>
> But anyway, now that I can correctly check my website, I noticed 2 other
> bugs:
> - *if (substr($dir, '..')) return false;* in conditions.php should be
> replaced by* if (substr($dir, strpos($dir,'..'))) return false;*
>
Actually, I think it should be if (strpos($dir,'..')) return false;
This is to prevent access to other parts of the webspace. Thanks for
catching this.
> - *function deprecate($term, $msg, $page='')* in engine.php should be
> replaced by* function deprecate($term, $msg='', $page='')* since you
> almost never provide a 2nd argument to this function...
> It would probably also be better if you replaced *if (inlist('admin',
> $BOLTgroups)) $out = "<div class='stopwatch'>$BOLTstopWatchMsg</div>".$out;*
> by *if (inlist('admin', $BOLTgroups)) $out = str_replace("<body>",
> "<body><div class='stopwatch'>$BOLTstopWatchMsg</div>", $out);*
>
Agreed! :)
Cheers,
Dan
--
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/boltwire.
For more options, visit https://groups.google.com/d/optout.
