Comments (9)
I believe r10 fixed these issues. Please test and let me know what you find out.
Original comment by ccagle8
on 1 Jan 2010 at 7:36
from get-simple-cms.
Original comment by ccagle8
on 1 Jan 2010 at 7:44
- Changed state: Fixed
from get-simple-cms.
Original comment by ccagle8
on 1 Jan 2010 at 7:45
- Changed state: Started
from get-simple-cms.
I haven’t tested r10 yet, but it seems to address the 2 currently known
issues.
Why can’t be check login credentials from any page and only from within the
admin folder?
Original comment by [email protected]
on 2 Jan 2010 at 2:49
from get-simple-cms.
its a problem going back to the define('DOCROOT') problem we had before. Since
I use
relative paths for everything, if I include the cookie_functions.php file into
a file
that is not in the default location, the relative paths break, making the
function
useless.
Plus, the more i thought about it, those two files weren't really "included"
files, so
there was no reason to have them in the /inc/ folder.
Original comment by ccagle8
on 2 Jan 2010 at 3:44
from get-simple-cms.
I'll be interested to see if this passes your "hack" test Martijn. Let me know
your
findings
Original comment by ccagle8
on 3 Jan 2010 at 1:12
from get-simple-cms.
r10 moved around files and stopped direct access to the vulnerable files.
However, it
again broke uploading through Uploadify.
The problem being the upload-ajax.php file cannot check whether someone is
logged in
when it is accessed by Uploadify. The fix would be to send along session/cookie
data
through the flash file. This will be looked at once the new login is working as
mentioned in issue 15.
Original comment by [email protected]
on 6 Jan 2010 at 4:41
- Changed title: Fix Uploadify vulnerability
- Changed state: Paused
from get-simple-cms.
Ok, i think i have it with r32. Can you guys please verify? Thanks!
Original comment by ccagle8
on 11 Jan 2010 at 5:57
- Changed state: Started
from get-simple-cms.
Original comment by ccagle8
on 17 Jan 2010 at 11:19
- Changed state: Fixed
from get-simple-cms.
Related Issues (20)
- update status redirects HOT 2
- Metad and keywords output filtering
- Language placeholders unchanged on "Save Settings" HOT 1
- Fix $kill notices on install.php HOT 5
- New menu Manager HOT 1
- Archive Backups not working on Windows hosts HOT 1
- pages missing files if parent file is missing
- deleting any file into the server HOT 4
- executing php functions from url HOT 3
- XSS on archive.php HOT 8
- CSRF Detected. HOT 1
- Site name encoding in backend and frontend HOT 1
- Template files aren't sorted in drop-down HOT 4
- Changing name of component doesn't focus the input HOT 1
- duplicate core functions HOT 1
- user-profile.php / GS 3.1.2
- !!!!! SVN MOVED TO GITHUB !!!!! HOT 1
- debug mode is always on if string in config file is just uncommented HOT 5
- i18n base translation
- adammm
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from get-simple-cms.