stangparts, 313i: Let me clear up my post somewhat as some may not have understood it correctly. With that post, there are two variables up at the top that are set via hosting server-side. magic_quotes_gpc = Off register_globals = On It is with these settings that you have to be cautious and weary of on your hosting. (not the script) If those two setting are set the same as above, then you are going to be susceptible to the injection cited in the post. This isn't to set up some scare. It's generally to warn you to take all precautions beforehand, so that it doesn't happen to you. So, is the script susceptible, yes and no. While hosting may be attributed and one cause, the script on the other hand does nothing to help this scenario should it ever come around.
Given that both of those settings have been available in PHP for years and they are well documented security risks any script developer should be protecting the integrity of the script regardless of whether they are switched on / off. So yes, the script is susceptible, IMO.....
Honestly, I sent over a PM to James of phpld as I didn't want to cause a stir and or scare anyone. While I did not receive a returned replay, I did at least tell him that I didn't mean any harm and I even suggested a possible fix for it. Thanks Silk for seeing it from my perspective as a scripting maniac Rob
Well thanks for clearing it up and making it a little easier to understand. It doesn't sound like it should be a big deal at all or even a deal breaker for deciding on purchasing the script.
@web-fanatic - Have you even read the thread, what utter nonsense, the thread clearly states a security flaw within phpld and that the owners of the script have decided to nothing about it!!! So how can this be the best?
I see your concerns too and share them. I've seen a couple of bugs for a few times now. It seems that phpLD is slowly dieing. The forum is largely sparse, less templates and mods. And then I could mention something less important like alexa rank which is in the clouds.
The phpld forum has never really been active but it don't mean it's "dying". I don't really post there but I still purchase it's script. All scripts/software are prune for attack or injections, once your targeted by this hackers, there's little you can do but to back up your files. Here are a list of directory scripts.
Just a heads up your Health Directory link in your sig is broken. Also what platform would you recommend? Thanks, P
hi all thanks for all the explanations you gave. i have a domain and i want to make it a directory. where can i find some one who can do this for me and how much should i be charged? tnx
Bit strong don’t you think? I suppose you can always knock something up that’s better. Directories have taken a big hit full stop. Thanks Brian