Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 28. Mar 2024, 19:41

This forum is readonly now. Please use the new forum if you don't find the answer to your question here. The new forum is at https://www.tinywebgallery.com/blog/forum/


All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Security ?
PostPosted: 14. Oct 2006, 14:37 
Offline

Joined: 5. Apr 2006, 08:40
Posts: 106
I found an vaFm47lsL2g.jpg file in my xml folder.
I see this pic before, so i never send it in my twg.
How it can be possible ?


Top
 Profile  
 
 Post subject:
PostPosted: 14. Oct 2006, 16:57 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
Found it too in my latest build. I have moved this file from one of my example galleries to test something there and forgot to delete it (my build file does only delete all xml files from this folder!)

Therefore it came from my zip file - simply delete it and everything is good :).

/Michael


Top
 Profile  
 
 Post subject:
PostPosted: 14. Oct 2006, 17:47 
Offline

Joined: 5. Apr 2006, 08:40
Posts: 106
glad to know that ;)


Top
 Profile  
 
 Post subject:
PostPosted: 3. Nov 2006, 18:10 
Offline

Joined: 5. Apr 2006, 08:40
Posts: 106
New hack attempt this night:
Seems twg handle that perfectly

Code:
_.script._alert(’test’);_.script._


in comment


Top
 Profile  
 
 Post subject:
PostPosted: 3. Nov 2006, 18:15 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
all parameters are now checked for any tags - scripts ... and bad ones are replaced

in 1.6 I will add some allowed tags in titles and comments again (like <b> <u> to format the text a little bit nicer if you like :))

/Michael


Top
 Profile  
 
 Post subject:
PostPosted: 3. Nov 2006, 18:20 
Offline

Joined: 5. Apr 2006, 08:40
Posts: 106
Good
(it was just a feedback for information)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
powered by phpbb | Datenschutz/ Privacy policy