9
Sorry for my English.
Anyone can contact Kraven30, author of Catads 1.50 beta, its version contains a security breach and catfelix author catad 1.4 too?
An ill-intentioned user may discontinue the ads because the function
stopandgo function ()
Not checking user XOOPS.
The solution is:
function stopandgo() {
global $ads, $ads_handler;
// verification user
$uid = $ads->getVar('uid');
if (!$xoopsUser || $xoopsUser->getVar('uid') != $uid) {
redirect_header("index.php",1,_NOPERM);
}
Thank you very much