Antiques Promotion Canada

Community for Collectors & Canadian Antique Dealers

Canadian antiques dealer, collectors Antique Dealers

Map of Canadian Antique Dealers

Antique shows, auctions houses, collectors clubs and markets

Finding a Canadian antique dealer has never been easier. Plan your trips and find fabulous antiques & collectibles using our antique resources map of Canada.

AP site: AP Encyclopedia AP Forum Articles Classified Ads Map & Directory of Antique Dealers Calendar Book Search Poll


This site: Home Download Forum Demo Contact us

 Login
Username:

Password:

Remember me



Lost Password?

Register now!
 Search
 Who is Online
5 user(s) are online (1 user(s) are browsing Forum for APCal)

Members: 0
Guests: 5

more...

Browsing this Thread:   1 Anonymous Users


 Bottom   Previous Topic   Next Topic  Register To Post



bug report and security hole
Just popping in
Joined:
2013/6/12 11:23
From Florida
Group:
Registered Users
Posts: 1
Level : 1; EXP : 0
HP : 0 / 0
MP : 0 / 0
Offline
We have had the AP Cal installed on our sites for a long time, but have just found an exploit where the Tellafriend.php file can be remotely accessed and scripted to send thousands of spam emails.

Our servers were crippled for several days until the offending files were located. We have removed the file from the sites and uninstalled the calendar applications until the feature is removed.

It is too bad because this was the best calendar script I have seen in a while.

Posted on: 2013/6/12 11:27
Transfer the post to other applications Transfer


Re: bug report and security hole
Webmaster
Joined:
2011/7/19 15:17
Group:
Webmasters
Registered Users
Posts: 38
Level : 4; EXP : 94
HP : 0 / 98
MP : 12 / 2112
Offline
Hello richmanfl,

That is, indeed, a major security issue.

We are working on it right now and the update should be available tomorrow.
- We will add a captcha for anonymous users
- We will add a module preference to turn this feature on and off.


Thanks a lot for your bug report, it is very appreciated.

Posted on: 2013/6/13 17:36
Transfer the post to other applications Transfer


Re: bug report and security hole
Webmaster
Joined:
2011/7/19 15:17
Group:
Webmasters
Registered Users
Posts: 38
Level : 4; EXP : 94
HP : 0 / 98
MP : 12 / 2112
Offline
Hello,

The new version of APCal (2.2.1) is now released with some security fix with the tell a friend form.

We have added a captcha for anonymous users. If you still want to disable the feature, we have added the possibility to disable the links and the form submission in the preferences panel.

We are planning to add a sending limit by IP address by day to prevent somebody to send unlimited emails to everybody.


Thanks a lot for your security issue report.

Posted on: 2013/6/14 15:32
Transfer the post to other applications Transfer




 Register To Post


You can view topic.
You cannot start a new topic.
You cannot reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You cannot post without approval.

[Advanced Search]