[plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

Gocom · 2011-12-17 04:08:53

If that thing above, posted by elwins, is from the plugin’s source code, I would not recommend using it. Seriously, you shouldn’t be using that in any situation. That code has some very serious security vulnerabilities.

elwins · 2011-12-17 05:32:36

Its default code, only place what has changed is:

$lang = array(
		'section'           => 'forums',
		'reply_section'           => 'forums_replies',
		'category'           => 'category name is here..',
		'parent_custom_field'           => 'custom1',
	);

But I think, that some part of that code propobly is lost, because there was problems with posting it.

Gocom · 2011-12-17 05:45:28

elwins wrote:

Its default code

In such case, I would advice uninstalling the plugin. It’s not safe to use.

Last edited by Gocom (2011-12-17 05:45:53)

Bloke · 2011-12-17 08:22:30

elwins

I’ve already donethe category thing, and more besides, in my (unreleased) modded version. I can’t remember how many of the security loopholes I closed offhand. Maybe some, maybe none — it was a loooong time ago I last looked at it. I’m due to revisit this over the next few weeks if you can wait a bit.

Gocom

In case you’re at a loose end over the holidays, could you please jot down some of the security issues and let me have them by e-mail. I can see a bunch of them in the code above (unescaped things, lack of doSlash(), etc) which I’ve probably caught already, but in case I missed any I’d appreciate your expertise on this. Thanks, man.

Last edited by Bloke (2011-12-17 08:23:00)

elwins · 2011-12-17 14:34:26

Bloke wrote:

I’ve already donethe category thing, and more besides, in my (unreleased) modded version. I can’t remember how many of the security loopholes I closed offhand. Maybe some, maybe none — it was a loooong time ago I last looked at it. I’m due to revisit this over the next few weeks if you can wait a bit.

maybe you can give me now that category thing? I Just need to get visual side done, and then later, security side.

Last edited by elwins (2011-12-17 14:34:55)

Bloke · 2011-12-18 16:22:34

elwins wrote:

maybe you can give me now that category thing? I Just need to get visual side done, and then later, security side.

Not right now. I’m travelling and it’s at home. maybe when I get back.

elwins · 2011-12-18 19:00:06

ok, when will you be back at home? :)

elwins · 2012-01-12 16:08:56

Someone then can help me?

Textpattern CMS

Textpattern CMS support forum

#49 2011-12-17 04:08:53

Re: [plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

#50 2011-12-17 05:32:36

Re: [plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

#51 2011-12-17 05:45:28

Re: [plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

#52 2011-12-17 08:22:30

Re: [plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

#53 2011-12-17 14:34:26

Re: [plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

#54 2011-12-18 16:22:34

Re: [plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

#55 2011-12-18 19:00:06

Re: [plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

#56 2012-01-12 16:08:56

Re: [plugin] [ORPHAN] TXPhorum 0.3 / A simple forum solution for Textpattern

Board footer