slims / slims7_cendana Goto Github PK

Ketika member yang mempunyai nama mengandung karakter ' (contohnya nur'aeni) memasukkan ID di visitor counter, ternyata record tidak masuk di database. Padahal di visitor counter sudah muncul "Nur'aini Sofiyah, thank you for inserting your data to our visitor log".

Dan setelah saya cek, ternyata hal tersebut sudah berlangsung dari sejak pertama saya menggunakan visitor counter (tahun 2010).

Dan saya cek untuk nama yang lain yang mengandung ' juga mengalami hal yang sama. Tapi hal tersebut tidak terjadi apabila visitor counter diisi oleh Nur'aini yang menjadi Non-Member (record masuk database) .Hal tersebut baru diketahui ketika saya dan Ido Alit membuat kustomisasi untuk memaksa setiap user agar mengisi visitor counter sebelum melakukan transaksi.

Solusi yang akhirnya ditemukan sementara oleh Ido Alit adalah menambahkan 1 baris script pada ./lib/contents/visitor_count.php

$member_name = preg_replace("/'/", "'", $member_name);

sehingga menjadi :

// if member is already registered
if ($_q->num_rows > 0) {
$_d = $_q->fetch_assoc();
if ($_d['is_expire'] == 1) {
$expire = 1;
}
$member_id = $_d['member_id'];
$member_name = $_d['member_name'];
$member_name = preg_replace("/'/", "'", $member_name); //added by Ido Alit feat. Awriel
$photo = trim($_d['member_image'])?trim($_d['member_image']):'person.png';
$_institution = trim($_d['inst_name'])?"'".$_d['inst_name']."'":'NULL';
$_checkin_date = date('Y-m-d H:i:s');
$_i = $dbs->query("INSERT INTO visitor_count (member_id, member_name, institution, checkin_date) VALUES ('$member_id', '$member_name', $_institution, '$_checkin_date')");
} else {

Mungkin SDC punya solusi lebih baik dari ini.

Terima kasih

apakah memungkinkan untuk merubah isian baku pada tipe koleksi dari "reference" menjadi "textbook"? karena dari dulu, isian baku untuk tipe koleksi adalah "reference", dan pengguna cenderung tidak mengganti isian tipe koleksi ini. KSKSS.

hello

i use slims5 and 7
when you want to print labels of books both of them do that
but if you change the call number they do not print new call number (they print old call number)
is there any one to help me

Tolong di tambahkan fiturnya mas biar kompatibel dg Zotero

slims cendana, ketika ada penulisan spt digambar terlampir dan klik opac xml result ada beberapa diperlukan penambahan element sehingga kedepan diharapkan tidak error.

terima kasih

Saya sudah melihat source code cendana. Ternyata setelah saya telaah, tidak ada satupun fungsi pemrosesan reservasi yang masuk ke database, hanya sekedar mengirimkan notifikasi via email ke pustakawan. Padahal ini adalah fitur yang dipajang di menu admin.

Maaf sebelumnya kalau ada yang terlewat.

Ketika upload photo keanggotaan, ekstensi file tidak muncul.

Sesuai laporan Ido Alit, menggunakan tanda / di dalam kolom judul menyebabkan error di output MODS XML.

<br />
<b>Notice</b>:  Undefined variable: _title_main in <b>/var/www/slims/lib/detail.inc.php</b> on line <b>272</b><br />

It would be very nice if I could change the server for a SRU look-up from "Library of Congress" to another, preferably in backend of senayan. I´m from germany, and there are no hits in library of congress fpr german (or even french, danish, polish,....) books.

hello
I want to have some Privileges based on locations
for example I have 3 locations and 3 users
user1 can lend only books from location 1 and...

can you help me? or write this?

thanks

gan, saya teknisi perpustakaan SMKN 1 Martapura, disini saya mau buat background senayan saya dengan fot-foto dan lambang sekolah saya.
klo buat ngedit di directori C dan menggunakan program notepad ++ bagaimana caranya, gan ?

Tidak terdapat tampilan informasi Lokasi Perpustakaan dan Lokasi Rak di SLiMS 7 Cendana ?

PHP Version 5.3.10-1ubuntu3.5
Apache/2.2.22 (Ubuntu) Server

Muncul :
Notice: unserialize(): Error at offset 2355 of 2595 bytes in /var/www/slims7_cendana/lib/utility.inc.php on line 83
dan tidak bisa login admin ketika setting php.ini

error_reporting = E_ALL & ~E_DEPRECATED

tapi ketika menggunakan

error_reporting = E_ALL & ~E_NOTICE

kembali normal

Hello, i'm a college student here and i need to use specifically this version of slims for my project, but i cant seem to install it somehow, this is what happens when i try to install it, can you help me please? thanks in advance^^

hello I am from Iran
How can I use persian calendar?
which files must be edit?
thanks for your help

Jika menggunakan MySQL 5.7.5 ke atas, muncul error pada modul "Sirkulasi > Daftar Keterlambatan".

ERROR
MySQL Server said : Expression #1 of ORDER BY clause is not in GROUP BY clause and contains nonaggregated column 'manggisid_perpus.l.due_date' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by

Hello maintainer(s),

I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.

We would like to report this vulnerability to you in a responsible and ethical manner.
Therefore, we do not want to disclose any details of the vulnerability publicly until you have had a chance to review and fix it.

Could you please let us know your prefered way of receiving security reports?

You can contact us at [email protected] or by replying to this issue.

Thank you for your attention and cooperation.

tanda terima sirkulasi masih menampilkan pesan galat. gambar terlampir.

have you guys downloaded the latest update of SLiMS 7 Cendana from github? we have make an additional pdf2swf for linux 64bit machine. previously, if you use a linux 64bit engine, your pdf attachment cannot be rendered by pdf2swf since previous pdf2swf tools was compiled within 32bit engine.

did the pdf2swf works fine, for first time installation? thank you :).

I used to work with slims5 on an old server

now I change my server and this warning appears

Warning: php_uname() has been disabled for security reasons in /home/pn3shira/public_html/lib2/lib/lang/php-gettext/gettext.inc on line 244

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/pn3shira/public_html/lib2/lib/lang/php-gettext/gettext.inc:244) in /home/pn3shira/public_html/lib2/index.php on line 35

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/pn3shira/public_html/lib2/lib/lang/php-gettext/gettext.inc:244) in /home/pn3shira/public_html/lib2/index.php on line 35

how can I fix the problem?

bagaimana cara rubah admin user. saya tidak menemukan menu untuk merubah admin user.

friend of mine have this idea. he wants to have user receiving email if they made reservations, and being noticed, also by email when that particular item he has reserved is available.

hello
I want to use encoding utf-8 for Persian data and have xls output for Title list in reporting .
how can I do this

Product: SLiMS 7 Cendana
Download: https://github.com/slims/slims7_cendana
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech

Advisory Details:
Multiple Cross-Site Scripting (XSS) were discovered in“SLiMS 7 Cendana latest version”, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in the “id” HTTP GET parameter passed to the “slims7_cendana-master/template/default/detail_template.php” and “slims7_cendana-master/template/default-rtl/detail_template.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
http://localhost/.../slims7_cendana-master/template/default/detail_template.php?id=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
(2)
http://localhost/.../slims7_cendana-master/template/default-rtl/detail_template.php?id=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22

hello
I use this software on a server. when I want to manage user groups under system module this message apear:
An appropriate representation of the requested resource

how can I solve this issue?

Hi, I'm in your 7 version open source found to detail_template.php this page parameter value ID does not filter in the output or filter or escape the input character to cause XSS

Affected Files:

/template/default-rtl/detail_template.php

Poc Payload：

http://site/template/default-rtl/detail_template.php?id=%22%3E%3Csvg/onload=alert(domain)%3E%22

Resolving: Filtering encoding or escaping

dear slim mimin,
saya cuma petugas migrasi website yg pake slim ke host baru www.pustakalana.org
saya lihat di new books, itu nunjuk images ke /images/docs
dimana saya ga ngerti, image nya kok ga ada di folder tsb. saya mikir bisa ga code nya di alter dan nunjuk ke CDN/server images nya slim biar selalu update?

saya telah memasukkan data baru, data bibiliografi film. lalu untuk itu, saya tambahkan tipe koleksi baru pada master file, video. data eksemplar tipe koleksi saya arahkan ke video. tapi entah kenapa, pada saat dilakukan pencarian di opac, tidak keluar pada hasil pencarian.

melakukan pencarian lewat pencarian spesifik

hasil pencarian tidak keluar pada opac

tapi kalo ngeliat lewat rss, judul texas chainsaw-nya keluar