QUIQQER is a multilingual content management system (CMS for short), which makes the realization and administration of your projects - be it web services, company websites, blogs or internet portals - easy and fast.
What was the issue(s)?
Today was one of those days where one problem after another followed.
In the QUIQQER core and in some modules some bugs were fixed which can spam the server quite fast.
- on every request, if debugging was off, a system wide log message was triggered
- Page sorting sorted the pages in total chaos when they were moved (look at the new feature section, please)
- deprecated plugin methods have been invoked to slow down the system
- All this in combination has made the log grow immeasurably.
- It was visible when the system was last updated.
- Since we are very psitish about security problems, we fixed this immediately. It's not a bad bug, but still a first step for an attack.
What was the solution?
system wide log message was triggered
The basis of the problem was that the log levels were wrongly combined. This was only noticed during updates of PHP 7.2 and 7.3. Since php 7.2 and higher is a bit more pingent, this is extremely noticeable here.
As you can see here, instead of
|, it was used
&. This had the effect that the log levels were set to 0. By the combination with
$errorlevel = error_reporting(); the system wide PHP setting was always used. This setting changes in Ubuntu versions with PHP 7.2.
deprecated plugin methods have been invoked to slow down the system
In combination with the log level chaos, this problem has now shoveled the logs full. Since version 0.9 the plugin objects were set to deprecated and replaced by a package object.
In the log module the old plugin methods were still used which tried to cache plugin module attributes. This caused every request to try to access a cache that never existed.
This was solved by removing all old plugin methods and replacing them with new package methods.
self::$logLevels = self::getPlugin()->getSettings('log_levels')
self::$logLevels = self::getPackage()->getConfig()->get('log_levels');
It was visible when the system was last updated.
As a quick fix this was solved with md5 sums. This is also not a final solution and we want to use internal hashing methods.
But first we have to check what the best way is here.
What feature(s) did you add?
The day was sprinkled from one issue to another. We noticed in our tests that when pages were moved, it produced sorting chaos. For users, it looked like pages were inserted randomly. Since the control of the page sorting has already its years behind it, we decided to completely refactor the interface.
How did you implement it/them?
The whole control now fits better into the general interface. and the user now has the ability to quickly set the sorting options by hand.
Additionally we found the bug for the chaos sorting and the sorting error was fixed when the page received a new sorting index.
All these patches and features are included in version 1.3 and we hope to be able to offer version 1.3 soon. We are still thinking about offering patches for the 1.2, here we keep you up to date. Forgive us if we kept it a little short. The day was long, the bugs were nasty but QUIQQER got a bit better again.
Thanks for reading
Hen, for PCSG Developers