[geeklog-devel] 1.5 Installer stuff
Joe Mucchiello
joe at ThrowingDice.com
Thu Oct 11 22:41:31 EDT 2007
There's a bunch security vulnerabilities from older version of
Geeklog where you could take over the site using php files that are
not intended as URL target combined with register_globals on. So
yeah, the language files should also probably have them too.
At 09:45 PM 10/11/2007, Oliver Spiesshofer wrote:
>Oliver Spiesshofer wrote:
>>Joe Mucchiello wrote:
>>>I put a / in the database prefix (by mistake) and received a
>>>cryptic database error. That field should be validated.
>>>
>>>
>>>siteconfig.php needs the
>>>
>>>if (strpos ($_SERVER['PHP_SELF'], 'siteconfig.php') !== false) {
>>> die ('This file can not be used on its own!');
>>>}
>>>
>>>or a
>>>
>>> header('location: index.php');
>>noted.
>taking a look at it now.... why? Should we do it with all the
>languages files then also?
>
>Oliver
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://eight.pairlist.net/mailman/listinfo/geeklog-devel
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list