slims / slims7_cendana Goto Github PK
View Code? Open in Web Editor NEWSLiMS 7 Cendana official source code repository
SLiMS 7 Cendana official source code repository
Ketika member yang mempunyai nama mengandung karakter ' (contohnya nur'aeni) memasukkan ID di visitor counter, ternyata record tidak masuk di database. Padahal di visitor counter sudah muncul "Nur'aini Sofiyah, thank you for inserting your data to our visitor log".
Dan setelah saya cek, ternyata hal tersebut sudah berlangsung dari sejak pertama saya menggunakan visitor counter (tahun 2010).
Dan saya cek untuk nama yang lain yang mengandung ' juga mengalami hal yang sama. Tapi hal tersebut tidak terjadi apabila visitor counter diisi oleh Nur'aini yang menjadi Non-Member (record masuk database) .Hal tersebut baru diketahui ketika saya dan Ido Alit membuat kustomisasi untuk memaksa setiap user agar mengisi visitor counter sebelum melakukan transaksi.
Solusi yang akhirnya ditemukan sementara oleh Ido Alit adalah menambahkan 1 baris script pada ./lib/contents/visitor_count.php
$member_name = preg_replace("/'/", "'", $member_name);
sehingga menjadi :
// if member is already registered
if ($_q->num_rows > 0) {
$_d = $_q->fetch_assoc();
if ($_d['is_expire'] == 1) {
$expire = 1;
}
$member_id = $_d['member_id'];
$member_name = $_d['member_name'];
$member_name = preg_replace("/'/", "'", $member_name); //added by Ido Alit feat. Awriel
$photo = trim($_d['member_image'])?trim($_d['member_image']):'person.png';
$_institution = trim($_d['inst_name'])?"'".$_d['inst_name']."'":'NULL';
$_checkin_date = date('Y-m-d H:i:s');
$_i = $dbs->query("INSERT INTO visitor_count (member_id, member_name, institution, checkin_date) VALUES ('$member_id', '$member_name', $_institution, '$_checkin_date')");
} else {
Mungkin SDC punya solusi lebih baik dari ini.
Terima kasih
apakah memungkinkan untuk merubah isian baku pada tipe koleksi dari "reference" menjadi "textbook"? karena dari dulu, isian baku untuk tipe koleksi adalah "reference", dan pengguna cenderung tidak mengganti isian tipe koleksi ini. KSKSS.
hello
i use slims5 and 7
when you want to print labels of books both of them do that
but if you change the call number they do not print new call number (they print old call number)
is there any one to help me
Tolong di tambahkan fiturnya mas biar kompatibel dg Zotero
Saya sudah melihat source code cendana. Ternyata setelah saya telaah, tidak ada satupun fungsi pemrosesan reservasi yang masuk ke database, hanya sekedar mengirimkan notifikasi via email ke pustakawan. Padahal ini adalah fitur yang dipajang di menu admin.
Maaf sebelumnya kalau ada yang terlewat.
Sesuai laporan Ido Alit, menggunakan tanda /
di dalam kolom judul menyebabkan error di output MODS XML.
<br />
<b>Notice</b>: Undefined variable: _title_main in <b>/var/www/slims/lib/detail.inc.php</b> on line <b>272</b><br />
It would be very nice if I could change the server for a SRU look-up from "Library of Congress" to another, preferably in backend of senayan. I´m from germany, and there are no hits in library of congress fpr german (or even french, danish, polish,....) books.
hello
I want to have some Privileges based on locations
for example I have 3 locations and 3 users
user1 can lend only books from location 1 and...
can you help me? or write this?
thanks
gan, saya teknisi perpustakaan SMKN 1 Martapura, disini saya mau buat background senayan saya dengan fot-foto dan lambang sekolah saya.
klo buat ngedit di directori C dan menggunakan program notepad ++ bagaimana caranya, gan ?
Tidak terdapat tampilan informasi Lokasi Perpustakaan dan Lokasi Rak di SLiMS 7 Cendana ?
PHP Version 5.3.10-1ubuntu3.5
Apache/2.2.22 (Ubuntu) Server
Muncul :
Notice: unserialize(): Error at offset 2355 of 2595 bytes in /var/www/slims7_cendana/lib/utility.inc.php on line 83
dan tidak bisa login admin ketika setting php.ini
error_reporting = E_ALL & ~E_DEPRECATED
tapi ketika menggunakan
error_reporting = E_ALL & ~E_NOTICE
kembali normal
hello I am from Iran
How can I use persian calendar?
which files must be edit?
thanks for your help
Jika menggunakan MySQL 5.7.5 ke atas, muncul error pada modul "Sirkulasi > Daftar Keterlambatan".
ERROR
MySQL Server said : Expression #1 of ORDER BY clause is not in GROUP BY clause and contains nonaggregated column 'manggisid_perpus.l.due_date' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by
Hello maintainer(s),
I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.
We would like to report this vulnerability to you in a responsible and ethical manner.
Therefore, we do not want to disclose any details of the vulnerability publicly until you have had a chance to review and fix it.
Could you please let us know your prefered way of receiving security reports?
You can contact us at [email protected] or by replying to this issue.
Thank you for your attention and cooperation.
have you guys downloaded the latest update of SLiMS 7 Cendana from github? we have make an additional pdf2swf for linux 64bit machine. previously, if you use a linux 64bit engine, your pdf attachment cannot be rendered by pdf2swf since previous pdf2swf tools was compiled within 32bit engine.
did the pdf2swf works fine, for first time installation? thank you :).
I used to work with slims5 on an old server
now I change my server and this warning appears
Warning: php_uname() has been disabled for security reasons in /home/pn3shira/public_html/lib2/lib/lang/php-gettext/gettext.inc on line 244
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/pn3shira/public_html/lib2/lib/lang/php-gettext/gettext.inc:244) in /home/pn3shira/public_html/lib2/index.php on line 35
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/pn3shira/public_html/lib2/lib/lang/php-gettext/gettext.inc:244) in /home/pn3shira/public_html/lib2/index.php on line 35
how can I fix the problem?
bagaimana cara rubah admin user. saya tidak menemukan menu untuk merubah admin user.
friend of mine have this idea. he wants to have user receiving email if they made reservations, and being noticed, also by email when that particular item he has reserved is available.
hello
I want to use encoding utf-8 for Persian data and have xls output for Title list in reporting .
how can I do this
Product: SLiMS 7 Cendana
Download: https://github.com/slims/slims7_cendana
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech
Advisory Details:
Multiple Cross-Site Scripting (XSS) were discovered in“SLiMS 7 Cendana latest version”, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in the “id” HTTP GET parameter passed to the “slims7_cendana-master/template/default/detail_template.php” and “slims7_cendana-master/template/default-rtl/detail_template.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
http://localhost/.../slims7_cendana-master/template/default/detail_template.php?id=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
(2)
http://localhost/.../slims7_cendana-master/template/default-rtl/detail_template.php?id=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
hello
I use this software on a server. when I want to manage user groups under system module this message apear:
An appropriate representation of the requested resource
how can I solve this issue?
Hi, I'm in your 7 version open source found to detail_template.php this page parameter value ID does not filter in the output or filter or escape the input character to cause XSS
Affected Files:
/template/default-rtl/detail_template.php
Poc Payload:
http://site/template/default-rtl/detail_template.php?id=%22%3E%3Csvg/onload=alert(domain)%3E%22
Resolving: Filtering encoding or escaping
dear slim mimin,
saya cuma petugas migrasi website yg pake slim ke host baru www.pustakalana.org
saya lihat di new books, itu nunjuk images ke /images/docs
dimana saya ga ngerti, image nya kok ga ada di folder tsb. saya mikir bisa ga code nya di alter dan nunjuk ke CDN/server images nya slim biar selalu update?
saya telah memasukkan data baru, data bibiliografi film. lalu untuk itu, saya tambahkan tipe koleksi baru pada master file, video. data eksemplar tipe koleksi saya arahkan ke video. tapi entah kenapa, pada saat dilakukan pencarian di opac, tidak keluar pada hasil pencarian.
melakukan pencarian lewat pencarian spesifik
hasil pencarian tidak keluar pada opac
tapi kalo ngeliat lewat rss, judul texas chainsaw-nya keluar
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.