[geeklog-devel] 1.5 Installer stuff

Joe Mucchiello joe at ThrowingDice.com
Thu Oct 11 22:41:31 EDT 2007

There's a bunch security vulnerabilities from older version of 
Geeklog where you could take over the site using php files that are 
not intended as URL target combined with register_globals on. So 
yeah, the language files should also probably have them too.

At 09:45 PM 10/11/2007, Oliver Spiesshofer wrote:
>Oliver Spiesshofer wrote:
>>Joe Mucchiello wrote:
>>>I put a / in the database prefix (by mistake) and received a 
>>>cryptic database error. That field should be validated.
>>>siteconfig.php needs the
>>>if (strpos ($_SERVER['PHP_SELF'], 'siteconfig.php') !== false) {
>>>     die ('This file can not be used on its own!');
>>>or a
>>>    header('location: index.php');
>taking a look at it now.... why? Should we do it with all the 
>languages files then also?
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net

Joe Mucchiello
Throwing Dice Games

More information about the geeklog-devel mailing list