QUIQQER Core and QUIQQER Log Update - Chaos issues
QUIQQER is a multilingual content management system (CMS for short), which makes the realization and administration of your projects - be it web services, company websites, blogs or internet portals - easy and fast.
Repository
Bug Fixes
What was the issue(s)?
Today was one of those days where one problem after another followed.
In the QUIQQER core and in some modules some bugs were fixed which can spam the server quite fast.
First issue
- on every request, if debugging was off, a system wide log message was triggered
Second issue
- Page sorting sorted the pages in total chaos when they were moved (look at the new feature section, please)
Third issue
- deprecated plugin methods have been invoked to slow down the system
- All this in combination has made the log grow immeasurably.
Fourth issue
- It was visible when the system was last updated.
- Since we are very psitish about security problems, we fixed this immediately. It's not a bad bug, but still a first step for an attack.
What was the solution?
system wide log message was triggered
The basis of the problem was that the log levels were wrongly combined. This was only noticed during updates of PHP 7.2 and 7.3. Since php 7.2 and higher is a bit more pingent, this is extremely noticeable here.
As you can see here, instead of |, it was used &. This had the effect that the log levels were set to 0. By the combination with $errorlevel = error_reporting(); the system wide PHP setting was always used. This setting changes in Ubuntu versions with PHP 7.2.
deprecated plugin methods have been invoked to slow down the system
In combination with the log level chaos, this problem has now shoveled the logs full. Since version 0.9 the plugin objects were set to deprecated and replaced by a package object.
In the log module the old plugin methods were still used which tried to cache plugin module attributes. This caused every request to try to access a cache that never existed.
This was solved by removing all old plugin methods and replacing them with new package methods.
Example (wrong):
self::$logLevels = self::getPlugin()->getSettings('log_levels')
Example (correct):
self::$logLevels = self::getPackage()->getConfig()->get('log_levels');
It was visible when the system was last updated.
During the log chaos it was noticed that a caching flag for JavaScript files was used in the header. This flag makes sense because the browser does not reload the file every time, but after an update the browser should think it contains a new file. The problem with the flag was, it was the Unix timestamp of the last update.
As a quick fix this was solved with md5 sums. This is also not a final solution and we want to use internal hashing methods.
But first we have to check what the best way is here.
New Features
What feature(s) did you add?
The day was sprinkled from one issue to another. We noticed in our tests that when pages were moved, it produced sorting chaos. For users, it looked like pages were inserted randomly. Since the control of the page sorting has already its years behind it, we decided to completely refactor the interface.
How did you implement it/them?
The whole control now fits better into the general interface. and the user now has the ability to quickly set the sorting options by hand.
Before
After
Additionally we found the bug for the chaos sorting and the sorting error was fixed when the page received a new sorting index.
GitHub Account
All these patches and features are included in version 1.3 and we hope to be able to offer version 1.3 soon. We are still thinking about offering patches for the 1.2, here we keep you up to date. Forgive us if we kept it a little short. The day was long, the bugs were nasty but QUIQQER got a bit better again.
Thanks for reading
Hen, for PCSG Developers
Thank you for your contribution.
$errorlevel |= E_WARNINGself::getPackage()->getConfig(), doesgetPackage()returnnullsometimes?letorconstto replacevar.async/awaitto make your promises look nicer?$Parent->getAttribute('order_type')can be extracted as a variable.Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Chat with us on Discord.
[utopian-moderator]
Thanks for looking over it. Really. That helps a lot
Thank you for your review, @justyy! Keep up the good work!
Hi @pcsg-dev!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server
Hey, @pcsg-dev!
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!