Hello, Fabian, I just develop a pagination plugin for Feindura you could take a look at https://github.com/victorgavilan/feindura-flat-file-cms in the plugins folder.

If you like I can do a pull request to include it in the master feindura repository.

Another thing that I would like you take a look is the cookies branch in my fork repository of feindura. There I have added the posibility for the user to disabled the use of sessions and cookies in the front end. This is useful in some european countries where there is not allowed to install cookies without the autorization of the user that visit our site.

If you think it is right and want to include this changes into feindura I could do another pull request to the master or development branch.

i got a problem.
if i delete the htaccess it works, if i put it back it wont.

so the settings made in the htaccess wont work on the hoster one.com.

What can i do now

It would be great if you could add options to change "Page Url name" and "Category URL name" settings for each language in multi-language sites.

Hi,

XSS is possible in URL function that is available here:

The vector is:
javascript://www.xss.com?%0aalert%281%29

The regular expression you are using happily parse the above vector and attacker can execute JavaScript. The easiest fix would be instead of having a-z and A-Z in regular expression ... It should be something like http or https ...

Hello Developers,
with me is need for assistance and I have installed the latest version of Feindura.

It was a demo site package. I have renamed only the directory "feinduraDemoSite" in "Feindura". Now I have this error in the frontend.

Strict Standards: Non-static method StatisticFunctions::getCurrentCategoryId() should not be called statically, assuming $this from incompatible context in /www/htdocs/xxxxxxxx/feindura/cms/library/classes/FeinduraBase.class.php on line 325

Strict Standards: Non-static method GeneralFunctions::replaceLinks() should not be called statically, assuming $this from incompatible context in /www/htdocs/xxxxxxxxx/feindura/cms/library/classes/FeinduraBase.class.php on line 1150

Strict Standards: Non-static method GeneralFunctions::replaceSnippets() should not be called statically, assuming $this from incompatible context in /www/htdocs/xxxxxxx/feindura/cms/library/classes/FeinduraBase.class.php on line 1151

Who can help. Unfortunately I'm unable to continue.

Thank you in advance.

I'd like to see a option to disable the captcha in a contact form. It fails do appear where I installed it, and I don't need it. All others field are pretty easy to enable or disable in the settings. A option for the captcha would be great!

The header of the demo-site has no background color to the right of the window edge.

To reproduce, open the demo-site, resize the browser window to be much smaller than the site and scroll to the right.

I think the attached image makes it all clear.

using a callback function
in the config.
like
$pluginConfig['addImages_function'] = function() {};
?

the one i use now is scheisse, add a nice one.

Should allow to create categories which can't be found when using the search module.

change the feindura interface to ajax.
when changing things, like set the age status etc, always reload the by ajax, rather then reloading the whole page.

could be done easily?
loading the view, an putting it in the content div.

create a function called: loadContent()?

• Fiendura version: 2.0.7
• PHP Version: 5.6.35
• Apache Version: 2.4.33
• Operating system: microsoft windows v10

VULNERABILITY TYPE: cross-site scripting.

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source; the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

STEPS TO REPRODUCE:

1: login in Fiendura.
2: Go for creating a new page by clicking on the new page.
3: In the tags parameter, type the malicious javascript /default.aspx#"><img src=x onerror=prompt('0');>
4: The malicious javascript will be reflected in the browser.

PROOF OF CONCEPT:

Vulnerable URL: http://127.0.0.16/index.php?category=0&page=new
Vulnerable parameter: Tags
Malicious script: /default.aspx#"><img src=x onerror=prompt('0');>

1: enter the malicious javascript in the Tags parameter.

2: after entering the payload an XSS prompt will be reflected on the browser.

Submitted: Ritesh Kumar
Reference: https://www.owasp.org/index.php/Crosssite_Scripting_(XSS)

This is how the Feindura demo looks on my Safari / Mac OS X:

I cannot see most of the labels (in Web Inspector there are empty <span></span>).
The interface is too wide and doesn't fit in 1024px.
The header is too tall and I have to scroll down to see anything.

Apart from that, it is a very fast CMS. Merry Christmas!

Hi, developer!
Today I first time found your CMS, and fascinated how it looks very cute! Well, documented at user-view from first entrance to your site, fancy admin backend.
Nice work, but looks like this CMS not good for me. Yes, I understand that I need specific feature.
Did you think about remote publishing (xml-rpc) or content import feature?
Today blogging engines (if you decide your CMS need more blogging features) may come with remote publishing (xml-rpc). Windows Live Writer is free tool, many people use it now, especially for fancy image manipulation (shadows etc) and nice MS integration with many things.
Here is screenshot of xml-rpc client I use, in my case it is BlogJet: http://s019.radikal.ru/i638/1203/41/a6b6e0017737.jpg
At top-right you can see in drop-down menu I use few different accounts to post to. It is few different sites with different types of CMS.
Advantage of this technology - you can post more spam to web (not my case) or you can maintain blogs on different sites with different CMS. Not need to remember all the hell from all CMS using, just set-up CMS ones and forget about admin backend for content adding.

I think xml-rpc today really helps to publish content...

I have 2.0.7 installed on MS Server 2003, and all works well...except:
when in the admin panel and I expand the snippets or css divs, and select a file to edit, the page refreshes but nothing else happens and I never have the option to edit the file.
Help?

Thank you for your time and a wonderful product.

Jeremy Spaulding

Some small functions or adds to optimize feindura...

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in .../cms/library/classes/StatisticFunctions.class.php on line 307

Add the abbility to eg. create a site Stub (maybe within a Category) and than be able to use that in a Page as a Template.

An example :

I have a Page with a Discography. Everytime a new Album is released the Author has to update the Site.

I create a new Site in Category 'Layout Elements' with the Template for a Album entry.
If the Author has to add a new Album he then can select the Template in the editor and change all needed Content.

Any recommendation how to implement that Feature?

like the title says it

Hi,

I am trying to upgrade to the new version, but i get serveral issues.

1. Some functions being called should be declared as static in GeneralFunctions.class.php
2. When I try to upgrade the content the script stops working.
   In XAMPP it is showing the following logs

[Fri Jun 24 15:35:02.431980 2016] [core:notice] [pid 6168:tid 256] AH00094: Command line: 'c:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache' [Fri Jun 24 15:35:02.433980 2016] [mpm_winnt:notice] [pid 6168:tid 256] AH00418: Parent: Created child process 516 [Fri Jun 24 15:35:02.875980 2016] [ssl:warn] [pid 516:tid 268] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name [Fri Jun 24 15:35:03.136980 2016] [ssl:warn] [pid 516:tid 268] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name [Fri Jun 24 15:35:03.262980 2016] [mpm_winnt:notice] [pid 516:tid 268] AH00354: Child: Starting 150 worker threads.

On my WebSpace I can not see any logs, but the script is also interrupted.
Can I call the update manually?

I am updateing from 2.0.4 Build 1025 → 2.0.7 Build 1028

Hello!
I discovered Feindura only recently, when I was looking for a CMS for my small page. It looks nice and well designed to me, however I found some disadvantages which prevent me from using it for my tasks. I thought it would be useful to report them.
First of all, I want to build a multi-language website with the Russian as a primary language. However, Feindura does not let me choose the 'latin' page name for a page with a name in Russian. I believe, it would be convenient to have an ability to edit a link to the page by hand in such cases (although, the Unicode URLs are allowed nowadays as well, if I'm not mistaking).
The second disadvantage is the flash-based file upload only. It is inconvenient for the users like me, that do not use Flash-plugin. I wrote some of my thoughts about this problem in the 'Ideas' section here: https://getsatisfaction.com/feindura/topics/flash_free_file_upload

Unless these two issues are fixed or I find a way to work-around them, I cannot use Feindura for my web-site. Which is a pity, because I like Feindura look&feel very much!

Regards,
Vladimir

the regexp to replace the <img class="feindura..." also matches img tags without a class attribute.
If my page contains

<p>
some text
<img src="image1.jpg" />
<img src="image2.jpg" />
some more text
</p>
and some more text
<p>
<img class="feindurasnippet" />
</p>
after snippet

the resulting page after replacing the snippet is

<p>
some text
<<content of snippet>>
</p>
after snippet

While trying out feindura on my local system, I encountered the following error trying to access the admin interface (/cms):

[Wed Jun 12 16:14:50.852913 2013] [core:alert] [pid 6761] [client ::1:39466] /opt/lampp/htdocs/dev/feindura/feinduraDemoSite/cms/.htaccess: FilterProvider takes three arguments, filter-name provider-name match-expression

I'm running Apache/2.4.3 (Unix), and it seems that in version 2.4, the FilterProvider syntax has changed.

The directive is only in use in cms/.htaccess; commenting out the offending lines seems a viable workaround.

$ grep -Rn FilterProvider feinduraDemoSite
feinduraDemoSite/cms/.htaccess:126:  FilterProvider  COMPRESS  DEFLATE resp=Content-Type /text/(html|css|javascript|plain|x(ml|-component))/
feinduraDemoSite/cms/.htaccess:127:  FilterProvider  COMPRESS  DEFLATE resp=Content-Type /application/(javascript|json|xml|x-javascript)/

Ideally, the filters should of course work in new Apache versions, too.

each page created in feindura should have the option to be multi language, means adding different languages for the content, description and title.

have to be done manual, right know using the search class (see /library/classes/search.class.php)

I just saw a typo while browsing the source of a HTML file.

Plugin ContactForm generates class="chapta_..." but I think you meant Captcha?

"Completely Automated Public Turing test to tell Computers and Humans Apart"