HomeHelpTrac

Ticket #1927 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Security improvements

Reported by: AlexT Owned by: SashaE, AndreyP, AlexP
Priority: major Milestone: 7.0.1
Keywords: Cc:

Description (last modified by AlexT) (diff)

Make security improvements in your module according to pdf in basecamp

Change History

comment:1 Changed 2 years ago by AlexT

Consult with AlexT about exact improvements

comment:2 Changed 2 years ago by AlexT

  • Description modified (diff)
  • Summary changed from Security imrovements to Security improvements

comment:3 Changed 2 years ago by AntonL

  • Owner changed from LeonidS, SashaE, AntonL, AndreyP, AlexL, AlexP, AlexT to LeonidS, SashaE, AndreyP, AlexL, AlexP, AlexT

Done for Articles, Feedback, News, Wall

comment:4 Changed 2 years ago by AlexL

Done for Chat and Messenger

comment:5 Changed 2 years ago by AlexL

  • Owner changed from LeonidS, SashaE, AndreyP, AlexL, AlexP, AlexT to LeonidS, SashaE, AndreyP, AlexP, AlexT

comment:6 Changed 2 years ago by sashae

Done for : Simple messenger, Facebook connect, Spy, Polls, Data migration, Shoutbox

comment:7 Changed 2 years ago by LeonidS

  • Owner changed from LeonidS, SashaE, AndreyP, AlexP, AlexT to SashaE, AndreyP, AlexP, AlexT

Done for files and media modules

comment:8 Changed 2 years ago by AlexT

1) vse zaprosy na izmeneniya/udaleniya/dobavleniya dannyh csdelat' herez POST .. seichas dafiga mest gde eto delaetsya cherez GET.

esli izpol'zuutsya formu to formy uje pofixeny sootvetstvuushim obrazom .. nujno prosto posmotret' chtoby v forme byl POST metod

esli formy ne ispol'zuutsya, to nujno vruchnuu peredelyvat' na post !

esli ispol'zuetsya funkciya getHtmlData .. to chtoby legche bylo peredelyvat' .. tam poslednim parametom mojno peredat' metod 'post' .. i potom na servere nujno postavit' proverku 

0 != strcasecmp($_SERVER['REQUEST_METHOD'], 'POST')

chtoby ne peredelyvat' parametry v URL'e .. i ostavit' ih GET'om ... proslto vot etu proverku sdelat' na POST method

2) zamenit' vse _REQUEST peremennye na _GET ili _POST sootvetstvenno ..... chtoby legche bylo peredelyvat' byla dobavlena funkciya bx_get() ... kotoraya proveryaet GET i POST .. po suti kak REQUEST ... naprimer: 

$_REQUEST['name']

budet pist'sya kak 

bx_get('name')

a 

isset($_REQUEST['name'] )

budet pisatsya kak 

false !== bx_get('name')

comment:9 Changed 2 years ago by AndreyP

Ads module - revision: 13887

comment:10 Changed 2 years ago by AndreyP

CustomRSS module - revision: 13888

comment:11 Changed 2 years ago by AndreyP

Quotes module - revision: 13889

comment:12 Changed 2 years ago by AndreyP

Blogs module - revision: 13890

comment:13 Changed 2 years ago by AndreyP

Opensocial module - revision: 13893

comment:14 Changed 2 years ago by AlexT

  • Owner changed from SashaE, AndreyP, AlexP, AlexT to SashaE, AndreyP, AlexP

comment:15 Changed 2 years ago by AndreyP

+ revision: 13898 (few changes)

comment:16 Changed 2 years ago by AntonL

  • Status changed from new to closed
  • Resolution set to fixed

Done for Sites and Profile Customizer - 13899

Note: See TracTickets for help on using tickets.
 
 

Site Search

Market

Notes

Websites

About BoonEx Contacts © BoonEx (ACN 127966581)