On Thu, 14 Sep 2006 18:07:45 -0700, Alexander Limi
<[EMAIL PROTECTED]> wrote:
Yeah, I just did a quick Google search and followed the first 150 links,
and about 70-80% of the sites have already fixed this, and return a 404
when I follow the link (if you do this, remember to turn off JS firs
Yeah, I just did a quick Google search and followed the first 150 links,
and about 70-80% of the sites have already fixed this, and return a 404
when I follow the link (if you do this, remember to turn off JS first!)
It's a minor issue, and I do think we nipped it in the bud before it
becam
To say these sites are "compromised" is a bit extreme. People who
were allowed to create profiles (i.e. this only happens to sites where
anybody can join) could take advantage of a minor XSS vulnerability to
seed google requests. Additionally there was a apparently more common
avenue of attack f
It has been fixed, that's what the 2.5.1 and 2.1.4 releases were about.
Full instructions are here:
http://plone.org/documentation/how-to/clean-up-link-spam-on-your-site
-- Alexander
On Thu, 14 Sep 2006 16:54:25 -0700, Alan Runyan
<[EMAIL PROTECTED]> wrote:
Alan Runyan
Enfold Systems,
Alan Runyan
Enfold Systems, Inc.
http://www.enfoldsystems.com/
phone: +1.713.942.2377x111
fax: +1.832.201.8856
-Original Message-
From: Sean Duffy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 13, 2006 10:45 AM
To: [EMAIL PROTECTED]
Subject: Plone site compromise epidemic
On Thu, 14 Sep 2006 16:00:45 -0700, Martin Aspeli
<[EMAIL PROTECTED]> wrote:
- There is already a "delete confirm" page when you select the Delete
action from the actions drop-down (I believe this used to be a JS
pop-up). It'd be nice of the delete protection could be applied here so
tha
Hi guys,
These notes are about PLIP125, Link Integrity. This PLIP contains two parts:
- Warn users when they try to delete things that would break links
- Warn users when they try to move things that would break links
and/or update reference automatically and/or provide a redirect
These not
Previously Rocky Burt wrote:
> On Thu, 2006-14-09 at 19:29 +0200, Wichert Akkerman wrote:
> > I figured a quick status update might be useful. At this moment we have
> > four reviews in:
> >
> > PLIP 48 - session authentication
> > PLIP 121/122/171 - AZAX and Bling
> > PLIP 148 - CMF 2
On Thu, 2006-14-09 at 19:29 +0200, Wichert Akkerman wrote:
> I figured a quick status update might be useful. At this moment we have
> four reviews in:
>
> PLIP 48 - session authentication
> PLIP 121/122/171 - AZAX and Bling
> PLIP 148 - CMF 2.1
> PLIP 179 - commenting
>
> we hav
I figured a quick status update might be useful. At this moment we have
four reviews in:
PLIP 48 - session authentication
PLIP 121/122/171 - AZAX and Bling
PLIP 148 - CMF 2.1
PLIP 179 - commenting
we have 11 days until we must have reviews for all bundles. That is less
than two w
[sorry if this turns into a developer discussion which
might not be exactly what you expect here. If I should
move this to plone-devel just tell me.]
Raphael Ritz schrieb:
[..]
With respect to just putting something (the ftis) into the ZODB in order
to keep things working at a minimal level thi
Hanno Schlichting schrieb:
Alec Mitchell wrote:
On 9/13/06, Raphael Ritz
<[EMAIL PROTECTED]> wrote:
that's what I meant by saying earlier that PIL isn't necessarily
trivial to install. But anyway, I consider my original question
answered: it wasn't introduced on purpose in the first place but
n
Hi Raphael,
Of course we still need to fix the current Archetypes mechanism to work
with CMF 2.1. As we havn't deprecated it yet, we cannot brake it.
With respect to just putting something (the ftis) into the ZODB in order
to keep things working at a minimal level this shouldn't be hard and
I
Martin Aspeli schrieb:
Hanno Schlichting wrote:
[..]
Of course we still need to fix the current Archetypes mechanism to work
with CMF 2.1. As we havn't deprecated it yet, we cannot brake it.
With respect to just putting something (the ftis) into the ZODB in order
to keep things working at a mi
14 matches
Mail list logo