Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum
http://www.tinywebgallery.com/forum/

Security ?
http://www.tinywebgallery.com/forum/viewtopic.php?f=1&t=565
Page 1 of 1

Author:  Merlin44 [ 14. Oct 2006, 14:37 ]
Post subject:  Security ?

I found an vaFm47lsL2g.jpg file in my xml folder.
I see this pic before, so i never send it in my twg.
How it can be possible ?

Author:  TinyWebGallery [ 14. Oct 2006, 16:57 ]
Post subject: 

Found it too in my latest build. I have moved this file from one of my example galleries to test something there and forgot to delete it (my build file does only delete all xml files from this folder!)

Therefore it came from my zip file - simply delete it and everything is good :).

/Michael

Author:  Merlin44 [ 14. Oct 2006, 17:47 ]
Post subject: 

glad to know that ;)

Author:  Merlin44 [ 3. Nov 2006, 18:10 ]
Post subject: 

New hack attempt this night:
Seems twg handle that perfectly

Code:
_.script._alert(’test’);_.script._


in comment

Author:  TinyWebGallery [ 3. Nov 2006, 18:15 ]
Post subject: 

all parameters are now checked for any tags - scripts ... and bad ones are replaced

in 1.6 I will add some allowed tags in titles and comments again (like <b> <u> to format the text a little bit nicer if you like :))

/Michael

Author:  Merlin44 [ 3. Nov 2006, 18:20 ]
Post subject: 

Good
(it was just a feedback for information)

Page 1 of 1 All times are UTC + 1 hour [ DST ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/