[geeklog-devel] 1.5 Installer stuff
Oliver Spiesshofer
oliver at spiesshofer.com
Thu Oct 11 22:45:39 EDT 2007
I always assumed that this problem is only there with files that have
actual code in them and not only variables.
given that this file has some system variables it might be a problem
here, but I am not sure with the language files.
Oliver
Joe Mucchiello wrote:
> There's a bunch security vulnerabilities from older version of Geeklog
> where you could take over the site using php files that are not
> intended as URL target combined with register_globals on. So yeah, the
> language files should also probably have them too.
>
> At 09:45 PM 10/11/2007, Oliver Spiesshofer wrote:
>> Oliver Spiesshofer wrote:
>>> Joe Mucchiello wrote:
>>>> I put a / in the database prefix (by mistake) and received a
>>>> cryptic database error. That field should be validated.
>>>>
>>>>
>>>> siteconfig.php needs the
>>>>
>>>> if (strpos ($_SERVER['PHP_SELF'], 'siteconfig.php') !== false) {
>>>> die ('This file can not be used on its own!');
>>>> }
>>>>
>>>> or a
>>>>
>>>> header('location: index.php');
>>> noted.
>> taking a look at it now.... why? Should we do it with all the
>> languages files then also?
>>
>> Oliver
>> _______________________________________________
>> geeklog-devel mailing list
>> geeklog-devel at lists.geeklog.net
>> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
> ----
> Joe Mucchiello
> Throwing Dice Games
> http://www.throwingdice.com
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
>
More information about the geeklog-devel
mailing list