Bug in the Default System Template Script [solved]

Final comment! In the end the reason for the whole problem was a faulty Addon in my Firefox browser (Version 60.0.1 64 Bit in Win 7 64 Bit). Addon name: Web MIDI API Version

Sorry, to have bothered you but I was quite upset. The true reason for the described strange behaviour is NOT the default system template script but a somewhat corrupt installation of the CKEditorPlugin! I disabled this editor and switched over to the old fckphplist editor and - voila! Everything looks and works again as you would expect. I do not know what is wrong with my installation of the CKEditor Plugin but may be when I have calmed down I can repair it. So the night is over and I learned somthing. Good bye.

Original messages:

Dear developers,
this contribution is a little embarrissing. I can not really believe what i saw in the code. It is so rediculous that it may be somehow a local error on my machine or what else.
Nevertheless I re-installel phplist twice and then on another domain of mine completely new and the same result. Can you tell me what YOU see after an automated install ?

I added the default system template to the system as is intented and automated by just pressing one knob. Then I opened the template and switched to pure html code. There appeared a very very very long code for this tiny template AND this code consists almost exclusively of MIDI code, Right, code for a MIDI controller (Note on, Note off, etc.) many lines which you usually use for controlling musical gear. How can that happen? Ok, I occasinally work which such gear but never mingel code like this. And as I told I installed thrice and have to assume that this code is not mine. Can you please check this and tell me if I am going crazy?

I assume now that the creation of the system template by using the ‘defaultsystemtemplate.php’ in the admin directory interferes with some files (of the same name?) on my computer and thus unintended mingling of code is happening. So this might really be a local phenomenon. however, it should not happen. (phplist 3.3.1 to 3.3.3 was used. Can send this crazy code as I now assume you will not find it on your computer. Regards

Edit2: It is a true bug! In my fourth new installation the same phenomenon happened. When creating the default system template (dst) a lot of midi code supposedly from somewhere on my computer is added (…>/script>). I can delete this code completely and copy the raw true code from the defaultsystemtemplate.php and save it. This results in a surface as you would expect from the dst. But when you open up the html code all the useless MIDI code is there again. The same is true when you create a new template - same procedure - same result. Can you help me? I do not like to sent a lot of useless code to my subscribers. Though I do not know if this code is sent. Test mail code is confusing for me but do not detect the MIDI… Oh, what a mess… Regards, Rainer

Me, again. Sorry, but new development. I examined the emails in more detail: The whole useless code as descibed above IS actually transferred hidden but the HTML Email is displaying nothing only in text format are the system messages readible. This has now become a major trouble. I cannot use phplist in this way though everything seemed to work right. At the moment I cannot find the link between the building script for the default system template and my PC files - too many possibilities. I really need help or I have to look for other mail system. Your help is highly appreciated, Rainer

@Dain Without you showing what the extra html actually is, it is difficult to understand what you mean.
This is what I see when I edit the system template in ckeditor, which originates in defaultsystemtemplate.php


Yes, thats right, duncanc. But I get the message from the forum software: ‘Sorry, new users can’t upload files’. How can I show the code of the very long emails (as a result of this bug/wrong installation) in full length in text format (91.6 kB) overhere? It won’t fit in a small message or will it?

@Dain You can just copy part of it and paste that into a reply using the code button </>

Ok. but this is only a very short part of it after the header of the email and the message which was only visible in text format. The message board will not show more here. I have problems to copy it here… I had to substitute < and > by ( and ) for the html tags otherwise it won’t show up here. The original html only pops up at the very end of the code with some faults in it then.

Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

(script)navigator.requestMIDIAccess=3Dfunction(){if(typeof JZZ=3D=3D’undefi=
ned’)window.JZZ=3D(function _JZZ(){var i,o,t,e,r,n=3D"undefined"=3D=3Dtypeo=
f window?global:window,s=3D"0.4.8",u=3DDate.now||function(){return(new Date=
).getTime()},a=3Du(),h=3D"undefined"!=3Dtypeof performance&&performance.now=`

@Dain You should use the preformatted text button </> so that it is treated as plain text.

This html has nothing to do with phplist so there must be some other factor if the htm is being added whenever you edit a template. Does the same happen when you edit a campaign? Maybe some feature of your web browser is doing it.

Is the htm added only when using the ckeditor plugin, but not when using the fckphplist plugin?

If you send me a private message with the access details of your phplist then I can take a look.

1 Like

Yeah, this html code is not from phplist. It was created or better incorporated each time automatically when I tried to modify or even create a new system template. Even when I deleted all code and copy and paste the correct one. When I opened it again it was there. Then I realized that this was not the case with my first ever campaign where everything went well. So what had changed in the meantime? I upgraded from 3.3.1 to 3.3.3 but yesterday when I was in trouble I could also reproduce the same behaviour with an automated install on another domain with Version 3.3.1. So upgrading could not be responsible. Then while reading around a little I stumbled over earlier problems with the CKEditor (uncomplete installation or so) and it came into my mind that the editor is always responsible to organize the code of the system template and that there still is an easy to test alterternative the fckphplist editor. So I switched to this older editor and no problems anymore, solved. I would like to sent you a copy of the complete wrong system template code and a copy of the email it produced. Can you give me a hint how to send a private message from here or where to find your address?

@Dain To send a private message to someone just click their name or image, there is then a Message button on the right hand side.

But this looks to be something on either your pc or server, possibly malware but maybe interaction with some other package.

New development: I enabled the CKEditor again - as before, the false code reappeared. Then I changed the option for “Allow templates to be edited as full HTML pages” in the settings menu from Yes to No - and everything is alright. I did this several times with “No” in this option no wrong code anymore. I do not know what this means but I like the result.
I am on Win 7 64 Bit with Firefox 60.0.1 (64 Bit)
Edit: I also have to do this for “Allow messages to be edited as full HTML pages” (set to No)

@Dain Yes that is the difference between CKEditor and fckeditor, allowing the complete html page to be edited. So with “allow full page” set to no, then CKEditor removes a lot of elements, including that causing your problem.

But it doesn’t explain why all that code is being added. I still suspect some malware, which you need to find and remove. In the template that you sent everything in this range has been inserted by some other factor


Further, extra script elements have been added around the [CONTENT] and [FOOTER] placeholders, so this does not look to be accidental.

You are probably right. As yet no malware could be detected but scanners are still not perfect. I’ll see to it and if I find out something I will report it. Thanks @duncanc !

@duncanc Now, there is a solution! However, you already mentioned it in one comment. The browser. I tried Internet Explorer 11 - which I normally never use - no such faulty code present. That reminded me of my latest change I made in Firefox (latest uptodate version), I installed a Web MIDI API as new a Addon for managing the firmware of a device via MIDI within the browser which is a new festure to firefox but already established for Chrome. Sorry, I forgot about this new Addon.

@dain, as a developer, you should be aware that web extensions occasionally do inject code into the pages. That’s how they work.

The problem seems to be with the CKEditor that tries to pack all page content including the injected scripts from the extensions.

@sema You are right. But I am not really a developper just started with phplist for a small list on scientific topic and info. I am generally much concerned about data, control over it and good pratice. However, have to learn a lot. Thanks for reply!

I have just uploaded a new release of Web MIDI API extension.
It places comments around the injected code to make it less mystery for the debugging person.
And btw, the source code is available at https://github.com/jazz-soft/web-midi

I have tested the Web MIDI API extension with both CKEdit 4 and CKEdit 5 in standard configurations. Works perfectly with both.
There must be a problem in that specific CKEdit plugin used at phplist.

@sema Sorry to say this but I have installed the new Version of Web MIDI API Version and still get the same intrusion of MIDI code from my home PC into the default system template as before. Only if I disable the addon I get normal code. If you finally can deal with the problem I will appreciate it very much. However, I have no clue where to look for…