Difference between revisions of "ETTVd:Known Bugs"
(→Webinterface) |
(→Login Page) |
||
| Line 4: | Line 4: | ||
If you do NOT want to steal your own cookie or allow other ppl to steal their own cookies you may apply the following patch on the file templates/login.tpl:<br /> | If you do NOT want to steal your own cookie or allow other ppl to steal their own cookies you may apply the following patch on the file templates/login.tpl:<br /> | ||
replace line 5: | replace line 5: | ||
| − | + | <td class="cellb"><input type="text" name="username" id="username" alt="username" value="{$smarty.post.username}" {$error.username} /></td> | |
with this: | with this: | ||
| − | + | <td class="cellb"><input type="text" name="username" id="username" alt="username" value="{$smarty.post.username|htmlentities}" {$error.username} /></td> | |
then replace line no. 8: | then replace line no. 8: | ||
| − | + | <td class="cellb"><input type="password" name="password" alt="password" value="{$smarty.post.password}" {$error.password} /></td> | |
with: | with: | ||
| − | + | <td class="cellb"><input type="password" name="password" alt="password" value="{$smarty.post.password|htmlentities}" {$error.password} /></td> | |
| − | + | ||
==== recmode 'connect' bug ==== | ==== recmode 'connect' bug ==== | ||
Revision as of 16:46, 2 October 2007
Contents
Webinterface
Login Page
It's no bug at all but a "security expert" claims it is. In fact; you can steal your own cookie or deface the page you see (not for other clients tho :( ).
If you do NOT want to steal your own cookie or allow other ppl to steal their own cookies you may apply the following patch on the file templates/login.tpl:
replace line 5:
<td class="cellb"><input type="text" name="username" id="username" alt="username" value="{$smarty.post.username}" {$error.username} /></td>
with this:
<td class="cellb"><input type="text" name="username" id="username" alt="username" value="{$smarty.post.username|htmlentities}" {$error.username} /></td>
then replace line no. 8:
<td class="cellb"><input type="password" name="password" alt="password" value="{$smarty.post.password}" {$error.password} /></td>
with:
<td class="cellb"><input type="password" name="password" alt="password" value="{$smarty.post.password|htmlentities}" {$error.password} /></td>
recmode 'connect' bug
Some commands are sent in the wrong order which may break recordmode connect on some systems - if you want to use it, spawn the recorder with recordmode ready and then edit it to "connect" OR apply the following patch on the includes/ettvd.class.php:
replace line 62-70:
function broadcast($ip, $pass, $ettvpass, $gamename, $autodisconnect, $recmode, $readynum = 4, $slaveslots = 0, $replayerid = false) {
$rec = $this->connect($ip, $pass, $ettvpass, $slaveslots);
$this->gamename($rec, $gamename);
$this->recmode($rec, $recmode);
if($recmode == 'ready' && $readynum != 4) $this->readynum($rec, $readynum);
if(!$autodisconnect) $this->autodisconnect($rec, 0);
if($replayerid) $this->livecast($rec, $replayerid);
return $rec;
}
with:
function broadcast($ip, $pass, $ettvpass, $gamename, $autodisconnect, $recmode, $readynum = 4, $slaveslots = 0, $replayerid = false) {
$rec = $this->connect($ip, $pass, $ettvpass, $slaveslots);
$this->gamename($rec, $gamename);
if($replayerid) $this->livecast($rec, $replayerid);
$this->recmode($rec, $recmode);
if($recmode == 'ready' && $readynum != 4) $this->readynum($rec, $readynum);
if(!$autodisconnect) $this->autodisconnect($rec, 0);
return $rec;
}
masterlist permission bug
On some systems the webinterface might print the message that there are missing permissions for the masterlist file even though it has chmod 777. To fix it just delete the file includes/masterlist and set the chmod of the includes/ dir to 777. The file will be created then.
ETTVd Daemon
All versions
Not getting all symlinks right on first start - just restart it ^^
