Jump to content

A big last minute change, no warning (V6)

zomex

By zomex
in Feedback

 Share

Recommended Posts

zomex Senior Member

zomex

Posted
Posted

Hello all,

 

I'm not really one to complain but in V6 there was a big change made with no warning, in the last beta version the use {php} was enabled by default but in V6 it's disabled by default.

 

I can understand why it's disabled by default but to make that change last minute with absolutely no warning was not good to see from you guys.

 

Of course it can be enabled in the general settings > security but a lot of templates/modules/addons make use of this and seeing as it was enabled in the last beta version it's quite annoying to see this happen.

 

Jack

0
Link to comment
Share on other sites
zomex Senior Member

zomex

Posted
  • Author
Posted
Jack, are the Zomex Templates being modified to not use the {php} tag, I seem to recall there being security concerns around it

 

They use the {php} code for a couple of features, such as the gravatar integration, if there is enough support to remove this then I can easily remove the tags but I feel it's a good feature of the template.

 

All WHMCS installations have had it enabled since before this latest version so if it is a big security concern then every WHMCS installation would have been at risk. It's certainly more secure to have it disabled but I wouldn't call it a security concern unless it's miss-used or someone finds a way to exploit it such as has been done in the past using it in support tickets.

0
Link to comment
Share on other sites
  • WHMCS Support Manager
WHMCS John Senior Member

WHMCS John

Posted
  • WHMCS Support Manager
Posted

Hi,

On my installation and that of other user's I've reviewed thus far, the 'Allow Smarty PHP Tags' setting is On by default. This is the intended behaviour.

 

I'd be interested to hear if any other users have found it was set to Off by default for them.

0
Link to comment
Share on other sites
webio Senior Member

webio

Posted
Posted

I just started testing my production copy of WHMCS on my local development (I've copied WHMCS files and DB) machine with Dev license set in configuration file and after installation upgrade process I had allow smarty php tag set to off. I've updated WHMCS directly from 5.3.14 to 6.0.

0
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
Hi,

On my installation and that of other user's I've reviewed thus far, the 'Allow Smarty PHP Tags' setting is On by default. This is the intended behaviour.

 

I'd be interested to hear if any other users have found it was set to Off by default for them.

on my v6 dev site, it is still set as "On"... it was set as that in the first beta, and none of the other betas, RCs or the full version has changed that setting.

 

now what happens to that setting in a clean full v6 installation, or an upgrade from v5.3, I don't know. 106.gif

0
Link to comment
Share on other sites
zomex Senior Member

zomex

Posted
  • Author
Posted
Hi,

On my installation and that of other user's I've reviewed thus far, the 'Allow Smarty PHP Tags' setting is On by default. This is the intended behaviour.

 

I'd be interested to hear if any other users have found it was set to Off by default for them.

 

From what I've seen a lot of my customers have opened tickets missing this step from my upgrade guide so it looks like it's set to disabled for most people.

 

I believe the documentation also refers to it being disabled by default.

0
Link to comment
Share on other sites
SeanP Senior Member

SeanP

Posted
Posted
On my installation and that of other user's I've reviewed thus far, the 'Allow Smarty PHP Tags' setting is On by default. This is the intended behaviour.

 

I'd be interested to hear if any other users have found it was set to Off by default for them.

 

I just tried a new install (not an upgrade), and it was set to Off by default. However, it appears it being Off by default is the intended behavior according, to the release notes:

 

http://docs.whmcs.com/Version_6.0_Release_Notes_in_Brief

 

"One of the biggest changes to Smarty relates to the use of {php} tags within template files. This functionality is now disabled by default and must be explicitly enabled in Setup > General Settings > Security should you require it. We recommend using hooks for Templates and Custom PHP Logic."

0
Link to comment
Share on other sites
ttremain Junior Member

ttremain

Posted
Posted
Hi,

On my installation and that of other user's I've reviewed thus far, the 'Allow Smarty PHP Tags' setting is On by default. This is the intended behaviour.

 

I'd be interested to hear if any other users have found it was set to Off by default for them.

 

This was off, when I upgraded from 5.x to 6.0.0

0
Link to comment
Share on other sites
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept