Bravo List
Page 3 of 9 1 2 3 4 5 6 7 Last »
Show 40 post(s) from this thread on one page

Bravo List (http://www.bvlist.com/index.php)
-   OpenTracker (http://www.bvlist.com/forumdisplay.php?f=125)
-   -   OpenTracker - a new tracker source! (http://www.bvlist.com/showthread.php?t=8077)

Bigjoos 24th June 2012 20:44
I'm no disputing the classes wont by the way if it comes across like that, im only offering advice and " Golden Rules " on something i know a fair amount on, something that will kill any project dead before its begun if not addressed correctly. Unless you have personally written those classes and know exactly whats happening with any given scenario of submitted data do not trust nothing or take it for granted, be very thorough because there is some serious talented operators out there that can CRSF or inject for fun. End note best of luck with it and above all have fun doing so =]

Wuild 24th June 2012 20:48
Quote:
Originally Posted by djzoulox (Post 35418)
well i don't think it looks that bad, all sources comes with major work and error's i think , that's why were all here to help thoes who can help ,
and also as you guys stated it is in developement , it's gonna be cool to see who will run a major site with this new script .

but wish you all good luck with your source :drink:
IDD!! and thank you! :drink:

Bump:
Quote:
Originally Posted by Bigjoos (Post 35419)
I'm no disputing the classes wont by the way if it comes across like that, im only offering advice and " Golden Rules " on something i know a fair amount on, something that will kill any project dead before its begun if not addressed correctly. Unless you have personally written those classes and know exactly whats happening with any given scenario of submitted data do not trust nothing or take it for granted, be very thorough because there is some serious talented operators out there that can CRSF or inject for fun. End note best of luck with it and above all have fun doing so =]
I hear you man, but all the classes are written by me, i know what they all are doing and when they are doing it, but like i said, all the data is checked when inserted or updated. so unless somone shows me some real hacking im gonna go with it as it is ;)

LeeHowarth 24th June 2012 21:41
http://opentracker.nu/demo/user/logout/

As the avatar url prevents me from logging in so you should pay attention to what i was saying, a xbtit developer originally showed me this and its probably a common hack in php where developers assume no url santization is required i suggest you check getimagesize out this will validate a url against a image...

Wuild 24th June 2012 21:45
Quote:
Originally Posted by djhowarth (Post 35421)
http://opentracker.nu/demo/user/logout/

As the avatar url prevents me from logging in so you should pay attention to what i was saying, a xbtit developer originally showed me this and its probably a common hack in php where developers assume no url santization is required i suggest you check getimagesize out this will validate a url against a image...
its already been fixed.

kizze 24th June 2012 22:52
As you know, we had made a demo account (www.opentracker.nu/demo), but now we have been forced to cancel the edit profile account, someone seemed to go in and change the password! So unfortunately you can not test on those capabilities even further during the edit profile.

Optix 24th June 2012 23:03
Quote:
Originally Posted by Wuild (Post 35422)
its already been fixed.
Nope. Logout URL is still functionnal when called from everywhere on your CMS. :coffee:

kizze 24th June 2012 23:13
Quote:
Originally Posted by Optix (Post 35424)
Nope. Logout URL is still functionnal when called from everywhere on your CMS. :coffee:
Yeah we got a development website where it is fixed, but not on the demo.
But we removed the avatar and disabled the demo user from being editable

Optix 24th June 2012 23:27
Quote:
Originally Posted by kizze (Post 35425)
Yeah we got a development website where it is fixed, but not on the demo.
But we removed the avatar and disabled the demo user from being editable
You seems not understand. I'm not talking about the demo, but the CMS in general, because it will be deployed in the future.

Sanitize inputs is a thing, but check the source of the input is an other. That's CRSF : you've to check the source of the request. When you're displaying a form, you're excepting data from this form only and block other requests issued by a foreign site/domain or your own platform.
When you're displaying an action link (like add as friend, logout, delete account etc), only the page where the link is displayed can trigger process. Currently, it's possible to call all your URLs from everywhere (foreign site and your CMS itself).

Wuild 25th June 2012 00:05
Quote:
Originally Posted by Optix (Post 35427)
You seems not understand. I'm not talking about the demo, but the CMS in general, because it will be deployed in the future.

Sanitize inputs is a thing, but check the source of the input is an other. That's CRSF : you've to check the source of the request. When you're displaying a form, you're excepting data from this form only and block other requests issued by a foreign site/domain or your own platform.
When you're displaying an action link (like add as friend, logout, delete account etc), only the page where the link is displayed can trigger process. Currently, it's possible to call all your URLs from everywhere (foreign site and your CMS itself).
should be fixed on the demosite now.

Bump: Uploading the latest build of openTracker to the demo.. enjoy

firefly007 25th June 2012 04:29
Quote:
Originally Posted by kizze (Post 35394)
Hello!

Me and a friend are doing a brand new tracker source that we have decided to give the name "openTracker".


We are going to make our own mods / plugins / addons, and then hosting them on our website, there you can download them. But there will also be a forum there you can post your own mods / plugins / addons if you want to share them with other members.

openTracker follows the W3C standars and looks the same in all browsers. openTracker is buildt to support themost popular platforms out there.
openTracker is an opensource torrent tracker system buildt in PHP.

Please visit us on www.opentracker.nu and try out the demo we have for now!

//KizzE
www.opentracker.nu
kizze@opentracker.nu
support@opentracker.nu

Attachment 3747
Really nice


All times are GMT +2. The time now is 18:02.
Page 3 of 9 1 2 3 4 5 6 7 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.