XSS ist possible in the admin part of the comments extensions.
Reproduce:
1. Post a Comment with say scriptalert(oh my xss)/script
2. Login as admin, goto comments tab
3. you see...
In the frontend, the output is handled correctly.
This gives an attacker the possibility to take over an admin
Andrew Neil wrote:
You could create a custom Radius tag to wrap around the Rails truncate[1]
method. Something like this might do the trick:
Actually, this method should be written up in the Radiant 2009
Documentation project as a good simple example of bringing in Rails
methods into
Mohit Sindhwani wrote:
Actually, this method should be written up in the Radiant 2009
Documentation project as a good simple example of bringing in Rails
methods into Radiant installs - it would help those entry level Rails
programmers who wonder how to bridge the worlds of Rails and Radiant.
Johannes Fahrenkrug said the following on 01/12/2009 12:08 PM:
Hi,
I'm new to the list and relatively new to Radiant. I'm evaluating
Radiant for a mid-sized customer project. The customer has a legacy
DB2 database. Replacing it is not an option for the customer. So my
question is: can I use
Chris Poldier wrote:
Radiant would be a great catalog system for e-commerce.
I'm interested in this... but I don't know how to use a Radiant page
as a kind of template itself for a given model.
As an example, let's call it Product (I'm imaginative), and we have
a nice admin section to do
The best eCommerce source for Ruby on Rails is Spree http://spreehq.com
Radiant is an excellent CMS, and i'm sure that you could use it for an
eCommerce solution, but i would use Spree.
Jason
On Mon, Jan 12, 2009 at 1:32 PM, Ignacio Carrera nach...@gmail.com wrote:
Chris Poldier wrote:
On Mon, Jan 12, 2009 at 1:58 PM, jason white
stonesoupandboiledfr...@gmail.com wrote:
The best eCommerce source for Ruby on Rails is Spree http://spreehq.com
Radiant is an excellent CMS, and i'm sure that you could use it for an
eCommerce solution, but i would use Spree.
Have you ever used
On Mon, Jan 12, 2009 at 2:43 PM, Paul Ingles ping...@me.com wrote:
Hi,
I'm trying to show a side-menu with a section, so, for example:
- Welcome
+ Items Intro
++ Item A
++ Item B
I'd like to show a list with Items Intro, Item A, and Item B on the Items
Intro, Item A, and Item B pages-
Hi
I just installed Radiant 0.6.9 on an Apache server. Using Phusion Passenger.
Rails 2.1.2 and Ruby 1.8.5.
Trying to deploy a test page and I have no problem getting to the admin
section, logging in and setting up a test page. However, when I try to view
the test page in the browser I get
On Jan 12, 2009, at 2:55 PM, Susan Chouinard wrote:
Trying to deploy a test page and I have no problem getting to the
admin
section, logging in and setting up a test page. However, when I try
to view
the test page in the browser I get a 500 error. I figure this is just
something really
Sean Cribbs wrote:
It should be a fairly simple transition for most. There will be some
aspects that will be significantly different -- we've reduced the number
of tables in various views, and the navigation tabs are in two levels
now, instead of one -- not to mention the look and feel
There will probably be an RC2 in the next week or so, but I think John's
right. There's enough for a full release very soon, without the new UI.
Sean
How about doing an RC2 release -- giving developers a little more time,
but still releasing the fancy new UI. What do you think, good
Hi Susan,
Have you set a layout for your page? Pages do inherit layouts from their
parents but, naturally, the root page needs to have a layout set. If that's not
it, have a look at your log at [path_to_app]/log/[environment].log -- you'll
usually find some information regarding your problem
Lack of a layout would not prevent the root page from rendering if the
'body' part is present. There's probably something else going on.
Sean
Christian Vetter wrote:
Hi Susan,
Have you set a layout for your page? Pages do inherit layouts from their
parents but, naturally, the root page
Hi Christian, Jose and Sean -
I've tried every one of the suggestions offered so far, with the exception
of upgrading Ruby to 1.8.6, and no luck so far.
Susan
-Original Message-
From: radiant-boun...@radiantcms.org
[mailto:radiant-boun...@radiantcms.org]
On Behalf Of Christian
Then try tailing the log and putting it in a pastebin for us. That
can help us know what's going on. Here's the command, in case you're
not familiar:
tail -f log/production.log
Then paste into one of these websites:
http://pastie.org
http://gist.github.com
Sean
Susan Chouinard wrote:
Hi
Ben Morrow wrote:
Mohit Sindhwani wrote:
Actually, this method should be written up in the Radiant 2009
Documentation project as a good simple example of bringing in Rails
methods into Radiant installs - it would help those entry level Rails
programmers who wonder how to bridge the worlds of
17 matches
Mail list logo