Forum Index


Board index » All Posts (trabis)




Re: Alumni 3.0 BETA 1 Released for Xoops 2.3.x
#1
Just popping in
Just popping in


Same xoopstree.php problem, same risks of sql injection :(

You should use $myts->addSlashes and not $myts->htmlSpecialChars.

Posted on: 2008/10/25 12:04
Top


Re: Classifieds 2.0 BETA 2 Released for Xoops 2.3
#2
Just popping in
Just popping in


One more spot for sql injection in the contact form.

Posted on: 2008/10/25 11:39
Top


Re: Classifieds 2.0 BETA 2 Released for Xoops 2.3
#3
Just popping in
Just popping in


You are right, you can override just the methods if you extend a class.
However,
I get no messages, just a blank page.
I did change all the references of xoopstree to xoopstree2 and all works fine. What else can I say.

I have another tip. There is danger of sql injection in the classifieds module. The submit form is not sanityzing well.

Anyone not using protector module is in serious danger.

Yet another tip. Please disable debugger on this site. It is revealing your table prefix. This is half way to get hacked.



Posted on: 2008/10/25 11:23
Top


Re: Module disappears on Xoops 2.3.1
#4
Just popping in
Just popping in



Posted on: 2008/10/25 10:26
Top


Re: Classifieds 2.0 BETA 2 Released for Xoops 2.3
#5
Just popping in
Just popping in


(Atention, extendedhtmlform is not working in this forum)

John, I have been testing the classifieds module and notice that it gets a blank page in the admin area when using the EXM Gui.

After a little time debuging I ended up in your xoopstree class. It seems that it is overwriting the original one and making EXM to crash.

Probably it would be better for you to rename xoopstree to something else to avoid conflicts.

I did not look at other modules but, if they use xoopstree then you may have the same problem there.

Thanks.

Posted on: 2008/10/25 10:22

Edited by trabis on 2008/10/25 11:01:30
Top


Re: Search bug fixed.
#6
Just popping in
Just popping in


Quote:

john wrote:

for some reason when Xoops is looking for that page it can't tell what those tables are called by using the dirname, so we need to define them on this page.
This will also change the procedure for cloning this module. These steps will need to be added to the cloning process.

Thanks,

John


I happened to me in to.
You can add this line in your search.inc.php:
$mydirname basenamedirnamedirname__FILE__ ) ) ) ;


Keep up your good work, sea ya!

Posted on: 2008/5/11 16:50
Top



TopTop



Login
Username:

Password:

Remember me



Lost Password?

Register now!
 
Main Menu
 
Who's Online
5 user(s) are online (3 user(s) are browsing Forum)

Members: 0
Guests: 5

more...
 
Donat-O-Meter
Make donations with PayPal!
Stats
Goal: $25.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $25.00