[geeklog-devel] Geeklog.net - File Management Plugin

Tom websitemaster at cogeco.net
Fri May 31 20:28:57 EDT 2013


Hey Dirk,

 

What are your plans with the file management plugin on Geeklog.net?

 

Tom

 

 

=========================================

Quote from previous email from Dirk:

 

>From what I can see, all 3 versions of the plugin behave in the same way:

 

orderby=titleD/*q*/ simply behaves like orderby=titleD. The reason for this
is that all 3 versions already run the parameter through COM_applyFilter()
which removes the comment.

 

orderby=titleD/q**/ throws an SQL error. However, that is not valid SQL
syntax. You can provoke the same error by simply writing orderby=blah

 

So this is simply a way to provoke an SQL error. This shouldn't happen, but
from what I can see, it's not a security issue since all the "dangerous"
characters you would need to make this a proper SQL injection are already
filtered.

 

The patch by hiroron (Thanks!) should take care of this problem.

 

bye, Dirk

 

=========================================

Quote from previous email by Laugh:

 

I was just about to mention the other plugin

 

http://www.geeklog.jp/downloads/index.php/downloads_1.1.0

 

A new version of the Downloads plugin (1.1.0) was released by Yoshinori
Tahara - dengen early in April (it is based on the original file management
plugin). The last time I talked to him about it was in February which he
said he was working on a version for Geeklog 2.0.0 to support the new theme
engine and a few other issues (see the included readme in the downloads
plugin archive).

 

It does include an import function from the original file management to
downloads plugin (fm2dm.php).

 

I also like some of the new features of the plugin like the grouping of a
project into a single download page.

 

I think it is probably worth switching over (it is also what Geeklog.jp and
Geeklog.fr are using) since someone is actively developing it.

 

If you are going to spend some time on the other file management plugin it
may be worthwhile just upgrading to this version instead.

 

I would do it now but it looks like I will be swamped with work this summer.

 

Tom

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20130531/22e60532/attachment.html>


More information about the geeklog-devel mailing list