Hello all on the Pagetool Devel list,
Happy New Year to you all!
On Jan 03, 2008, at 01:12, Oliver Waring wrote:
>> What would be great would be if Ollie, or anyone else who uses
>> Pagetool, was to take a look at the code in CVS
> I would be more than happy to come on board to help out, however i
> would not rate my self anywhere near a developer right now.
> I think PT is great and i have a couple of sites lined up to do on it.
> And therefore am happy to help if i can do so in an "amateur fashion"
We're all amateurs here :-)
>> and go through it with a fine tooth comb and try and see if there
>> are any security issues with it. I haven't looked at the code for a
>> while, almost a year, when there were security exploits of un-
>> patched sites. I went through most of the code then and made a load
>> of changes to make it more secure. To have someone else take a look
>> at the changes I made then, and to go on and finish off what I
>> started and complete the review of the code, would be great.
>> There might even one day be a 1.08 release. If I recall correctly
>> all the public code was as secure as I could make it, it was mostly
>> the admin side that I still had to work thorough, and I think I'd
>> broken the cookie login code in my attempt to make it more secure. I
>> think I detailed where I had got to in the TODO.txt.
> Where does the fixing of V1 cross over with V2?
It doesn't. V2 is a complete re-write from scratch.
> Is it worth concentrating on V2 More?
Maybe, except I haven't looked at that code for a VERY long time now.
It's over a year now since PT1 installs were compromised due to our
insecure code. I would like to get out a much more secure 1.08
release so that people have something to easily upgrade to, instead
of dropping in this file and deleting that file.
Upgrading from V1 to V2 is likely to be quite involved.
> (What was the CVS you recommended Dave?)
On Mac, SmartCVS is the best CVS client I've found. It's available from:
It's Java based, so should work on all platforms. When I was still
using Windows, TortoiseCVS was a very good native CVS client that
integrated very well with Explorer. It's available from:
If Ollie (or anyone else) gets the code anonymously (read only) from
CVS and make some changes, then email me the changed files and I'll
have a look and merge the code in. Once I've received a few changes
from a person, and if there's a load more changes they want to make,
then I'll give them write access to CVS if Jamie is in agreement.
That's it for now.
d a v e