The issue is caused by blank or spaces in the “Abuse prevention” configuration.
To avoid the Asterix appearing, you can either check for blank spaces on this page, or just add a couple of words separated to solve the issue.
Category: Troubleshooting
-
How to Fix Layout Issues
If you’ve upgraded from v2.x to v3.x and experience layout issues such as duplicate icons (admin area) or slow load times in the front-end, please be sure to “purge your cache” from your CloudFlare account.
If you don’t use CloudFlare, your webhost might be caching or compressing your CSS and JS files. Ask your webhost to purge the cache for your account.
And if you still experience problems with the front-end layout, please delete the files from your /Smarty/templates_c/ folder.
-
PHP Melody Critical Vulnerability Fix (Aug 2017)
PHP Melody websites running anything from v2.2 to v2.7.1 are vulnerable to SQL injection and should be patched immediately as instructed below. Alternatively, you can download the v2.7.2 update package form your Customer Account with us.
To manually patch the issue, please open: /include/functions.php
Find:
$id = ($list_id != false) ? $list_id : $list_uniq_id; $get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';
Replace with:
if ($list_uniq_id != false && ctype_alnum($list_uniq_id) === false) { return false; } $id = ($list_id != false) ? (int) $list_id : secure_sql($list_uniq_id); $get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';Find:
$sql = "SELECT list_uniq_id FROM pm_playlists WHERE list_id = $list_id";
Replace with:
$list_id = secure_sql($list_id); $sql = "SELECT list_uniq_id FROM pm_playlists WHERE list_id = $list_id";
Find:
$sql = 'SELECT * FROM pm_playlists WHERE user_id = '. $user_id;
Replace with:
$user_id = secure_sql($user_id); $sql = 'SELECT * FROM pm_playlists WHERE user_id = '. $user_id;
-
PHP Melody Critical Vulnerability Fix (Jan 2017)
PHP Melody releases before January 26th 2017 are vulnerable to SQL injection and should be patched immediately.
In case you cannot use the official package to update your PHP Melody website(s), simply apply the following changes to patch your site against intrusion. Updating is still required but can be safely postponed to a later date.
Open file: /comment.php
Find:
$user_id = $_POST['user_id'];
Replace with:
$user_id = 0;
If you have Mobile Melody installed:
Open file: /mobile/comment.php
Find:
$user_id = $_POST['user_id'];
Replace with:
$user_id = 0;
For PHP Melody versions v2.5 and later, phpmailer can be easily updated as well.
Download phpmailer.zip and replace your existing /include/phpmailer/ folder with the one form the zip archive.
These two code patches should provide adequate security to your PHP Melody website(s). We do however recommend updating to the latest PHP Melody version to fix any pending bugs.
To download the complete update packages visit your customer account with us. To patch this critical vulnerability, you need to run at least PHP Melody v2.7.1.
-
Disable CSRF
PHP Melody uses CSRF protection by default. If you experience the following error message in your back-end, please consider disabling CSRF:
Invalid token or session expired. Please load this page from the menu and try again.
Here’s how to do it:
