0

Hi
I am not getting any response from the Cutenews forum. So perhaps Daniweb experts can help me. I have a couple of websites that have a Cutenews version 1.4.6 search form working. For my latest website I decided to use cutenews 2.0.2. As far as possible I have made use of the code that I have already used. I am stuck with an issue PHP based.

The message I am getting: "Cutenews has detected that you are using show_news.php using the URL to the this file . . ."

But I am not including show_news.php I am including search.php

<div id="sitesearch">
         <form action= "sitesearch.php" method="get"> <!-- sitesearch.php is my news search results page -->
        <input type="text" name="story" size="28">
        <input type="hidden" name="dosearch" value="yes">
        <input type="submit" value="Search" style="height: 26px">
      </form>
                </div> <!-- site search -->
                        <!--webbot bot="HTMLMarkup" startspan --><?php
      if((isset($_POST['do']) && $_POST['do'] == 'search')
      or (isset($_GET['dosearch']) && $_GET['dosearch'] == 'yes')){  
      $subaction = 'search';  
      $dosearch = 'yes';  
            } ?><!--webbot bot="HTMLMarkup" endspan -->

The relevant section of sitesearch.php is included below

<?php
include('cutenews/search.php');
?>

Theres's a beer in it for a solution :)

Thanks

 Thanks

Edited by ggeoff: typos

2
Contributors
4
Replies
21
Views
2 Years
Discussion Span
Last Post by ggeoff
0

Hi,

are you accessing the website through the IP? I ask this because the function that checks the path is this:

// Since 2.0: security reason
function check_direct_including($incln)
{
    global $PHP_SELF;
    $Uri = '//'.dirname( $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
    if (strpos(getoption('http_script_dir'), $Uri) !== false && strpos($PHP_SELF, $incln) !== false)
        die(proc_tpl('help/manual/wrong_include', array('category' => REQ('category','GPG'))));
}

As you see, it is using $_SERVER['HTTP_HOST'] to populate the $Uri variable and the getoption() function to extract the correct path to the file.

Now: if you access the website through the IP address the browser will not set the HTTP_HOST variable, yes this even if is declared as $_SERVER variable is set by the client, and so the check could fail.

If you want a better control I would suggest to patch it by using $_SERVER['SERVER_NAME'], this value is defined in the VirtualHost section of your Apache configuration file.

Code reference: https://github.com/CuteNews/cutenews-2.0/blob/master/core/core.php#L2059

0

thanks cereal. I don't know about the IP. I have Cutenews installed on a Fasthosts Unix server together with my web site files and folders. I can just about use basic PHP and can modify simple statements.

Edited by ggeoff: added info

0

Ok, by writing include('cutenews/search.php'); you define the position of the search script in relation with the calling script, so if you have:

/calling.php
/cutenews/search.php

it will work, but if this is the situation:

/cutenews/calling.php
/cutenews/search.php

Or something different, like this:

/other/calling.php
/cutenews/search.php

It will fail. If the cutenews directory is in the document root of the web server then try:

`include($_SERVER['DOCUMENT_ROOT'] . '/cutenews/search.php');`

This will generate an operative system absolute path. When the include function fails you should see a warning, check the error reporting level or, while debugging, set it to -1:

It should help to fix the issue.

0

Thanks cereal,

I have tried to get further. I get a blank screen, using php() I find the dislpay_errors is set to off. I don't know how to set it to on. Fasthost sites are uploaded to htdocs. Is htdocs the document root? At present I have:

<?php
    //include('cutenews/search.php');
    phpinfo();
    include($_SERVER['DOCUMENT_ROOT'] . '/cutenews/search.php');
    //int error_reporting ([ int $level -1] );
      ?>

This outputs the PHP info and underneath the Cutenews error message "Cutenews has detected that you are including show_news.php using the URL to the file this is incorrect . . "

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.