yaron1 wrote:

I have problem with using the dnn forum for the UDT.  I get an error when i open the forum for the UDT.

The project forums on DotNetNuke.com have been updated, please try again.

This Problem is not fixed in Version 3.02.00.  At my last visit in the bug blog i think to have read it will be fixed on version 3.2.2 ?

Regards

Matthias

Matthias,

we will correct this error in the NEXT version of UDT (3.2.1). Please note, that the modules are released separately from the core, so do not expect UDT 3.2.1 to be a part of DNN 3.2.2.

Sebastian

Hello Sebastian,

I know, sorry mistyped by the numbers.  And the last replay was for Canthal.

Thanks

Matthias

 

leupold wrote:

This has shortly been noticed to be an issue (see http://support.dotnetnuke.com/Default.aspx?p=15&i=2197) and will hopefully been fixed in the next version of UDT.

We just released a new version (1.1.3) of gammacon.UserDefinedTable, where this issue is fixed and even other enhancements are available:

- additional information per record: created by, created at, last updated by, last updated at.

You can download the module for free from DeutschNetNuke = DotNetNuke in German.

Thank you Sebastian,

for this great Xmas-Present !  I have changed all UDT uto your new Version and the WhatsNew Module works perfectly.

A geat new year to you and your Team!

Matthias

Are there any fixes or recommendations for fixes on this security issue?  I was shocked to see a link to a secured module show up to all users and it just so happened that an administrative password was in the first few characters.  I really like this module and feel it adds a lot of value to my company's intranet, however it looks like I won't be able to use it if I can't work around this issue.

prussra wrote:

I'm also having security issues...seems that all module content is returned into the WhatsNew module, regardless of the originiating module's security permissions...

say for instance I place a HTML/Text module on a page with viewing limited to registered users only...that new module's content will appear on the WhatsNew module when viewing as a non-registered viewer.  So content in modules limited to admins appears to non-admins through the WhatsNew module.

Otherwise...great job!

Sorry, I forgot to include the quote on my last post.  This is the security issue I was referring to...

Whats the news on the security issue in the Whats New module ?

Has this been fixed ?

The security issue is also a problem for us. DNN Search properly filters results based on roles but What'sNew drops the drawers on your site and gives the whole world a look at, well, What'sNew.

Otherwise a really useful module for giving an indication of the pulse of the site.

Sounds like the module's developers needs to step up to the plate and fix this issue.  It's a great module and lots of people want to implement it but not without this security risk that can - as another poster in this thread stated - "drop the drawers" on your site.

I have painstakingly implemented a so-so solution to workaround this issue.  It may not be the best way of doing it and look forward to others innovating on the idea.

My thought was to edit the stored procedure WhatsNew_GetNewStuff by adding in some lines to exclude certain pages and/or modules from even appearing on the page.

Edit this section and add in the bold:

 

SET ROWCOUNT @MaxNumber
SELECT si.SearchItemID,
   si.ModuleID,
   t.TabID,
   si.Title,
   u.FirstName + '  ' + u.LastName As Author,
   si.Description,
   si.PubDate,
   si.SearchKey,
   si.Guid,
   si.ImageFileId
FROM dbo.dnn_SearchItem si
 INNER JOIN #TempTable t ON si.SearchItemID = t.SearchItemID
 LEFT OUTER JOIN dbo.dnn_Users u ON si.Author = u.UserID

WHERE
 -- Exclude pages you don't want to appear
 TabID <> '61'  -- account info page
 AND TabID <> '78'  -- login page
 AND TabID <> '80'  -- search page
 -- etc

 -- Exclude modules you don't want to appear
 AND ModuleID <> '415'  -- comment module
 AND ModuleID <> '416'  -- instruction module
 AND ModuleID <> '442'  -- footer module
 -- etc

 -- This is ecktwo's recommendation per http://www.innovatasites.com/ecktwo/tabid/1491/Default.aspx
 AND si.SearchKey not like '%' + cast(si.moduleid as nvarchar(100)) + '%'

ORDER BY si.PubDate DESC
GO

 

Comment the exclusions so you can easily edit the stored procedure in the future.  Granted, this will not work quite so easily on sites that have lots of content not viewable by the public.

My point here is to merely offer a workaround that others may be able to improve upon.

Yeah, that darn developer really needs to step up, what a jerk... oh wait... that's me...

Sorry for my lack of response, somehow it seems all my e-mail subscriptions in the forums went away... and thus I've been living happily in quiet oblivion which works out well since I just had my first child 10 days ago.

The proper solution would be to modify the WhatNew_GetNewStuff stored procedure to do some more joins to ModulePermissions based on ModuleID and then UserRoles based on UserID and then only return items where the two sets intersect. The problem is that your dealing with Many-Many-Many relationship there and it's a pain in the keyster as there's no good function for Intersects so you got to play with "IN" and temp tables and whatnot. It'd be best to do it as a function to keep it nice and clean. It's doable, but I just don't have time right now.

Alternatively, the result set could be pre-filtered in the code-behind... not as pretty but probably easier to right and I believe that's how the Search module does it.

If someone else wants to give it a go, I'd be happy to incorporate changes into the module and give proper credit to whoever.

Hi all.

And thanks for a great module. It was a bit of sadness that it would NOT work with the newest DNN and SQL 2005. The script in Categories module fails when installing it, and therefore the Articles module is not working..

StartJob Registering DesktopModule
Info Registering Definitions
Failure ExceptionSystem.Data.SqlClient.SqlException: Violation of UNIQUE KEY constraint 'IX_ModuleDefinitions'.
Cannot insert duplicate key in object 'dbo.ModuleDefinitions'.

The statement has been terminated. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlDataReader.ConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteScalar() at Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteScalar(SqlConnection connection, CommandType commandType, String commandText, SqlParameter[] commandParameters) at Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteScalar(String connectionString, CommandType commandType, String commandText, SqlParameter[] commandParameters) at Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteScalar(String connectionString, String spName, Object[] parameterValues) at DotNetNuke.Data.SqlDataProvider.AddModuleDefinition(Int32 DesktopModuleId, String FriendlyName, Int32 DefaultCacheTime) at DotNetNuke.Modules.Admin.ResourceInstaller.PaDnnInstallerBase.RegisterModules(PaFolder Folder, ArrayList Modules, ArrayList Controls) at DotNetNuke.Modules.Admin.ResourceInstaller.PaDnnInstallerBase.Install(PaFolderCollection folders) at DotNetNuke.Modules.Admin.ResourceInstaller.PaInstaller.Install() 
 
 -----------------------

Regards, Jarmo

Not sure why you're posting this to the What's New module thread but... Both Articles and Categories should work fine against DNN 4 and SQL 2005. I've tested both on multiple installs.

I have received the above errors on various installs of other modules that should work fine. I'm not really sure what causes it and don't have time to do the research at this point. I'd recommend searching the forums and trying to find that error.

Thanks for a great working module, but I have a small request.
Is it possible to incorporate RSS functionality so that users can subscribe to one feed for the entire portal?

Thanks,
Chris