Open 0944-tw opened 2 years ago
Fo FIx It (Copied From Stackoverflow xD) Use Modern Versions of MySQL (late 5.1, all 5.5, 5.6, etc) AND mysql_set_charset() / $mysqli->set_charset() / PDO's DSN charset parameter (in PHP ≥ 5.3.6) Or Don't use a vulnerable character set for connection encoding (you only use utf8 / latin1 / ascii / etc)
Mofhy is expired
Wait, so you are no longer supporting it, again?
Mofhy is expired
🤦
🙄
This time it is permanently closed and will no longer receive any updates from vendor
why bro?
There are some issues i can't resolve either.
what are the issues? the community is there 🤔
yep
its easy to resolve :) just use PDO
Xss and some tokenized system issue. I'm thinking to make a new application based on codeigniter in order to make it work smoother and secure.
Go for it!
tokenized system issue
Like what? I would love to try fix it!
Well the client, and admin area login needs to be redone as well. Testing on my own install, both can be hacked. Not sharing details since, well, that should be obvious.
Well the client, and admin area login needs to be redone as well. Testing on my own install, both can be hacked. Not sharing details since, well, that should be obvious.
Yeah that's right and also logic bombs exists in this application
wtf it just 1 day then lot of comment
wtf it just 1 day then lot of comment
So what?
Can something like this being implemented correct? Reference: https://youtu.be/I4JYwRIjX6c?t=996
Can something like this being implemented correct? Reference: https://youtu.be/I4JYwRIjX6c?t=996
Yes can be.
I am making fix for prepared stmts. https://github.com/MofhyDevs/MofhyCommunity/
Um, there already is a community version...
which no one cares to edit.
which no one cares to edit.
Well nobody cares whatever you are doing for community. They will just tell where you are wrong and will never try to fix it by there own.
which no one cares to edit.
Well nobody cares whatever you are doing for community. They will just tell where you are wrong and will never try to fix it by there own.
That's kinda sad honestly...
That's kinda sad honestly...
agreed
I mean you are not editing it either...
Who are you mentioning
I am talking to @jaikt
Well the Community version here here: https://github.com/MOFH-Dev
You just made another one, when one already exists.
I am talking to @jaikt
Well the Community version here here: https://github.com/MOFH-Dev
You just made another one, when one already exists.
Well well well. That's a point
imo, rewriting the whole project from scratch but better this time is the best we can do rather than forking the same repo under a different organization everytime OR Create one organization where everyone who has already contributed / plans to contribute to the project with edit perms access under a private fork which will patch all security issues then release it after it's stable enough for production.
Ensuring all the security issues are patched this time.
mysqli_real_escape_string CAN PREVENT SQL Injection BUT it cant FULLY PREVENT SQL Injection. So,Its Safe But Unsafe? xD https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string