https://www.brandonchecketts.com/archives/security-vulnerability-in-cpcommerce Web Programming, Linux System Administation, and Entrepreneurship in Athens Georgia Sun, 06 May 2007 00:46:38 +0000 hourly 1 https://wordpress.org/?v=6.9.1 https://www.brandonchecketts.com/archives/security-vulnerability-in-cpcommerce/comment-page-1#comment-240 Sun, 06 May 2007 00:46:38 +0000 http://www.brandonchecketts.com/archives/69#comment-240 My patch was just a quick regular expression check on the abused variable. The author’s patch was more in-depth. It made sure the script wasn’t called directly (it was meant to be included as part of a whole page). It also looks like the variable was also initialized correctly, so an attempt to pass the variable in using register_globals would no longer work.

]]> https://www.brandonchecketts.com/archives/security-vulnerability-in-cpcommerce/comment-page-1#comment-238 Sat, 05 May 2007 22:26:58 +0000 http://www.brandonchecketts.com/archives/69#comment-238 Nice job Brandon, it’s always nice to see people contributing back to the open source community! Did the developer use your patch or create his own?

]]>