Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Portal
Exclamation CVE-2022-40834 SQL Injection Vulnerability
Posted by: reactionstudio - 2 hours ago - Replies (1)

Hello, I am wondering if the following CVE ever got patched: CVE-2022-40834. It says v3.1.13 is affected which seems to be the current version?
https://www.cvedetails.com/cve/CVE-2022-40835/
https://web.archive.org/web/202210071601.../README.md
There are also a number of other CVE's for v3.1.13
https://www.cvedetails.com/vulnerability...niter.html
Is CI3 still receiving security updates or are all these CVE's still exploitable?


  Codeigniter Shield Banning users?
Posted by: xsPurX - Yesterday, 07:43 AM - Replies (5)

Hi,
i am looking at this userguide https://shield.codeigniter.com/user_mana...ing_users/
it doesn't make sense cause where do you put the user_id to know which user to ban? The function doesn't show any user id. so if I run this function how will it know what user to ban?
Thanks,
Shawn`


  SQL server connection not working
Posted by: falagar2k - Yesterday, 02:31 AM - Replies (11)

Trying to connect my CodeIgniter 4.5.1 project to a SQL Server (14.0) database. Running on Windows with XAMPP, PHP version 8.2.

I downloaded the appropriate DLLs from Microsoft, put them in my PHP extensions folder and enabled the extensions

In my .env file I entered the database information:

PHP Code:
database.default.hostname "MYSERVER\TEST"
database.default.database 'mydb'
database.default.username 'myuser'
database.default.password 'mypassword'
database.default.DBDriver 'sqlsrv' 

I get the following error:

Code:
Unable to connect to the database.
Main connection [sqlsrv]: [Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Der Wartevorgang wurde abgebrochen.
SQLSTATE: 08001, code: 258

The server is running and the credentials are correct (I triple-checked).

If I connect to the DB the "hard" way (using the same credentials), it works just fine (just dropped code below into my controller):

PHP Code:
        $serverName "MYSERVER\TEST"
        $uid "myuser";  
        $pwd "mypassword";  
        $databaseName "mydb"
        
        $connectionInfo = array( "UID"=>$uid,
                                "PWD"=>$pwd,
                                "Database"=>$databaseName); 
        
        $conn sqlsrv_connect$serverName$connectionInfo);  
        
        $tsql "SELECT id, name FROM users";

        $stmt sqlsrv_query$conn$tsql);  
        if ( $stmt )  
        {  
            echo "Statement executed.<br>\n";  
        }  
        else  
        {  
            echo "Error in statement execution.\n";  
            die( print_rsqlsrv_errors(), true));  
        }  
              
        while( $row sqlsrv_fetch_array$stmtSQLSRV_FETCH_NUMERIC))  
        {  
            echo "Col1: ".$row[0]."\n";  
            echo "Col2: ".$row[1]."\n";
            echo "-----------------<br>\n";  
        }  
        
        sqlsrv_free_stmt$stmt);  
        sqlsrv_close$conn);  

I am probably just doing something incredibly stupid, but I have been staring at this for hours and I am at my wit's end. Anyone have an idea? Thank you for reading.


  CI 4.5.1 CSRF - The action you requested is not allowed.
Posted by: jackvaughn03 - 04-23-2024, 10:17 PM - Replies (2)

Hello experts,

Has anyone encountered the same issue as mine after updating from CI4.4.5 to CI4.5.1? 
Submitting a form with CSRF configuration previously posed no problem.
However, now I can't submit the form using ajax unless I configure it as expected in the filter. 
I need some routes to not be excepted in the filter (csrf->except->[]) configuration.

Thank you in advance.


[Image: Screenshot-2024-04-24-130236.png]


Question Bug with sessions CI 4.5.1
Posted by: ALTITUDE_DEV - 04-23-2024, 01:36 PM - Replies (1)

Hello CI Users, 

I'm encountering a rather strange bug with sessions in CODEIGNITER 4.5.1. Let me explain:
I log in to my dashboard, and the session is created without any issues.

- Scenario 1: If I close the browser tab and paste the URL of the admin panel, I'm still logged into my session.
- Scenario 2: If I close my browser and return to the panel via copy-paste, I'm still logged into my session.
- Scenario 3 If I close the browser tab and use the "search history," if I click on the panel in the search history, my session is destroyed, and I have to log in again, creating a new CI session.

Do you have any idea ? or its a bug ?


  Display a custom error if the cache driver fails
Posted by: b126 - 04-23-2024, 06:22 AM - No Replies

What would be the best way to display a custom error message when the cache driver fails (Memcached in my case)?

I thought of creating a FILTER, and within this filter testing the ->getCacheInfo() method. Does this seem correct?

Like this:
Config\Filters.php

PHP Code:
public array $aliases = [
        'csrf'          => CSRF::class,
        'toolbar'      => DebugToolbar::class,
        'honeypot'      => Honeypot::class,
        'invalidchars'  => InvalidChars::class,
        'secureheaders' => SecureHeaders::class,
        'authentication' => AuthenticationFilter::class,
[b]        'verifyCache'  => VerifyMemcachedFilter::class,
[/b]    ];
public array $globals = [
        'before' => [
            'verifyCache',],

]; 


Filters\VerifyMemCachedFilter.php
PHP Code:
    public function before(RequestInterface $request$arguments null)
    {
        $cache Services::cache();
        if ($cache->getCacheInfo() === null) {
            echo 'MEMCACHED not started';
            die;
        }
    

  Getting supportedLocales after upgrade to 4.5.1
Posted by: kcs - 04-22-2024, 08:23 AM - Replies (4)

Hi everyone,
I am using https://includebeer.com/en/blog/creating...r-4-part-1 for localization and after upgrading to 4.5.1, I am getting this error: 

Code:
Cannot access protected property CodeIgniter\HTTP\IncomingRequest::$config

APPPATH/Controllers/BaseController.php at line 61

60        $this->viewData['locale'] = $request->getLocale();
61        $this->viewData['supportedLocales'] = $request->config->supportedLocales;

Looking at the documentation, I tried to replace the call with
Code:
$this->viewData['supportedLocales'] = config('supportedLocales');
I don't get the error anymore, but when I want to display the navigation elements and call $supportedLocales inside my view, It is NULL so I am not doing the right thing.

Can anyone help me?


  Pipe on url modified in %
Posted by: pippuccio76 - 04-22-2024, 07:37 AM - Replies (3)

I , in my url i want send string with pipe (redirect with data) this is data in url :

15%7CA%7C2514%7CH.3.001%7C3%7CBM-FASE10

| are transform into %7C , how can i send pipe without transform?


  extend url_to helper
Posted by: sjender - 04-22-2024, 07:01 AM - Replies (2)

Hi,
I would like to extend the url_to() helper function.
This is what I did...

PHP Code:
<?php

use CodeIgniter\Router\Exceptions\RouterException;

function url_to(string $controller, ...$args): string
{
    if(empty($_GET['ref'])){
        return original_url_to($controller, ...$args);
    }

    /* EXTRA CODE */
}

//This is a copy of the original CI4 url_to function
function original_url_to(string $controller, ...$args): string
{
    if(!$route route_to($controller, ...$args)){
        $explode explode('::'$controller);

        if(isset($explode[1])){
            throw RouterException::forControllerNotFound($explode[0], $explode[1]);
        }

        throw RouterException::forInvalidRoute($controller);
    }

    return site_url($route);


But I would prefer I didn't have to make a copy of the original function, but refer directly to the CI4 function instead,
How can do this?


  How to use Codeigniter with other framework?
Posted by: sr13579 - 04-22-2024, 02:17 AM - Replies (6)

I would like to use the database classes and methods in other PHP frameworks. I have an idea if I include the autolader from vendor it will work, but I can't find a tutorial about that. Could anyone please help me?


Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  

Latest Threads
SQL server connection not...
by falagar2k
36 minutes ago
How to use Codeigniter wi...
by kenjis
37 minutes ago
CVE-2022-40834 SQL Inject...
by kenjis
1 hour ago
Retaining search variable...
by pchriley
2 hours ago
Disable debug output in v...
by groovebird
3 hours ago
CI 4.5.1 CSRF - The actio...
by kenjis
5 hours ago
CodeIgniter v4.5.0 Releas...
by kenjis
5 hours ago
Cache best practice?
by BhambriRohunu
6 hours ago
Bug with sessions CI 4.5....
by InsiteFX
7 hours ago
Codeigniter Shield Bannin...
by kenjis
11 hours ago

Forum Statistics
» Members: 85,334
» Latest member: whsatano
» Forum threads: 77,578
» Forum posts: 375,997

Full Statistics

Search Forums

(Advanced Search)


Theme © iAndrew 2016 - Forum software by © MyBB