Hallo,
waere super, wenn mir jemand eine Info geben kann,
ob man exdata mit der aktuellen phpwcms version verwenden kann.
Oder kann jemand einen kleinen Ueberblick geben, welche Module
derzeit gepflegt werden und problemlos mit der aktuellen Version laufen.
Die zweite Frage waere, wo ich den Download von exdata her bekomme?
Die Zugangsdaten aus dem Forum fuer die web.casa.loca seite
sind anscheinend nicht mehr aktuell.
Viele Dank und beste Gruesse
Danke fuer eine kurze Info.
Exdata mit aktuellem Release
Re: Exdata mit aktuellem Release
ExData should NOT be used in live systems anymore!
There are several severe security problems.
Download of the module is locked.
A future update may solve these problems. Target date = end of 2009
There are several severe security problems.
Download of the module is locked.
A future update may solve these problems. Target date = end of 2009
- Fulvio Romanin
- Posts: 394
- Joined: Thu 4. Dec 2003, 11:12
- Location: Udine, Italy
- Contact:
Re: Exdata mit aktuellem Release
hey breitsch,
being one of those that spotted the security hole, i would though request a quicker solution: i have several live sites that use exdata, and i can't tell them "your site will be down / without stuff until (maybe) the end of 2009". I would be sued, probably.
Please - imagining you don't have the time to rewrite everything, give me / us a hint to work out the problem on our own...
Thanks
F
being one of those that spotted the security hole, i would though request a quicker solution: i have several live sites that use exdata, and i can't tell them "your site will be down / without stuff until (maybe) the end of 2009". I would be sued, probably.
Please - imagining you don't have the time to rewrite everything, give me / us a hint to work out the problem on our own...
Thanks
F
Completeness is reached through subtraction, not through addition
- Oliver Georgi
- Site Admin
- Posts: 9888
- Joined: Fri 3. Oct 2003, 22:22
- Contact:
Re: Exdata mit aktuellem Release
All input data (POST/GET) has to be checked and secured. The most important first - check all Queries and escape all custom vars used to build a query by using (sample):
Code: Select all
$query = "SELECT * FROM table WHERE field='" . aporeplace($_GET['param']) . "'";