Francesco submitted this piece of code that should solve the security issue on
their version release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The control we made up it's just on the value of the cookie
$_COOKIE['ck_loging_loggedSESSION_ID'], a value set to true just in case of
correct login.
So the code (added to a lot of file) is:
$variable="ck_login_logged".$_COOKIE['sid'];
if($_COOKIE[$variabile]=='true')
{ [the whole file code] }
else
{
Header("location:/care2x/language/en/lang_en_invalid-access-warning.php?lang
=en");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For more info please email Francesco or via this mailing list.
Thanks
Elpidio
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Care2002-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/care2002-developers
