i see, great work Roger.
On Sun, Oct 9, 2011 at 11:43 PM, Roger Martín <[email protected]> wrote:
> hi folks!
>
> security.php have a security hole!! don't panic..it's solved and ONLY vip
> persons could inject sql code in aiki...
>
> the hole was here..
> $get_sides = explode("||", $inline_per);
> ...
> get_group_level = $db->get_var ("SELECT group_level from " .
> "aiki_users_groups where
> group_permissions='$get_sides[0]'");
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~aikiframework-devel
> Post to : [email protected]
> Unsubscribe : https://launchpad.net/~aikiframework-devel
> More help : https://help.launchpad.net/ListHelp
>
>
--
Bassel Safadi
http://bassel.ws
http://aikilab.org
Global +1 323-545-3855
Singapore +65 93488349
_______________________________________________
Mailing list: https://launchpad.net/~aikiframework-devel
Post to : [email protected]
Unsubscribe : https://launchpad.net/~aikiframework-devel
More help : https://help.launchpad.net/ListHelp
