This is a discussion on CKEditor [wyswyg] within the New osCommerce Contributions forums, part of the osCommerce 2.2 Forums category; There is a small bug related with security in filemanager config.php . If someone knows the url for filemanager (i.e. ...
CKEditor [wyswyg] There is a small bug related with security in filemanager config.php . If someone knows the url for filemanager (i.e. http://xxxxxxx/admin/ckeditor/filema...ts_description[2]&CKEditorFuncNum=2&langCode=en), then he/she can view, delete, or change the files.
To fix that:
FIND:
if (!isset ($_SESSION ['osCAdminID']))
on line 29
CHANGE TO:
if (!isset ($_SESSION ['osCAdminID'])) exit;
More...
Michael Sasek
osCMax Developer
osCmax Installation Service - Have our professionals install osCmax on your server - same day service!
osCmax 2.5 User Manual - the must have beginners guide to osCmax v2.5
Stay Up To Date with everything osCMax:
Free osCmax Newsletters - Security notices, New Releases, osCMax News
osCmax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
Bookmarks