Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Advice on upgrade path

Hi there,

I have a few sites running on 7.02.07 - these contain large forums with 1000's of posts, hundreds of users etc

Over the last few months we've been getting hammered with automated attacks and bots. Pen tests show that the vast majority of these flaws are in php itself & recommends updating to php 7.2.4 etc.

As a result, please can I get some input on the following questions:

  1. 1: Am i correct in saying Fusion 7 wont run on PHP7
  2. 2: Is fusion 9 stable enough for me to consider upgrading now?
  3. 3: Wordpress receives security updates almost weekly, there hasn't been security updates for fusion 7 for years - are there known vulnerabilities in fusion 7 that justify updating to 9?
  4. 4: Has fusion 9 undergone penetration testing?
  5. 5: Is there a revised ETA on fusion 9 going live?
  6. 6: Is PHP 7.2.4 supported by fusion 9?
Fusion 7.02.7 can ben run under PHP 7.1
I have not tested with higher versions of PHP

I have a few sites running under PHP 7.1 with fusion 7
PHP Fusion 9 fully support latest PHP 7
Hi there,

Thank you for the reply.

However, when i attempt to use 7.02.7 on PHP 7 i get fatal error because maincore.php:295 is trying to use the old mysql functions (mysql_connect).

Have you applied changes similar to this: https://www.php-fusion.co.uk/articles.php?article_id=49

Is there a better way?
I use the download from post#2, which can also be found here:
douwe_yntema attached the following file:
fusion702-fix_for_php7.zip [3.38MB / 167 Downloads]

Quote

1: Am i correct in saying Fusion 7 wont run on PHP7
2: Is fusion 9 stable enough for me to consider upgrading now?
3: Wordpress receives security updates almost weekly, there hasn't been security updates for fusion 7 for years - are there known vulnerabilities in fusion 7 that justify updating to 9?
4: Has fusion 9 undergone penetration testing?
5: Is there a revised ETA on fusion 9 going live?
6: Is PHP 7.2.4 supported by fusion 9?


1, There are no official releases yet but several mods around.
2, In the 9.0 version there was some upgrade glitches in forums that have all been fixed in the current Git.
The current Git is not stabilized enough for a public release yet but it contains a lot of fixes and improvements.
Since it is updated on a daily basis it can be a quite volatile version to rely on in public environments.
Once that one is released we should have a version that is well established, tested and quite solid as a result.
A lot of people do use the 9.0 version in their production sites today, just avoid upgrading if you have forums with the 9.0
3, 7 is quite solid since the 7.02.07 patch. There are some things that can be flagged at security risks but that would require Administrator access which in it self then could be a security risk, all semantics from that point of view.
4, All the time.
5, On this site?, Yes any day from today, final touches are made as we speak.
6, It has not yet been fully tested and verified on that version. 7.1 is known to be ok so it should work for most part. As with all new versions there might be issues ofc.
Hiya guys!

1. Gonna place a current 7.02.07 site on a temporary host with PHP 7.1.11
2. Patch it with PHP patch link above, including the characters utf8 patch in the other thread in this forum
3. See how it works

(Its a Swedish site so I would probably get utf db characters issue, which has a fix, and maybe a lot of localisation errors, which also has to be addressed).

Ideas or tips on this approach?

douwe_yntema wrote:

@douwe_yntema - I use the download from post#2, which can also be found here:

Hello. I found this after searching for a fix for PhP-Fusion v7.02.07 not running with PhP7.2. I am not familiar withy PHP or doing any coding, and followed the readme for upgrade and uploaded the fix files. My site is running on the fix but now none of my existing forum posts is visible to be read. When I click edit on any of the "blank" posts, the text is there, but even in the preview screen it does not show up. I'm not sure where to look to remedy this. Any ideas?
songiuno attached the following image:
forum-preview.jpg
I need to know wich PHP version you are using and where did you get the update package from PHP-fusion from?
I used the update file you had posted earlier 4 months ago, the one I replied to. I tried PHP7.0, 7.1 and 7.2. It seems only my forum thread posts are the issue. The actual text does not show up though the post itself is there and when I edit the posts, the content is still there.

My forums are http://www.sarusal.com/forum/index.php, going into any forum, select any thread, and none of the text in the posts and replies are visible.
Which version are you using? PHP-Fusion 7 or 9?
PHP-Fusion v7.02.07
Numbers of threads and views are displayed so the forum data is in your database. I guess it has something to do with an BB code not functioning. Can you please as a test swich off the BB codes one by one to see when the data on your forum is showing up? Then we know which one is faulty.
It could be more than one BB code, maybe switch them off all first.

Please come back after you have done this test.
This seems to get even more complicated. Per your recommendation, I went to disable bbcodes one by one. The disabled bbcodes section does nto show any disabled bbcodes listed even though there are. I disabled one of the enabled bbcodes (mail) and it disabled, but now also cannot see it in the disabled bbcode section to enable it again. Screenshot of the bbcodes admin screen is attached.
songiuno attached the following image:
bbcode-settings-page.jpg
There is an error in the admin part, I forgot,

Got to your site and edit folowing file:
http://www.yoursite.com/administration/bbcodes.php
arround line 170 find: $__BBCODE__ = "";

replace with $__BBCODE__ = [];

And upload the modified file to your webserver

douwe_yntema wrote:

@douwe_yntema - There is an error in the admin part, I forgot,

Got to your site and edit folowing file:
http://www.yoursite.com/administration/bbcodes.php
arround line 170 find: $__BBCODE__ = "";

replace with $__BBCODE__ = [];

And upload the modified file to your webserver

I followed your guidance and now I can see the disabled BBcode section. Now, however, as I began to disable each bbcode one at a time to troubleshoot the forum display issue, I'm finding that I cannot go back and enable bbcodes. Looking at error log, I see:

Error Date Status
administration/bbcodes.php
Undefined variable: __BBCODE__ Line: 141 August 18 2018 10:43
administration/bbcodes.php
Undefined variable: __BBCODE__ Line: 142 August 18 2018 10:43

I am assuming this is a related result of the earlier change in bbcodes.php?
Hmm,

I tested the modification on two different Sites running PHP-Fusion 7.02.07, One under PHP 7.1 and one under PHP 7.2, And I got no problems. I Investigated the code and the so called missing variable __BBCODE__ is filled from the bbcode_include_var.php files, which must be present for each BB-code.

I tested with some BB-Codes that comes with standard PHP_Fusion installation

Two questions arise:
1 - Is the problem not showing forum posts solved when you disable BB-codes?
2 - What BB-Code is it you are not able to enable again? Maybe this is the faulty BB-code we are looking for?

douwe_yntema wrote:

@douwe_yntema - Hmm,

Two questions arise:
1 - Is the problem not showing forum posts solved when you disable BB-codes?
2 - What BB-Code is it you are not able to enable again? Maybe this is the faulty BB-code we are looking for?

I have not yet gone thru all bbcodes to disable and check the forum. I started with the mail bbcode and then discovered the disabled bbcodes list was not displaying. making that correction you provided, I resumed disabling bbcodes. I disabled the bold [B] and italics [I] bbcodes first, and did not change my forum posts display. Upon trying to enable [B] and [I] I discovered that they will not enable now. So I have gone no further.
Congratulations!

You have found a bug in the solid as rock PHP-Fusion7.02.07!
What you did, you disabled the I and B BB-Code.
This are the only two BB-Codes with are 1 letter long. The others are longer e.g. [quote].
In the code is a section that checks the length of the BB-code, that has to be between 2 and 50 chars.
Well the B and I are the only ones that are shorter, so once disabled, you cannot enable them again.

Solution:
In te file: yourdomain.com/admininstration/bbcodes.php, around line 49 search for:

CodeDownload  
   } elseif (isset($_GET['enable']) && preg_match("/^([a-z0-9_-]){2,50}$/i", $_GET['enable']) && file_exists(INCLUDES."bbcodes/".$_GET['enable']."_bbcode_include_var.php") && file_exists(INCLUDES."bbcodes/".$_GET['enable']."_bbcode_include.php")) {



replace with:

CodeDownload  
   } elseif (isset($_GET['enable']) && preg_match("/^([a-z0-9_-]){1,50}$/i", $_GET['enable']) && file_exists(INCLUDES."bbcodes/".$_GET['enable']."_bbcode_include_var.php") && file_exists(INCLUDES."bbcodes/".$_GET['enable']."_bbcode_include.php")) {



The only difference is the number "2" in the preg_match parameters.

After this you can enable B and I BB-Codes.
Thank you!! I adjusted /administration/bbcodes.php to check for 1, 50 characters and was able to enable the single character bbcodes. I then began disabling each of the subsequent bbcodes and found the culprits. They were image alignment bbcode add-ons that I saw and grabbed a while ago somewhere on another Fusion support site to align images to text [img-l][/img-l] and [img-r][/img-r]. I disabled them and forum posts display now. Can't find the author of those bbcodes to check for update, too bad.

But thank you so much for the persistent help!
Thread Information
Author
Replies
24 posts
Views
3,951 times
Last Post
Last updated on 12 months ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Falk, songiuno, Homdax, Chan, heavencore, Harlekin, douwe_yntema, RobiNN