WB 2.11.0: Issueshttps://project.websitebaker.org/https://project.websitebaker.org/favicon.ico?16699092072017-10-12T11:52:55ZTracking
Redmine Feature #60 (Done): field type in wb-settings are too small for a bigger serialized string in med...https://project.websitebaker.org/issues/602017-10-12T11:52:55ZManuelamanu54@isteam.de
<p>if you work with a lot of subfolders in media and use the media settings, its possible that the size of the serialized string exceed the limit of the database field, type TEXT (64k) and you lost your settings<br />see also -> <a class="external" href="https://forum.websitebaker.org/index.php/topic,30486.0.html">https://forum.websitebaker.org/index.php/topic,30486.0.html</a></p>
<p>ToDo: create a new table which can store unlimited entries.<br />this will make the procedure more secure and stable from removing the in memory serialization/deserialization of very large and extensive arrays. In addition we get the possibility to search through the table much more faster, we can sort the entries in several kinds and some more</p> Error #44 (Done): outputfilter filterEmailhttps://project.websitebaker.org/issues/442017-04-12T11:27:58ZManuelamanu54@isteam.de
<p>the file 'mdcr.js' should be included only if a email address really has been encoded in the content. Never in general like now.</p> Security #39 (Done): SQL injection vulnerabilities [reported by Marek Alaksa from citadelo]https://project.websitebaker.org/issues/392017-03-24T15:58:38ZManuelamanu54@isteam.de
<p>Overview<br />WebsiteBaker 2.10.0 and lower versions are vulnerable to SQL injection vulnerabilities.<br />Details<br />It is possible for an unauthenticated user to inject SQL code into the variables "username" and<br />"display_name" in the "account/signup.php" PHP script (signup form). The vulnerability exists due to<br />insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all<br />records stored in the database with the privileges of the WebsiteBaker database user (e.g. administrator<br />password MD5 hash).</p>
<p><a class="external" href="http://www.citadelo.com/">http://www.citadelo.com/</a></p>