I believe many of the SQL injection errors are now fixed in
CVS. There is a list of files I haven't gone through yet in
TODO. They will all be fixed by the final version of 1.20.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
even more possible SQL injection errors are now fixed in
CVS. There are two or three monster files left to go
through, one of which where SQL injection errors will
require a closer look because it may affect other code.
Hopefully I can have this fixed tomorrow and consider Tunez
a lot safer than it was (having reviewed the entire codebase
for SQL injections)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The audit of the code is complete. Several more security
vulnerabilities were found in 1.20-rc1 as I expected.
Should have fixed them before we released but I forgot about
them, if you can believe that until I checked the TODO.
All of the security exploits we've found so far only occur
when magic quotes are disabled, so if you have PHP's magic
quotes enabled I wouldn't worry too much about things.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=78148
I believe many of the SQL injection errors are now fixed in
CVS. There is a list of files I haven't gone through yet in
TODO. They will all be fixed by the final version of 1.20.
Logged In: YES
user_id=78148
even more possible SQL injection errors are now fixed in
CVS. There are two or three monster files left to go
through, one of which where SQL injection errors will
require a closer look because it may affect other code.
Hopefully I can have this fixed tomorrow and consider Tunez
a lot safer than it was (having reviewed the entire codebase
for SQL injections)
Logged In: YES
user_id=78148
The audit of the code is complete. Several more security
vulnerabilities were found in 1.20-rc1 as I expected.
Should have fixed them before we released but I forgot about
them, if you can believe that until I checked the TODO.
All of the security exploits we've found so far only occur
when magic quotes are disabled, so if you have PHP's magic
quotes enabled I wouldn't worry too much about things.
Logged In: YES
user_id=78148
1.20 was released and has no known security vulnerabilities
in it. We suggest you update to this version as soon as
possible.