[Solved] blank pages caused by Smarty from Debian Lenny install

josz

Joined: 2009-10-27
Posts: 10

Posted: Tue, 2009-10-27 19:34

Edit: Changed Title

Various pages in a new single site installation result in blank pages.
Chosen language is Dutch.
Through debuging, I traced the problem to the presence of single quotes in the variables in templates.
If I escape,\, the single quote. The problem is solved.

Is this a problem with my configuration or is this a bug

Gallery versie = 2.3 core 1.3.0
API = Core 7.54, Module 3.9, Thema 2.6, Embed 1.5
PHP versie = 5.2.6-1+lenny3 apache2handler
Web server = Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
Database = mysqli 5.0.51a-24+lenny2-log, lock.system=flock
Toolkits = ArchiveUpload, Dcraw, Exif, Ffmpeg, Getid3, ImageMagick, jpegtran, LinkItemToolkit, SquareThumb, Thumbnail, Gd
Versnelling = none, none
Besturingssysteem = Linux kast 2.6.26-2-amd64 #1 SMP Wed Aug 19 22:33:18 UTC 2009 x86_64
Standaard thema = matrix
gettext = geactiveerd
Talen = nl_NL
Browser = Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Rijen in GalleryAccessMap tabel = 14
Rijen in GalleryAccessSubscriberMap tabel = 3
Rijen in GalleryUser tabel = 2
Rijen in GalleryItem tabel = 1
Rijen in GalleryAlbumItem tabel = 1
Rijen in GalleryCacheMap tabel = 0

nivekiam

Joined: 2002-12-10
Posts: 16503

Posted: Tue, 2009-10-27 20:22

Quote:

Is this a problem with my configuration

This is where my money is.

Quote:

or is this a bug

I doubt it, since G2 2.3 has been released for over a year and you're not the first Dutch user.

Please post a link to your phpinfo under your gallery install:
FAQ: How do I create a phpinfo page?

Have you modified anything? Check that all the gallery files are intact:
FAQ: How can I make sure that my installation files are all intact?
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

josz

Joined: 2009-10-27
Posts: 10

Posted: Wed, 2009-10-28 07:33

I have a lot of modified files:
install/steps/StorageSetupStep.class
install/templates/StorageSetupRequest.html
lib/adodb/adodb-error.inc.php
lib/adodb/adodb-iterator.inc.php
lib/adodb/adodb-lib.inc.php
lib/adodb/adodb-perf.inc.php
lib/adodb/adodb-php4.inc.php
lib/adodb/adodb-time.inc.php
lib/adodb/adodb.inc.php
lib/adodb/drivers/adodb-ado.inc.php
lib/adodb/drivers/adodb-ado5.inc.php
lib/adodb/drivers/adodb-ado_mssql.inc.php
lib/adodb/drivers/adodb-db2.inc.php
lib/adodb/drivers/adodb-mysql.inc.php
lib/adodb/drivers/adodb-mysqli.inc.php
lib/adodb/drivers/adodb-mysqlt.inc.php
lib/adodb/drivers/adodb-oci8.inc.php
lib/adodb/drivers/adodb-oci805.inc.php
lib/adodb/drivers/adodb-oci8po.inc.php
lib/adodb/drivers/adodb-oracle.inc.php
lib/adodb/drivers/adodb-pdo.inc.php
lib/adodb/drivers/adodb-postgres64.inc.php
lib/adodb/drivers/adodb-postgres7.inc.php
lib/adodb/perf/perf-db2.inc.php
lib/adodb/perf/perf-mssql.inc.php
lib/adodb/perf/perf-mysql.inc.php
lib/adodb/perf/perf-oci8.inc.php
lib/adodb/perf/perf-postgres.inc.php
lib/adodb/tohtml.inc.php
lib/smarty/Smarty_Compiler.class.php
lib/smarty/plugins/function.math.php
lib/smarty/plugins/modifier.debug_print_var.php
upgrade/steps/SystemChecksStep.class

Since this is a clean install, from the debian repository, what is wrong with this? I guess that adodb and smarty are a recent version, but what about StorageSetupStep.class and StorageSetupRequest.html?

http://fam-zonneveld.nl/album/phpinfo.php

Jos

josz

Joined: 2009-10-27
Posts: 10

Posted: Wed, 2009-10-28 08:06

I finally found the problem.
I will post the solution soon

josz

Joined: 2009-10-27
Posts: 10

Posted: Wed, 2009-10-28 08:14

Oke, the problem was smarty.
The modified files list pointed me to this.
I downloaded 2.3 from sourceforge, removed the symlink to smarty (debian).
Copied the smarty version from sourceforge to my installation dir.
After removing the template cache, the pages are showing.

I will try to find the difference between the two version

Jos

josz

Joined: 2009-10-27
Posts: 10

Posted: Wed, 2009-10-28 08:51

The smarty version from debian is the right version, but has the following difference.

Quote:

Smarty_Compiler.class.php
line 1698:
debian comment
// The follwoing line has been replaced to close a function injection security hole (U.Tews)
// $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
$_return = str_replace('"',"'",$_return);
// escape dollar sign if not printing a var
$_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);

Quote:

function.math.php
line 30:
debian
// strip out backticks, not necessary for math
$equation = str_replace('`','',$params['equation']);

Quote:

modifier.debug_print_var.php
this file is modified by Gallery, on various lines

Jos

nivekiam

Joined: 2002-12-10
Posts: 16503

Posted: Wed, 2009-10-28 13:00

Quote:

Since this is a clean install, from the debian repository,

You're not the first....
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

crifi

Joined: 2009-05-01
Posts: 1

Posted: Mon, 2009-11-09 22:54

Hi. I use gallery2 (2.3-1) testing (squeeze) in a lenny enviroment. I've updated smarty with the version 2.6.22-1 from squeeze:

Quote:

apt-get -t testing smarty

This also solves the problem.

nivekiam

Joined: 2002-12-10
Posts: 16503

Posted: Mon, 2009-11-09 22:58

Do not apt-get gallery to install it.

Just download it from this site and all will be well. It seems none of the package maintainers (Debian, Ubutnu, Fedora, etc) out there test installing Gallery from their repository, or perhaps they do and it works in their environment or maybe they are just testing an install and not an upgrade...
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

grantroot

Joined: 2009-11-10
Posts: 1

Posted: Tue, 2009-11-10 17:28

Quote:

I've updated smarty with the version 2.6.22-1 from squeeze:... This also solves the problem.

It does, but remember to delete the template cache after you upgrade. Otherwise the problem will not appear to be solved.

nivekiam

Joined: 2002-12-10
Posts: 16503

Posted: Tue, 2009-11-10 17:33

The upgrade process should clear the cache.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

josz Joined: 2009-10-27 Posts: 10	Posted: Tue, 2009-10-27 19:34
	Edit: Changed Title Various pages in a new single site installation result in blank pages. Chosen language is Dutch. Through debuging, I traced the problem to the presence of single quotes in the variables in templates. If I escape,\, the single quote. The problem is solved. Is this a problem with my configuration or is this a bug Gallery versie = 2.3 core 1.3.0 API = Core 7.54, Module 3.9, Thema 2.6, Embed 1.5 PHP versie = 5.2.6-1+lenny3 apache2handler Web server = Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g Database = mysqli 5.0.51a-24+lenny2-log, lock.system=flock Toolkits = ArchiveUpload, Dcraw, Exif, Ffmpeg, Getid3, ImageMagick, jpegtran, LinkItemToolkit, SquareThumb, Thumbnail, Gd Versnelling = none, none Besturingssysteem = Linux kast 2.6.26-2-amd64 #1 SMP Wed Aug 19 22:33:18 UTC 2009 x86_64 Standaard thema = matrix gettext = geactiveerd Talen = nl_NL Browser = Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) Rijen in GalleryAccessMap tabel = 14 Rijen in GalleryAccessSubscriberMap tabel = 3 Rijen in GalleryUser tabel = 2 Rijen in GalleryItem tabel = 1 Rijen in GalleryAlbumItem tabel = 1 Rijen in GalleryCacheMap tabel = 0
	XUser login Username: * Password: * Create new account Request new password
nivekiam Joined: 2002-12-10 Posts: 16503	Posted: Tue, 2009-10-27 20:22
	Quote: Is this a problem with my configuration This is where my money is. Quote: or is this a bug I doubt it, since G2 2.3 has been released for over a year and you're not the first Dutch user. Please post a link to your phpinfo under your gallery install: FAQ: How do I create a phpinfo page? Have you modified anything? Check that all the gallery files are intact: FAQ: How can I make sure that my installation files are all intact? ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

josz Joined: 2009-10-27 Posts: 10	Posted: Wed, 2009-10-28 07:33
	I have a lot of modified files: install/steps/StorageSetupStep.class install/templates/StorageSetupRequest.html lib/adodb/adodb-error.inc.php lib/adodb/adodb-iterator.inc.php lib/adodb/adodb-lib.inc.php lib/adodb/adodb-perf.inc.php lib/adodb/adodb-php4.inc.php lib/adodb/adodb-time.inc.php lib/adodb/adodb.inc.php lib/adodb/drivers/adodb-ado.inc.php lib/adodb/drivers/adodb-ado5.inc.php lib/adodb/drivers/adodb-ado_mssql.inc.php lib/adodb/drivers/adodb-db2.inc.php lib/adodb/drivers/adodb-mysql.inc.php lib/adodb/drivers/adodb-mysqli.inc.php lib/adodb/drivers/adodb-mysqlt.inc.php lib/adodb/drivers/adodb-oci8.inc.php lib/adodb/drivers/adodb-oci805.inc.php lib/adodb/drivers/adodb-oci8po.inc.php lib/adodb/drivers/adodb-oracle.inc.php lib/adodb/drivers/adodb-pdo.inc.php lib/adodb/drivers/adodb-postgres64.inc.php lib/adodb/drivers/adodb-postgres7.inc.php lib/adodb/perf/perf-db2.inc.php lib/adodb/perf/perf-mssql.inc.php lib/adodb/perf/perf-mysql.inc.php lib/adodb/perf/perf-oci8.inc.php lib/adodb/perf/perf-postgres.inc.php lib/adodb/tohtml.inc.php lib/smarty/Smarty_Compiler.class.php lib/smarty/plugins/function.math.php lib/smarty/plugins/modifier.debug_print_var.php upgrade/steps/SystemChecksStep.class Since this is a clean install, from the debian repository, what is wrong with this? I guess that adodb and smarty are a recent version, but what about StorageSetupStep.class and StorageSetupRequest.html? http://fam-zonneveld.nl/album/phpinfo.php Jos

josz Joined: 2009-10-27 Posts: 10	Posted: Wed, 2009-10-28 08:06
	I finally found the problem. I will post the solution soon

josz Joined: 2009-10-27 Posts: 10	Posted: Wed, 2009-10-28 08:14
	Oke, the problem was smarty. The modified files list pointed me to this. I downloaded 2.3 from sourceforge, removed the symlink to smarty (debian). Copied the smarty version from sourceforge to my installation dir. After removing the template cache, the pages are showing. I will try to find the difference between the two version Jos

josz Joined: 2009-10-27 Posts: 10	Posted: Wed, 2009-10-28 08:51
	The smarty version from debian is the right version, but has the following difference. Quote: Smarty_Compiler.class.php line 1698: debian comment // The follwoing line has been replaced to close a function injection security hole (U.Tews) // $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); $_return = str_replace('"',"'",$_return); // escape dollar sign if not printing a var $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return); Quote: function.math.php line 30: debian // strip out backticks, not necessary for math $equation = str_replace('`','',$params['equation']); Quote: modifier.debug_print_var.php this file is modified by Gallery, on various lines Jos

nivekiam Joined: 2002-12-10 Posts: 16503	Posted: Wed, 2009-10-28 13:00
	Quote: Since this is a clean install, from the debian repository, You're not the first.... ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

crifi Joined: 2009-05-01 Posts: 1	Posted: Mon, 2009-11-09 22:54
	Hi. I use gallery2 (2.3-1) testing (squeeze) in a lenny enviroment. I've updated smarty with the version 2.6.22-1 from squeeze: Quote: apt-get -t testing smarty This also solves the problem.

nivekiam Joined: 2002-12-10 Posts: 16503	Posted: Mon, 2009-11-09 22:58
	Do not apt-get gallery to install it. Just download it from this site and all will be well. It seems none of the package maintainers (Debian, Ubutnu, Fedora, etc) out there test installing Gallery from their repository, or perhaps they do and it works in their environment or maybe they are just testing an install and not an upgrade... ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

grantroot Joined: 2009-11-10 Posts: 1	Posted: Tue, 2009-11-10 17:28
	Quote: I've updated smarty with the version 2.6.22-1 from squeeze:... This also solves the problem. It does, but remember to delete the template cache after you upgrade. Otherwise the problem will not appear to be solved.

nivekiam Joined: 2002-12-10 Posts: 16503	Posted: Tue, 2009-11-10 17:33
	The upgrade process should clear the cache. ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

[Solved] blank pages caused by Smarty from Debian Lenny install

XUser login