Updates in EPV

Discussion forum for Extension Writers regarding Extension Development.
User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 23722
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Updates in EPV

Post by Paul » Fri Jul 14, 2017 2:46 pm

Hi all,

We just merged some structural changes to EPV, which might cause issues with specific extensions. Please let us know, preferably in the tracker on github, if you notice any weird errors with our recent changes.

The changes are not yet live here at phpBB.com, we will wait a week or two with using this new version in the CDB. However, if you use travis with EPV you most likely will use this new version.

With this new version we now check for common SQL injection mistakes. This uses a regular expression that checks if you have a cast or have a sql_escape in your query. This might cause false positives, so please let us know when you see one.

If your build in travis is no longer working, see the needed changes to get it working again here: https://github.com/phpbb-extensions/aut ... /132/files
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
RMcGirr83
Recognised Extension Developer
Posts: 20447
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Updates in EPV

Post by RMcGirr83 » Sat Jul 15, 2017 1:06 pm

My travis builds are failing now
phpbb/epv dev-master requires php >=5.5.0
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored

User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 23722
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul » Sat Jul 15, 2017 1:10 pm

Yes, we changed the minimum required version to 5.5. You should update the travis.yml to run on php5.5

So, basicly at https://github.com/rmcgirr83/contactadm ... vis.yml#L8 just change 5.3 to 5.5 :)
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
Sajaki
Registered User
Posts: 1323
Joined: Mon Mar 02, 2009 1:41 pm
Name: Andreas
Contact:

Re: Updates in EPV

Post by Sajaki » Sat Jul 29, 2017 9:53 pm

hi, is this epv 5.5 requirement only for extensions targeting phpbb 3.2.1 ?

User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 23722
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul » Sat Jul 29, 2017 10:05 pm

No, you can use it for 3.1 as well. Having epv require a higher php version doesn't mean your extension need thwt version.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 646
Joined: Thu Apr 23, 2009 1:20 pm
Location: Germany
Name: Christian
Contact:

Re: Updates in EPV

Post by Crizzo » Tue Aug 22, 2017 9:03 pm

But the tests for lower than PHP 5.5 fails now, so we need to skip this tests completely or don't use the epv anymore?
My extensions for phpBB: crizzo.de
German phpBB Support at www.phpbb.de

User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 23722
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul » Wed Aug 23, 2017 7:56 am

You need to run EPV on a php version of at least PHP 5.5. It still supports detecting PHP 5.3.3 stuff, so you can use it with 3.1.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 646
Joined: Thu Apr 23, 2009 1:20 pm
Location: Germany
Name: Christian
Contact:

Re: Updates in EPV

Post by Crizzo » Wed Aug 23, 2017 8:01 am

Ah, okay. :)
My extensions for phpBB: crizzo.de
German phpBB Support at www.phpbb.de

User avatar
3Di
Registered User
Posts: 11880
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milano - Frankfurt
Name: Marco
Contact:

Re: Updates in EPV

Post by 3Di » Sat Sep 09, 2017 12:41 am

After a long time I upgraded my travis set of files for TPOTM ext, according to the instruction.

Buids are failing with: The command "cd ../../phpBB3" failed and exited with 1 during .

My files:
https://github.com/3D-I/tpotm/blob/master/.travis.yml
https://github.com/3D-I/tpotm/blob/mast ... e-phpbb.sh

https://travis-ci.org/3D-I/tpotm/builds/273505822

May be I forgot something? TIA.
Last edited by 3Di on Sat Sep 09, 2017 6:13 am, edited 1 time in total.
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades

User avatar
3Di
Registered User
Posts: 11880
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milano - Frankfurt
Name: Marco
Contact:

Re: Updates in EPV

Post by 3Di » Sat Sep 09, 2017 6:11 am

Seems like I am bound to fix everything, added also a new file and made those two executables (again).
https://github.com/3D-I/tpotm/tree/master/travis

With Git Bash I did:

Code: Select all

git update-index --chmod=+x travis/prepare-phpbb.sh
git update-index --chmod=+x travis/prepare-epv.sh
And yes, all of the tests passed now, just MariaDB is left with
The command "travis/setup-phpbb.sh $DB $TRAVIS_PHP_VERSION $NOTESTS" failed and exited with 100 during
The following packages have unmet dependencies:

mariadb-server : Depends: mariadb-server-5.5 (= 5.5.57+maria-1~trusty) but it is not going to be installed

E: Unable to correct problems, you have held broken packages.
https://travis-ci.org/3D-I/tpotm/jobs/273544275

Here I am stuck. :geek:
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades

User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 23722
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul » Sat Sep 09, 2017 8:44 am

That error is not related to EPV, see here for the solution: viewtopic.php?f=461&t=2435961
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 646
Joined: Thu Apr 23, 2009 1:20 pm
Location: Germany
Name: Christian
Contact:

Re: Updates in EPV

Post by Crizzo » Sat Sep 09, 2017 10:21 am

My extensions for phpBB: crizzo.de
German phpBB Support at www.phpbb.de

User avatar
3Di
Registered User
Posts: 11880
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milano - Frankfurt
Name: Marco
Contact:

Re: Updates in EPV

Post by 3Di » Sat Sep 09, 2017 5:55 pm

Thanks guys, fixed.
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades

User avatar
3Di
Registered User
Posts: 11880
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milano - Frankfurt
Name: Marco
Contact:

Re: Updates in EPV

Post by 3Di » Thu Nov 09, 2017 5:46 am

Seems like EPV warns on false positives too much, in one of my files throws a warning like that

Warning: Found potential SQL injection on line 71 in /lite/pia.php

here is the line 71

Code: Select all

AND user_avatar ' . $this->db->sql_like_expression($this->db->get_any_char() . 'ui-avatars' . $this->db->get_any_char()) . '
Which seems to me perfectly fine, considering also is often used in some of the phpBB's migrations.

May I go on or should I "fix" something and how? Thanks.
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades

User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 23722
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul » Thu Nov 09, 2017 6:37 am

That check is known to result in false positives in specific cases, but we prefer to have a few false positives over stuff that gets missed. Please keep in mind that EPV is a tool to warn about possible issues, and not all messages are reason to fail pre validation.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

Post Reply

Return to “Extension Writers Discussion”

Who is online

Users browsing this forum: No registered users and 9 guests

cron