2
Ok, I understand. So I did it for an intranet...
But what is the risk ?
What could happen if someone use it on Internet ?
Have you another solution to avoid that no-login ?
But what is the risk ?
What could happen if someone use it on Internet ?
Have you another solution to avoid that no-login ?
3
Why do you consider that as a security hole ?
As I know, others CMS as PostNuke or PhpNuke don't use that feature...
As I know, others CMS as PostNuke or PhpNuke don't use that feature...
4
As I can't log behind my firewall (zone Alarm or Norton), I had to write a little hack to do that. When XOOPS tests the $HTTP_REFERER var and find it empty (function myRefererCheck) connection is not allowed.
To avoid that, I have written this little hack:
file html/class/mysql.php, line 147, you have:
...
if (myRefererCheck($errstr)) {
...
REPLACE by:
...
if (myRefererCheck($errstr) || ALLOW_FROM_PROXY)
...
and in include/common.php file, line 40, ADD:
define("ALLOW_FROM_PROXY", TRUE); // Disactivate referercheck for SQL requests
If you want to return back to the normal settings, then just put FALSE instead of TRUE.
Trollix - HQCH (Hope Que Ca Helpe)
To avoid that, I have written this little hack:
file html/class/mysql.php, line 147, you have:
...
if (myRefererCheck($errstr)) {
...
REPLACE by:
...
if (myRefererCheck($errstr) || ALLOW_FROM_PROXY)
...
and in include/common.php file, line 40, ADD:
define("ALLOW_FROM_PROXY", TRUE); // Disactivate referercheck for SQL requests
If you want to return back to the normal settings, then just put FALSE instead of TRUE.
Trollix - HQCH (Hope Que Ca Helpe)
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Apr 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|