vulnerabilities

Richard
2007-04-10
2013-04-02
  • Richard

    Richard - 2007-04-10

    There where several vulnerabilities found in CoMoblog. Is there any change they will be fixed in the near future? See eg http://secunia.com/product/8906/ or http://www.kapda.ir/advisory-301.html.

    Then i'm curies about 2 things.
    1) When i used easymoblog there where no pictures when looking to a topic. Are there pictures in CoMo?
    1a) Is it possible to use names in topicURL instead of a number?
    2) I would be nice to be able to send pictures as e-mail card. (try to put it in myself, but if this is posible as plugin it would be better offcourse)

    Thanx. Richard.

     
    • Mark Wallis (aka serialmonkey)

      Hi,

      The IMG XSS issue has been fixed in CVS for quite awhile now. Once we finally get  version 1.2 released it will be available to everyone.

      To answer your questions:

      1. Yes, you can assign an image icon to each topic to have it displayed against each post
      2. Unsure quiet what you mean by email card here. Can you provide an example ?

      Thanks,
      Mark.

       
    • Richard

      Richard - 2007-04-17

      Mark,

      Thanks for your answers.

      It is good to hear that it is fixed in CVS a checkout should get me the fixed pages. :)

      I think you didnt understand my first question ether but i will try to be a little bit more clear. (not native English)

      1) When i open a topic page (by eg clicking on the topic picture)from it the mainpage. I will get a page which only contains the text from the logs without the pictures. So my question is if it is possible to see the pictures on the topic page as well. It could also be nice to have topic names instead of a number.

      2) what i mean is something like this. http://hopman.xs4all.nl/~ceeskie/wnailer/index.php?action=ecard&did=2007414-2&id=12
          So the blogged picture can be send as e-card. This could be a nice module i think.

      Thanks,

      Richard

       
      • Mark Wallis (aka serialmonkey)

        1) Sorry, now I understand what you mean :-) Sounds like a bug really. I haven't got a blog setup like that at the moment that I can use to test. I'll raise a bug entry in SourceForge and investigate it soon

        2) Hmmm, that would be hard to implement as a module - but not impossible :-) I'll raise it as a feature request in SourceForge so we can look at it in the future.

        Thanks for the feedback :-)

         
    • Richard

      Richard - 2007-04-17

      Thats what i call quick replying. :)

       
    • Richard

      Richard - 2007-04-17

      You can have a look at http://hopman.xs4all.nl/como/ to see the topic thing.

       
      • Mark Wallis (aka serialmonkey)

        Ahhh, I see now.

        When you select a topic what you are given is an index of posts, rather than a full display of the posts.

        I want to leave it how it is, but perhaps I can add an "option" in the configuration to force the listing to show all the details instead of just an index ?

        M.

         
    • Richard

      Richard - 2007-04-17

      Yep, thats it!

      Its sounds good to have it as an option.

      I also have an other suggetion. To be able to browse by toppic. Or a toppic overview page, and like i sayd before it would be nice to be able to use topic names instead of numbers.

      But anyways it would be nice to have the first option..

      Any idee who much time it will take to get it in?

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks