Updates in EPV

Discussion forum for Extension Writers regarding Extension Development.
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28616
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Updates in EPV

Post by Paul »

Hi all,

We just merged some structural changes to EPV, which might cause issues with specific extensions. Please let us know, preferably in the tracker on github, if you notice any weird errors with our recent changes.

The changes are not yet live here at phpBB.com, we will wait a week or two with using this new version in the CDB. However, if you use travis with EPV you most likely will use this new version.

With this new version we now check for common SQL injection mistakes. This uses a regular expression that checks if you have a cast or have a sql_escape in your query. This might cause false positives, so please let us know when you see one.

If your build in travis is no longer working, see the needed changes to get it working again here: https://github.com/phpbb-extensions/aut ... /132/files
User avatar
RMcGirr83
Former Team Member
Posts: 22011
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Updates in EPV

Post by RMcGirr83 »

My travis builds are failing now
phpbb/epv dev-master requires php >=5.5.0
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28616
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul »

Yes, we changed the minimum required version to 5.5. You should update the travis.yml to run on php5.5

So, basicly at https://github.com/rmcgirr83/contactadm ... vis.yml#L8 just change 5.3 to 5.5 :)
User avatar
Sajaki
Registered User
Posts: 1390
Joined: Mon Mar 02, 2009 1:41 pm
Location: Amsterdam
Contact:

Re: Updates in EPV

Post by Sajaki »

hi, is this epv 5.5 requirement only for extensions targeting phpbb 3.2.1 ?
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28616
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul »

No, you can use it for 3.1 as well. Having epv require a higher php version doesn't mean your extension need thwt version.
User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 1645
Joined: Thu Apr 23, 2009 1:20 pm
Location: Stuttgart, Germany
Name: Christian
Contact:

Re: Updates in EPV

Post by Crizzo »

But the tests for lower than PHP 5.5 fails now, so we need to skip this tests completely or don't use the epv anymore?
My extensions for phpBB: CDB
German phpBB Support at www.phpbb.de
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28616
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul »

You need to run EPV on a php version of at least PHP 5.5. It still supports detecting PHP 5.3.3 stuff, so you can use it with 3.1.
User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 1645
Joined: Thu Apr 23, 2009 1:20 pm
Location: Stuttgart, Germany
Name: Christian
Contact:

Re: Updates in EPV

Post by Crizzo »

Ah, okay. :)
My extensions for phpBB: CDB
German phpBB Support at www.phpbb.de
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Updates in EPV

Post by 3Di »

After a long time I upgraded my travis set of files for TPOTM ext, according to the instruction.

Buids are failing with: The command "cd ../../phpBB3" failed and exited with 1 during .

My files:
https://github.com/3D-I/tpotm/blob/master/.travis.yml
https://github.com/3D-I/tpotm/blob/mast ... e-phpbb.sh

https://travis-ci.org/3D-I/tpotm/builds/273505822

May be I forgot something? TIA.
Last edited by 3Di on Sat Sep 09, 2017 6:13 am, edited 1 time in total.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Updates in EPV

Post by 3Di »

Seems like I am bound to fix everything, added also a new file and made those two executables (again).
https://github.com/3D-I/tpotm/tree/master/travis

With Git Bash I did:

Code: Select all

git update-index --chmod=+x travis/prepare-phpbb.sh
git update-index --chmod=+x travis/prepare-epv.sh
And yes, all of the tests passed now, just MariaDB is left with
The command "travis/setup-phpbb.sh $DB $TRAVIS_PHP_VERSION $NOTESTS" failed and exited with 100 during
The following packages have unmet dependencies:

mariadb-server : Depends: mariadb-server-5.5 (= 5.5.57+maria-1~trusty) but it is not going to be installed

E: Unable to correct problems, you have held broken packages.
https://travis-ci.org/3D-I/tpotm/jobs/273544275

Here I am stuck. :geek:
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28616
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul »

That error is not related to EPV, see here for the solution: viewtopic.php?f=461&t=2435961
User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 1645
Joined: Thu Apr 23, 2009 1:20 pm
Location: Stuttgart, Germany
Name: Christian
Contact:

Re: Updates in EPV

Post by Crizzo »

My extensions for phpBB: CDB
German phpBB Support at www.phpbb.de
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Updates in EPV

Post by 3Di »

Thanks guys, fixed.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Updates in EPV

Post by 3Di »

Seems like EPV warns on false positives too much, in one of my files throws a warning like that

Warning: Found potential SQL injection on line 71 in /lite/pia.php

here is the line 71

Code: Select all

AND user_avatar ' . $this->db->sql_like_expression($this->db->get_any_char() . 'ui-avatars' . $this->db->get_any_char()) . '
Which seems to me perfectly fine, considering also is often used in some of the phpBB's migrations.

May I go on or should I "fix" something and how? Thanks.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28616
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Updates in EPV

Post by Paul »

That check is known to result in false positives in specific cases, but we prefer to have a few false positives over stuff that gets missed. Please keep in mind that EPV is a tool to warn about possible issues, and not all messages are reason to fail pre validation.
Post Reply

Return to “Extension Writers Discussion”