Security update

We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.

Join our community!

If you're already a member please log in to your account to access all of our features:

Security update; for versions 1.0-1.2
Topic Started: Mar 2 2008, 12:50 AM (396 Views)
Jacroe	Mar 2 2008, 12:50 AM Post #1
Administrator Posts: 13 Group: Admins Member #1 Joined: Nov 28, 2007 What's up Starting to work on Documentation	A security hole has been discovered that can allow an attacker to change your wiki, even when the wiki is locked. To plug this hole, add the following code in your save.php right below the <?php Code: `if (file_exists('noedit.lock')) { die('This wiki has been locked from editing. <a href="index.php">MainPage</a>'); }` Your new save.php file should look something like this: Code: `<?php if (file_exists('noedit.lock')) { die('This wiki has been locked from editing. <a href="index.php">MainPage</a>'); } if (($_POST['article']) == '') {` With more code after that. Save the changes, and it should work. If it doesn't, please post about it in the General Support forum. Alternatively, you can just replace your old save.php with the new one attached to this topic. Attached to this post: save.php (2.72 KB)



1 user reading this topic (1 Guest and 0 Anonymous)


« Previous Topic · Announcements & News · Next Topic »