Forum Index

Board index » All Posts (trabis)

Re: Alumni 3.0 BETA 1 Released for Xoops 2.3.x
Just popping in
Just popping in

Same xoopstree.php problem, same risks of sql injection :(

You should use $myts->addSlashes and not $myts->htmlSpecialChars.

Posted on: 2008/10/25 12:04

Re: Classifieds 2.0 BETA 2 Released for Xoops 2.3
Just popping in
Just popping in

One more spot for sql injection in the contact form.

Posted on: 2008/10/25 11:39

Re: Classifieds 2.0 BETA 2 Released for Xoops 2.3
Just popping in
Just popping in

You are right, you can override just the methods if you extend a class.
I get no messages, just a blank page.
I did change all the references of xoopstree to xoopstree2 and all works fine. What else can I say.

I have another tip. There is danger of sql injection in the classifieds module. The submit form is not sanityzing well.

Anyone not using protector module is in serious danger.

Yet another tip. Please disable debugger on this site. It is revealing your table prefix. This is half way to get hacked.

Posted on: 2008/10/25 11:23

Re: Module disappears on Xoops 2.3.1
Just popping in
Just popping in

Posted on: 2008/10/25 10:26

Re: Classifieds 2.0 BETA 2 Released for Xoops 2.3
Just popping in
Just popping in

(Atention, extendedhtmlform is not working in this forum)

John, I have been testing the classifieds module and notice that it gets a blank page in the admin area when using the EXM Gui.

After a little time debuging I ended up in your xoopstree class. It seems that it is overwriting the original one and making EXM to crash.

Probably it would be better for you to rename xoopstree to something else to avoid conflicts.

I did not look at other modules but, if they use xoopstree then you may have the same problem there.


Posted on: 2008/10/25 10:22

Edited by trabis on 2008/10/25 11:01:30

Re: Search bug fixed.
Just popping in
Just popping in


john wrote:

for some reason when Xoops is looking for that page it can't tell what those tables are called by using the dirname, so we need to define them on this page.
This will also change the procedure for cloning this module. These steps will need to be added to the cloning process.



I happened to me in to.
You can add this line in your
$mydirname basenamedirnamedirname__FILE__ ) ) ) ;

Keep up your good work, sea ya!

Posted on: 2008/5/11 16:50




Remember me

Lost Password?

Register now!
Main Menu
Who's Online
5 user(s) are online (3 user(s) are browsing Forum)

Members: 0
Guests: 5

Make donations with PayPal!
Goal: $25.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $25.00