Re: [Phpwebsite-developers] Updated patch

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Wendall,

Sure I know all this having written many bugs myself.  The "wink"
modicon and=20
reference to "most basic" was just to say maybe simply trying to access
a branch=20
site once would've caught it.   But I also said, "An easy one to miss
and glad I remembered to check this time!"  In fact I mistyped the
recommended fix in my=20
earlier email!  It was incorrect and did not match what I actually did
to the code
here.  Mistakes happen.  BTW...for readers...the correction is elsewhere
in this thread.

So no criticism intended.  In fact as I said before, the quick response
on this=20
issue is very much appreciated.

Thanks,

Jim

> From: wendall
>=20
> Jim,
>=20
> The issue was that somebody posted this exploit to a public list
without
> letting the development team know. When things like this happen,
> regression testing isn't possible. Unless you'd like to wait a few
days
> for security releases that are in the wild. Regression testing is fine
for
> normal things. All fixes are announced on the internet as well.
Either
> through the bug tracker on sf.net or with new releases. Spend the time
and
> write all regression tests and I'm sure they'd be considered. If you
> understand the nature of cvs commits, you'd know that only released
code
> gets tested. The cvs repository can and often contains bugs. Or
sometimes
> doesn't work at all. The primary purpose of cvs isn't for building
> functional code. That's what release processes are for. There will
have to
> be alot more testing on the latest fix before it is finalized. It was
a
> hack to get things protected for users. There will be more work on
this
> and a more formally tested release given.
>=20
> Wendall
>=20
> > On Sat, 2005-02-26 at 07:21, Jim Wilson wrote:
> >> how about the most basic regression testing before comitting to cvs
and
> >> announcing fixes on the internet
> >
> > Jim,
> > I've advocated Unit Testing for that, but the developers don't
think
> > it's a worthwhile idea.
> >
> >
> >         Functional testing, Performance testing, HTML testing, and
PHP
> >         testing
> >
> >                 http://opensourcetesting.org/
> >
> > --
> > Mike Noyes <mhnoyes at users.sourceforge.net>
> > http://sourceforge.net/users/mhnoyes/
> > SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs
> >
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real
users.
> > Discover which products truly live up to the hype. Start reading
now.
> > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick
> >=20
> > Phpwebsite-developers mailing list
> > Php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
> >
>=20
>=20
>=20
>=20
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id=14396&op=CCk
>=20
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
>=20