-
Posts
2,742 -
Joined
Content Type
Downloads
Release Notes
IPS4 Guides
IPS4 Developer Documentation
Invision Community Blog
Development Blog
Deprecation Tracker
Providers Directory
Forums
Events
Store
Gallery
Posts posted by RPG-support
-
-
lazy demanding person says what ??
I do not know, I am busy with submitting to the Marketplace. I think you can answer your question yourself.
-
The project has a bug tracker for tracking bug reports: http://ipb.silvesterwebdesigns.com/tracker/project-2-member-map/
I am pretty sure that I do not have time to develop your project by visiting your resource. I am sure you can copy/paste bug reports to your site from here and then do the same for the bug fixes.
Anyway thank you for your addon. I am using it. -
Your code has completely removed the security aspect of the method, to make sure that the value is a floated value. It is the stock floatval() that adds the locale specific seperators, so in removing that it would appear to you that it's fixed but it will increase the chance that your database can be exploited via SQL injection.
You should better learn the class "public function compileInsertString( $data )" to be sure that there is no posibility of the sql injection in our fix of your bug.
You are calling:$this->dB->insert('member_map', array('member_id' => $this->memberData['member_id'], 'lat' => $this->_floatVal($this->request['lat']), 'lon' => $this->_floatVal($this->request['lon'])));
There is function call during the insert:$this->compileInsertString( in which there is: if ( $add_slashes ) { $v = $this->addSlashes( $v ); }
And addSlashes is called in mysql_real_escape_string which is preventing the sql injection.
About mysql data types:Mysql has many types for store digits. You should use DECIMAL(11, 8) to store lat & lng.
You are calling:$this->dB->insert('member_map', array('member_id' => $this->memberData['member_id'], 'lat' => $this->_floatVal($this->request['lat']), 'lon' => $this->_floatVal($this->request['lon']))); in classDbMySql.php prepeare data: public function insert( $table, $set, $shutdown=false ) { //----------------------------------------- // Form query //----------------------------------------- $dba = $this->compileInsertString( $set );
Go to classDb.php and you can see:foreach( $data as $k => $v ) { $add_slashes = 1; if ( $this->manual_addslashes ) { $add_slashes = 0; } if ( !empty($this->no_escape_fields[ $k ]) ) { $add_slashes = 0; } if ( $add_slashes ) { $v = $this->addSlashes( $v ); }
Go to classDbMysqlClient.php and you can see:Return ValuesReturns the escaped string, or FALSE on error.
So where do you see the posibility of SQL injection?!
PS. Russians are still better ;) -
-
I'll see what I can reproduce using the same settings, not sure of an ETA though.
Stuart
I have improved the problem myself with the help of my coder. You have some problems with your php coding style: there are 3 files instead of 1 with the floatVal.
To fix this problem and all future problems you may include (I give you free of cost permission.) the following changes to your code.
Files:
/admin/applications_addon/other/membermap/modules_public/membermap/map.php
/admin/applications_addon/other/membermap/modules_public/membermap/facebook.php
/admin/applications_addon/other/membermap/modules_admin/membermap/cmarkers.php
In all this files you should find:private function _floatVal($floatString) { $floatString = floatval($floatString); if($floatString) { $localeInfo = localeconv(); $floatString = str_replace($localeInfo["thousands_sep"], "", $floatString); $floatString = str_replace($localeInfo["decimal_point"], ".", $floatString); } return $floatString; }
And replace with:private function _floatVal($floatString) { if($floatString) { $localeInfo = localeconv(); $floatString = str_replace($localeInfo["mon_thousands_sep"], "", $floatString); $floatString = str_replace($localeInfo["mon_decimal_point"], ".", $floatString); $floatString = str_replace($localeInfo["thousands_sep"], "", $floatString); $floatString = str_replace($localeInfo["decimal_point"], ".", $floatString); $floatString = str_replace(' ', "", $floatString); $floatString = str_replace('`', "", $floatString); $floatString = str_replace(',', ".", $floatString); } return $floatString; }
Recommendations:
It is better to keep lat and lng in the database in float and format this data during the output. There is function nuber_format which more appropriate for this situations.
PS That is why you can not win Russian still :smile: -
Yes, version 2 will be the next update released, still, no ETA on that :D
What is the ETA? -
I'll see what I can reproduce using the same settings, not sure of an ETA though.
Stuart
I have everything possible in UTF-8:
- setting in conf_global.php for db connection;
- this setting for language;
- db tables and db data.
- ACP server setting. -
v2 is based on Bing Maps, the version on the demo site is for testing with live data.
Is v2 will be issued or what is v2?
Will I be able to use Bing map in future version? -
You can set the map to default to Hybrid mode by adding
map.setMapType(G_HYBRID_MAP);
Thank you. -
The problem was that certain locales use different values for the thousands seperator and decimal point, it would be interesting to see a screenshot of your languages page to see your locale settings.
I downloaded your addon may be 10 days ago. This is crytical for me since most of the users are using the Russian language.
-
I have two languages in the system. When I am adding the first custom marker on the video, the system is in the Russian language mode and the marker is set to the wrong place. When I am switching to the English mode and refresh the page with markers, the duplicate marker is created and it is in the right place.The string you enter to find an address is sent straight to Google for them to look up results, if you'd like to try that manually to see what they are sending for your query, you can visit this URL:
You can download the test video here: https://mega.co.nz/#!HI4F1ZIa!QI2NyEIRubA0jfBnwQHN_l0fs9hamKrGX_iyg-nB-8o
I would like that you improve this bug. -
You set demo link to http://ipb.silvesterwebdesigns.com/membermap/
This is Bing map, not the Google's one. How can I use Bing map with your addon? Is it the good idea to remove the demo link to the Bing map?
Is it possible to change the default map mode of the google map to hybrid mode? -
I don't see why you can't change the language strings on Trader Feedback System to make it more generic.
Thank you. -
I think your request to 'suspend' is crazy, I'm sorry that I've been out of the country (moving house) without any internet access. You expect far too much from a free app. Fortunately the community help by responding to support topics for these free apps. A lot of app developers depend on this help so they don't have to spend all of their time answering questions that are asked over and over and over.
I would like this addon to become paid to get better support and to avoid accusations. ;)
I am considering of purchasing your paid addon: Trader Feedback. Is it about buyers and sellers only, or it can be applied to the general members of the IP.Board? I saw only the following roles in the dropdown: buyer, seller, trader. Can it be changed so to use for general users reputation system with feedback? -
Guests cannot add their own location markers, since they are stored with the associated member id (which guests do not have).
You have permission settings for guests which are quite misleading. It is said in this setting that gueats are allowed to add, delete and change their location.
" alt="a40f3507cd4950f56e0d42386dfad5cc.jpg"> -
I tried in English, I have problem with adding custom markers in ACP for this address and ALL OTHERS. Meanwhile on the front-end there is no problem with this particular address but there are problems with other addresses. I think, this addon must be suspended since the author do not respond more than 1,5 month.
-
Do you have the problem I said with English for the place?
Gundicha Mandir, Puri, Odisha 752001, India
Do you have the same problems with English as language?
-
For example, I am adding my location, and I tried 3 times to get the proper placement:Getting wrong location on the map when adding either the personal location or custom marker:
Gundicha Mandir, Puri, Odisha 752001, India
and all other locations in Puri, India also goes wrong place - somewhere in the ocean.
Test.
I am using UTF-8 everywhere possible
Linux
PHP Version 5.3.14
MySQL Server 5.0.77
But then I am trying to make custom marker from the ACP, I am getting the wrong coordinates for the same place:
And, finally, sometimes both actions (personal location and custom marker) are wrong for any small location (not big city) in India. -
-
Getting wrong location on the map when adding either the personal location or custom marker:
Gundicha Mandir, Puri, Odisha 752001, India
and all other locations in Puri, India also goes wrong place - somewhere in the ocean.
Test.
I am using UTF-8 everywhere possible
Linux
PHP Version 5.3.14MySQL Server 5.0.77-log
-
-
I got the
Fatal error: Call to a member function mapTemplate() on a non-object in .../admin/applications_addon/other/membermap/modules_public/membermap/map.php on line 318
-
-
And you're wasting my time.
p.s. you should also learn to read, many of your questions were answered recently in this very topic.Try to be honest, genious. You did not write in the product descrition, that your hook will stop working on the May 19, 2013. For 3 years your are providing product with google api v2 support which will stop be supported by Google after 2 months. And you knew about that for 3 years since Google announced this just the same time your useless hook was issued.
And your product is not 100% language abstracted as you written on the title page. You are simply stealing the time.
And the last thing: I do not have to read 64 pages of comments and waste the time. Try to be usefull and update the product description on time instead of pushing everyone to read 64 pages of comments.
Trader Feedback System
in Marketplace
Posted
I am entering
but getting
Is it possible to manage this somehow to allow this type of links to posts instead of the topic itself?