WordPress.org

Ready to get started?Download WordPress

Forums

LeagueManager
[resolved] New Update problem (22 posts)

  1. ohoud12
    Member
    Posted 1 year ago #

    The last for this plugin make a problem in capabilities.php and pluggable.php fils in wp-includes

    when i apply the new update all the site crashed i juste send a new fils to the server and all the things back to normal

    http://wordpress.org/extend/plugins/leaguemanager/

  2. stabiasport
    Member
    Posted 1 year ago #

    Help! I also update the plugin with the site and the control panel are no longer accessible, as do I delete the update and riavvere the site as before?

  3. matthewredican
    Member
    Posted 1 year ago #

    It happened to me too. To bring the website up quickly, I was able to rename the directory of the plugin to leaguemanager-1 (or whatever you want) in my file manager. That brings the website back up but it doesn't bring the LeagueManager back.

    I would appreciate if anyone can offer a solution to the LeagueManager plug-in without losing the data.

    Thanks in advance,
    Matthew

  4. matthewredican
    Member
    Posted 1 year ago #

    I also just found this post, which worked for me at http://www.BramptonFlames.com:

    Instead of adding a line to capabilities.php (where it will be overwritten by updates), I added this line right before require_once(ABSPATH . 'wp-settings.php'); in my wp-config.php file:

    require_once(ABSPATH . 'wp-includes/pluggable.php');

    I did this, changed the name of my plug-in directory back to leaguemanager and activated the plugin in the Admin Panel. All back to normal.

    A big thanks to Michael Dozark for his post. A year later, it is still helping!

    Matthew

  5. Marselo89
    Member
    Posted 1 year ago #

    Hi, I used the method of Michael Dozark, the site is back online, I activated the plug-in leaguemanager but it generated this error:

    Warning: file_exists () [function.file-exists]: open_basedir restriction in effect. File (/ var/www/html/wp-content/uploads/leaguemanager/thumb_log5.jpg) is not Within the allowed path (s): (/ :/ members States2) in / members / mysite / wp-content / plugins / leaguemanager / lib / core.php on line 298

    how can I find a solution?

    Marselo89

  6. hamdey
    Member
    Posted 1 year ago #

    Its totaly crash my site... Im lucky becouse I have a backupp...

  7. Marselo89
    Member
    Posted 1 year ago #

    I solved the problem:

    in core.php change line 313 from:

    trailingslashit return ($ _SERVER ['DOCUMENT_ROOT']). dirname (substr ($ file, strlen ($ _SERVER ['HTTP_HOST']) +8, strlen ($ file))). '/ thumb_'. basename ($ file);

    with:

    trailingslashit return ($ _SERVER ['ABSPATH']). dirname (substr ($ file, strlen ($ _SERVER ['HTTP_HOST']) +8, strlen ($ file))). '/ thumb_'. basename ($ file);

  8. weblegion
    Member
    Posted 1 year ago #

    This is not working for me @Marselo89. I get this error if i aply your fix: Parse error: syntax error, unexpected T_STRING, expecting T_VARIABLE or '$' in...

  9. Marselo89
    Member
    Posted 1 year ago #

    Have you edited before the wp-config.php file with the method of Michael Dozark?

  10. matthewredican
    Member
    Posted 1 year ago #

    weblegion,

    I used the Michael Dozark method and it worked perfectly. Did you combine this with one of the other suggestions above? I would suggest trying only one method at a time and reverting it to the original if it doesn't work. Then trying the next.

    There may be other variables preventing one method from working on an installation even if it worked on another (other plug-ins, patches etc).

  11. neoncs
    Member
    Posted 1 year ago #

    Marselo89:

    You change should be

    return trailingslashit($_SERVER['ABSPATH']) . dirname(substr($file,strlen($_SERVER['HTTP_HOST'])+8, strlen($file))) . '/thumb_' . basename($file);

    Not

    trailingslashit return ($_SERVER['ABSPATH']) . dirname(substr($file,strlen($_SERVER['HTTP_HOST'])+8, strlen($file))) . '/thumb_' . basename($file);

    Saying that even with the myconfig and this fix applied my site is still server 500 error.. Time to investigate

  12. weblegion
    Member
    Posted 1 year ago #

    The Michael Dozark method worked also for me. Thanks a lot for the support!

  13. weblegion
    Member
    Posted 1 year ago #

    @neoncs i noticed that mistake directly on the beginning and tried it out just like you posted. it didnt worked.

  14. ben52
    Member
    Posted 1 year ago #

    in lib/core php. on line 361
    you should close the div
    change:
    <div id='message' class='updated fade'><p>".$this->getMessage()."</p></div";
    to:
    <div id='message' class='updated fade'><p>".$this->getMessage()."</p></div>";

  15. neoncs
    Member
    Posted 1 year ago #

    Doing some further investigation the only changes made to this version to previous are actually the last few lines of code in the leaguemanager.php file.

    This change is to patch an SQL injection exploit. All the changes above are not required. I tested this by just changing the leaguemanager.php back to the previous version and all worked fine.

    The problem here is that with the old leaguemanager.php file is a security risk.

    Here is the fix from line 531: It is missing additional braces and semi colon.

    Change:

    if (current_user_can('manage_leagues')) {
    if ( isset($_POST['leaguemanager_export']) )
    $lmLoader->adminPanel->export((int)$_POST['league_id'], $_POST['mode'])
    ;
    }
    ?>

    TO:

    if (current_user_can('manage_leagues')) {
    if ( isset($_POST['leaguemanager_export']) ){
    $lmLoader->adminPanel->export((int)$_POST['league_id'], $_POST['mode']);
    }
    ;}
    ?>

  16. ben52
    Member
    Posted 1 year ago #

    Hi neoncs,
    i think that your change have a mistake on it,pls. check and correct
    thanks

  17. borellidesigns
    Member
    Posted 1 year ago #

    We also experienced the issue updating to version 3.8.1, where we could no longer access the WordPress dashboard (white screen of death).

    SOLUTION: Revert back to previous version (version 3.8) until author can address the latest release issue.

    Here is the link for previous verion: http://downloads.wordpress.org/plugin/leaguemanager.3.8.zip

    This fixed our site(s) without having to modify core WP files!!

  18. matthewredican
    Member
    Posted 1 year ago #

    @ weblegion,

    Glad it worked out.

  19. neoncs
    Member
    Posted 1 year ago #

    @ben52 ignore me and my solution.. i realised after that my plugin had deactivated. I will relook at this tonight.

    @borellidesigns This is leaving you open to a published exploit allowing someone to get your admin username and password. I would deactivate if you can until a solution is found.

  20. ben52
    Member
    Posted 1 year ago #

    An SQL Injection vulnerability exists in the league_id parameter of a function call made by the leaguemanager_export page. This request is processed within the leaguemanager.php:

    if ( isset($_POST['leaguemanager_export']))
    $lmLoader->adminPanel->export($_POST['league_id'], $_POST['mode']);

    Which does not sanitize of SQL injection, and is passed to the admin/admin.php page into the export( $league_id, $mode ) function which also does not sanitize for SQL injection
    when making this call: $this->league = $leaguemanager->getLeague($league_id);
    The information is then echoed to a CSV file that is then provided.

    Since no authentication is required when making a POST request to this page,
    i.e /wp-admin/admin.php?page=leaguemanager-export the request can be made with no established session.

    Fix:

    SOLUTION is: Revert back to previous version (version 3.8)
    A possible fix for this would be to cast the league_id to an integer during any of the function calls. The following changes can be made in the leaguemanager.php file:
    in the end of file change:

    $lmLoader->adminPanel->export($_POST['league_id'], $_POST['mode']);

    with:

    $lmLoader->adminPanel->export((int)$_POST['league_id'], $_POST['mode']);

    solution from: http://bot24.blogspot.it/2013/03/wordpress-leaguemanager-plugin-38-sql.html

    for me it's working.
    if you want to stop the advise of upload in wordpress change the version from 3.8 to 3.8.1 on top of the same file: leaguemanager php.

  21. Ameet Agarwal
    Member
    Posted 1 year ago #

    Hay guys, please try the method suggested by Michael Dozark. It has worked for me. And thanks Michael for the solution.

  22. LaMonte Forthun
    Member
    Plugin Author

    Posted 1 year ago #

    Fixed with v3.8.4

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.