|
#21
|
||||
|
||||
I'm no disputing the classes wont by the way if it comes across like that, im only offering advice and " Golden Rules " on something i know a fair amount on, something that will kill any project dead before its begun if not addressed correctly. Unless you have personally written those classes and know exactly whats happening with any given scenario of submitted data do not trust nothing or take it for granted, be very thorough because there is some serious talented operators out there that can CRSF or inject for fun. End note best of luck with it and above all have fun doing so =]
|
#22
|
|||
|
|||
Quote:
Bump: Quote:
|
#23
|
|||
|
|||
http://opentracker.nu/demo/user/logout/
As the avatar url prevents me from logging in so you should pay attention to what i was saying, a xbtit developer originally showed me this and its probably a common hack in php where developers assume no url santization is required i suggest you check getimagesize out this will validate a url against a image... |
#24
|
|||
|
|||
Quote:
|
#25
|
|||
|
|||
As you know, we had made a demo account (www.opentracker.nu/demo), but now we have been forced to cancel the edit profile account, someone seemed to go in and change the password! So unfortunately you can not test on those capabilities even further during the edit profile.
|
#26
|
||||
|
||||
Nope. Logout URL is still functionnal when called from everywhere on your CMS.
__________________
|
#27
|
|||
|
|||
Quote:
But we removed the avatar and disabled the demo user from being editable |
#28
|
||||
|
||||
Quote:
Sanitize inputs is a thing, but check the source of the input is an other. That's CRSF : you've to check the source of the request. When you're displaying a form, you're excepting data from this form only and block other requests issued by a foreign site/domain or your own platform. When you're displaying an action link (like add as friend, logout, delete account etc), only the page where the link is displayed can trigger process. Currently, it's possible to call all your URLs from everywhere (foreign site and your CMS itself).
__________________
|
#29
|
|||
|
|||
Quote:
Bump: Uploading the latest build of openTracker to the demo.. enjoy |
#30
|
||||
|
||||
Quote:
__________________
Please Support Majority Report You can contact me on Skype live:phesadent.elect but please let me know first. If you are ever need me desperately then please email me at dan.oak44@gmail.com and I will contact u within a week. Due to free time I'm able to help interested member's with their tracker. Please Note! Depending on your requests I will charge you for my assistance for Tracker installs and mods. All my mods are custom and prices will very depending on the request. I'm able to install any tracker and mods including themes. Please PM me |
Tags |
opentracker , source , torrents tracker , tracker |
|
|