-mhash' '--without-msql' '--without-mssql' '--with-ncurses' '--with-openssl' '--with-openssl-dir=/usr' '--disable-pcntl' '--disable-pdo' '--without-pgsql' '--without-pspell' '--without-recode' '--disable-simplexml' '--disable-shmop' '--with-snmp' '--disable-soap' '--disable-sockets' '--without-sybase' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--disable-tokenizer' '--disable-wddx' '--disable-xmlreader' '--disable-xmlwriter' '--without-xmlrpc' '--without-xsl' '--disable-zip' '--with-zlib' '--disable-debug' '--enable-dba' '--without-cdb' '--with-db4' '--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm' '--without-freetype-dir' '--without-t1lib' '--disable-gd-jis-conv' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--without-xpm-dir' '--with-gd' '--with-imap' '--with-imap-ssl' '--with-ldap' '--without-ldap-sasl' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-mysqli' '--with-readline' '--without-libedit' '--without-mm' '--without-sqlite'

It's written disabled ctype. So that's the problem i guess?