• Thumbs up

  efewfwefwef

  posted by anonymous 69 days ago

  If you'd like to rate this review, please log in.

View all reviews

• kportal 0.7.3.0 available for download

  The subject says it all. Please read the release notes for installation instructions. Next version will be 0.8.0.0 and should be released around end of May. It will have many new features starting with a very easy installation script.

  posted by kamborio 2449 days ago

• File released: /kportal/Version 0.7.3.0/kportal-0.7.3.0.zip

  posted 2449 days ago

• kportal Version 0.7.3.0 file released: kportal-0.7.3.0.zip

  Version 0.7.3.0 * [FEATURE]Added code in global.asax to identify cookieless sessions. kportal will try to identify users which are rejecting cookies by looking at his/her IP address, REFERRER and UserAgent. If there is a match with any existing session and the session hasn't been abandoned, it will asign that session to the user. * [FIX]Modified CheckNumericRequest and CheckNull NumericRequest functions to not accept negative values. The old behaviour could cause a Runtime error on the category "Whoson" of the admin module. * [FIX]Runtime Error if "Whoson" ID on admin module is out of bond. If we are checking the "Whoson" Category and we enter an ID manually (by modifiying the URL), a Runtime error will ocurr. * [FIX]User Agent is spoofed if length > 255 If the length of the User Agent is bigger than 255 characters, instead of being truncated the value stored is the REFERRER. * [CLEANUP]"Whoson" won't show up abandoned sessions on the main list. This is a temporary trick while I change the UserStats from Array to Collection * [CLEANUP]Modified code on default.vb to better handle Languages and Themes. In order to improve detection of languages and themes some code has been relocated. * [FIX]Cross Site Scripting (XSS) on the admin module. Fixed a security problem within the admin module that allowed JavaScript code into the "Whoson" and "Whowason" categories. A malicious user who is able to spoof the REFERRER or the UserAgent, or even by constructing a malformed URL will be able to run JavaScript code on the browsers' victim. * [FIX]Problems when adding an article. After adding an article an error message will show up even when the database reflects the update. * [FEATURE]New setting in App.config. A new setting has benn added (LogonIP) to choose whether the sessions have to be mantained on the same IP or not. By enabling this setting (value = 1, default) security will be increased and session hijack via XSS won't work. * [FIX]Runtime error if starting page is cgi-bin/user.aspx. This problem was due to an improper variable assign on global.asax. * [CLEANUP]Modified code on several files to run under .NET 1.1 release. CommandText cannot be reassign until the RecordSet has been closed. Modified files are: cgi-bin/admin.aspx cgi-bin/articles.aspx cgi-bin/user.aspx source/security.vb * [FEATURE]Improved handling of pages on "Whoson" and "Whowason". There is two new options to move between pages: Previous and Next * [TODO]Sort out XSS on articles (<a href="javascript:alert('XSS')"></a>)

  posted 2452 days ago

• Tracker comment added

  kamborio commented on the Problems when adding an article artifact

  posted by kamborio 2577 days ago

• Tracker artifact added

  kamborio created the Problems when adding an article artifact

  posted by kamborio 2577 days ago

• Tracker comment added

  kamborio commented on the User Agent is spoofed if length > 255 artifact

  posted by kamborio 2577 days ago

• Tracker artifact added

  kamborio created the User Agent is spoofed if length > 255 artifact

  posted by kamborio 2577 days ago

• Tracker comment added

  kamborio commented on the Runtime Error if "Whoson" ID out of bond artifact

  posted by kamborio 2577 days ago

• Tracker comment added

  kamborio commented on the Runtime Error if "Whoson" ID out of bond artifact

  posted by kamborio 2577 days ago

• Tracker artifact added

  kamborio created the Runtime Error if "Whoson" ID out of bond artifact

  posted by kamborio 2577 days ago