PHP Melody Support

Author: admin

  • Fix Asterix in Comments

    The issue is caused by blank or spaces in the “Abuse prevention” configuration.

    To avoid the Asterix appearing, you can either check for blank spaces on this page, or just add a couple of words separated to solve the issue.

  • How to Fix Layout Issues

    If you’ve upgraded from v2.x to v3.x and experience layout issues such as duplicate icons (admin area) or slow load times in the front-end, please be sure to “purge your cache” from your CloudFlare account.

    If you don’t use CloudFlare, your webhost might be caching or compressing your CSS and JS files. Ask your webhost to purge the cache for your account.

    And if you still experience problems with the front-end layout, please delete the files from your /Smarty/templates_c/ folder.

     

     

  • How to Update the Social Links from your template

    Open footer.tpl form your current theme folder:

    /templates/{current theme}/

    Since it’s a basic HTML file, you can edit this file with any text editor.

    Find in file the list-social-sites CSS selector.

    You should be taken to the HTML responsible for your social links. It  should looks something like:

    <li><a href="#"><i class="fa fa-facebook"></i></a></li>
<li><a href="#"><i class="fa fa-twitter"></i></a></li>
<li><a href="#"><i class="fa fa-youtube"></i></a></li>
<li><a href="#"><i class="fa fa-instagram"></i></a></li>

    or

    <li><i class="fa fa-facebook"></i> <a href="#">Facebook</a></li>
<li><i class="fa fa-twitter"></i> <a href="#">Twitter</a></li>
<li><i class="fa fa-youtube"></i> <a href="#">YouTube</a></li>
<li><i class="fa fa-instagram"></i> <a href="#">Instagram</a></li>

    Replace # with your own social profile links.

    Save changes and re-upload the modified file into your theme folder:

    /templates/{current theme}/

  • PHP Melody Critical Vulnerability Fix (Aug 2017)

    PHP Melody websites running anything from v2.2 to v2.7.1 are vulnerable to SQL injection and should be patched immediately as instructed below. Alternatively, you can download the v2.7.2 update package form your Customer Account with us.

    To manually patch the issue, please open: /include/functions.php

    Find:

    	$id = ($list_id != false) ? $list_id : $list_uniq_id;
	$get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';

    Replace with:

    	if ($list_uniq_id != false && ctype_alnum($list_uniq_id) === false)
	{
		return false;
	}
	
	$id = ($list_id != false) ? (int) $list_id : secure_sql($list_uniq_id);
	$get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';

    Find:

    	$sql = "SELECT list_uniq_id 
			FROM pm_playlists 
			WHERE list_id = $list_id";

    Replace with:

    	$list_id = secure_sql($list_id);	
	
	$sql = "SELECT list_uniq_id 
			FROM pm_playlists 
			WHERE list_id = $list_id";

    Find:

    	$sql = 'SELECT * 
			FROM pm_playlists 
			WHERE user_id = '. $user_id;

    Replace with:

    	$user_id = secure_sql($user_id);
	
	$sql = 'SELECT * 
			FROM pm_playlists 
			WHERE user_id = '. $user_id;