search

systopia / de.systopia.moregreetings

CiviCRM Extension for additional greetings
GNU Affero General Public License v3.0
4 stars 10 forks source link

Adding any field logic leads to Fatal Wordpress Error #19

Closed janforth closed 2 years ago

janforth commented 4 years ago

After installing the extension any try to edit the field's logic leads to a fatal error in Wordpress

apache2/error.log:

[Fri Oct 02 07:57:42.288104 2020] [php7:warn] [pid 13658] [client 79.216.56.37:49421] PHP Warning: Smarty error: unable to read resource: "CRM/moregreetings/Form/Settings.hlp" in /var/www/html/foerderverein/wp-content/plugins/civicrm/civicrm/packages/Smarty/Smarty.class.php on line 1100, referer: https://www.foerdervereinsportrecht.de/wp-admin/admin.php?page=CiviCRM&q=civicrm%2Fadmin%2Fsetting%2Fmoregreetings&reset=1 [Fri Oct 02 07:58:41.868209 2020] [php7:warn] [pid 14768] [client 79.216.56.37:49457] PHP Warning: call_user_func() expects parameter 1 to be a valid callback, no array or string given in /var/www/html/foerderverein/wp-content/plugins/civicrm/civicrm/ext/de.systopia.moregreetings/CRM/Moregreetings/Form/Settings.php on line 195, referer: https://www.foerdervereinsportrecht.de/wp-admin/admin.php?page=CiviCRM&q=civicrm%2Fadmin%2Fsetting%2Fmoregreetings&reset=1 [Fri Oct 02 07:58:41.875746 2020] [php7:error] [pid 14768] [client 79.216.56.37:49457] PHP Fatal error: Smarty error: [in CRM/common/status.tpl line 20]: [plugin] (secure mode) modifier 'json_encode' is not allowed (core.load_plugins.php, line 118) in /var/www/html/foerderverein/wp-content/plugins/civicrm/civicrm/packages/Smarty/Smarty.class.php on line 1100, referer: https://www.foerdervereinsportrecht.de/wp-admin/admin.php?page=CiviCRM&q=civicrm%2Fadmin%2Fsetting%2Fmoregreetings&reset=1

bjendres commented 3 years ago

Hi @janforth. It sounds like you're using json_encode in one of your templates, which is not allowed according to CiviCRM smarty security policy.

Which version of the extension are you using? The current code branch doesn't use this function at all (in smarty).

jensschuppe commented 2 years ago

Smarty errors are supposed to be caught during form validation, but will nonetheless end up in the PHP error log as Smarty generates PHP errors that the error handler takes care of. #9 temporarily replaces the error handler to throw an exception for the form validation to catch and display the error, but also hands it over to the original error handler.

And yes, the json_encode modifier doesn't seem to be allowed in CiviCRM's Smarty implementation, but a custom one named json, see here.

jensschuppe commented 2 years ago

@janforth Feel free to reopen, if my above explanation doesn't help solving your issue.