[geeklog-devel] 1.5 Installer stuff

Joe Mucchiello joe at ThrowingDice.com
Thu Oct 11 22:41:31 EDT 2007

Previous message: [geeklog-devel] 1.5 Installer stuff
Next message: [geeklog-devel] 1.5 Installer stuff
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There's a bunch security vulnerabilities from older version of
Geeklog where you could take over the site using php files that are
not intended as URL target combined with register_globals on. So
yeah, the language files should also probably have them too.

At 09:45 PM 10/11/2007, Oliver Spiesshofer wrote:

>Oliver Spiesshofer wrote:

>>Joe Mucchiello wrote:

>>>I put a / in the database prefix (by mistake) and received a

>>>cryptic database error. That field should be validated.

>>>

>>>

>>>siteconfig.php needs the

>>>

>>>if (strpos ($_SERVER['PHP_SELF'], 'siteconfig.php') !== false) {

>>> die ('This file can not be used on its own!');

>>>}

>>>

>>>or a

>>>

>>> header('location: index.php');

>>noted.

>taking a look at it now.... why? Should we do it with all the

>languages files then also?

>

>Oliver

>_______________________________________________

>geeklog-devel mailing list

>geeklog-devel at lists.geeklog.net

>http://eight.pairlist.net/mailman/listinfo/geeklog-devel

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com

Previous message: [geeklog-devel] 1.5 Installer stuff
Next message: [geeklog-devel] 1.5 Installer stuff
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list