http://www.brandonchecketts.com/archives/security-vulnerability-in-cpcommerce Web Programming, Linux System Administation, and other geeky stuff Thu, 05 Jan 2012 11:11:59 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://www.brandonchecketts.com/archives/security-vulnerability-in-cpcommerce/comment-page-1#comment-240 Brandon Sun, 06 May 2007 00:46:38 +0000 http://www.brandonchecketts.com/archives/69#comment-240 My patch was just a quick regular expression check on the abused variable. The author's patch was more in-depth. It made sure the script wasn't called directly (it was meant to be included as part of a whole page). It also looks like the variable was also initialized correctly, so an attempt to pass the variable in using register_globals would no longer work. My patch was just a quick regular expression check on the abused variable. The author’s patch was more in-depth. It made sure the script wasn’t called directly (it was meant to be included as part of a whole page). It also looks like the variable was also initialized correctly, so an attempt to pass the variable in using register_globals would no longer work.

]]> http://www.brandonchecketts.com/archives/security-vulnerability-in-cpcommerce/comment-page-1#comment-238 Kevin Sat, 05 May 2007 22:26:58 +0000 http://www.brandonchecketts.com/archives/69#comment-238 Nice job Brandon, it's always nice to see people contributing back to the open source community! Did the developer use your patch or create his own? Nice job Brandon, it’s always nice to see people contributing back to the open source community! Did the developer use your patch or create his own?

]]>