Search found 140 matches

by laborix
Sun Feb 16, 2025 3:16 pm
Forum: Development and tests
Topic: FlatPress 1.4 "Notturno": Release Candidate 1 released, please help testing
Replies: 4
Views: 4004

Re: FlatPress 1.4 "Notturno": Release Candidate 1 released, please help testing

Here are a few results from a test of FlatPress 1.4-dev Github 1899.
Test environment Apache with PHP 8.4.4

Download, upload and setup FlatPress 1.4-dev Github 1899 without errors, everything runs smoothly
Reconfiguring to the German language works
Importing German-language Leggero theme and ...
by laborix
Sun Feb 09, 2025 5:15 pm
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

Hi,

I maintain the old FlatPress 1.0.3 version for practice. There, the same error appeared in core.utils.php and I threw myself into debugging and retracing the function. After I realized that the error was reproducible, I experimented a bit and found a solution for the attack scenario as well as ...
by laborix
Wed Feb 05, 2025 8:19 pm
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

The open penetration test of the current FlatPress 1.4-dev Github 1886 Version has the following results:
PHP Warning: strtok(): Both arguments must be provided when starting tokenization in ../fpgit1886/fp-includes/core/core.utils.php on line 110
This is just a single warning, nothing more 8 ...
by laborix
Sun Feb 02, 2025 8:24 pm
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

.. ready for the third run? ...
...
I have not been able to find a possible SQL injection vulnerability in the contact form. ...
FlatPress has no SQL injection problem, because FlatPress works without an SQL database in the background.
However, FlatPress does have a problem that SQL injection ...
by laborix
Sat Feb 01, 2025 7:35 am
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

... I will check if we have SQL injection vulnerability in the contact form ...
I had been working on the topic of SQL injection for some time and then wrote a string test method for form inputs, search fields and other string inputs.
/**
* Check string for SQL Injection Parameter
*
* Debug ...
by laborix
Fri Jan 31, 2025 2:33 pm
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

Hi Frank,

New run, Penetration quick test, new test results:
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
Server Leaks Version Information via "Server" HTTP Response Header Field
Possible starting points:
// http://de.wikipedia.org/wiki/Liste_der_HTTP-Headerfelder ...
by laborix
Sun Jan 26, 2025 8:09 am
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

So, after a few minor difficulties :roll: , the whole system is up and running again.
Here are the results after several hours of penetration testing of FlatPress 1.4-dev Github 1844

PHP Warning: Undefined array key "y" in .../fpgit1844/fp-plugins/prettyurls/plugin.prettyurls.php on line 88
PHP ...
by laborix
Sat Jan 25, 2025 9:22 am
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

Good morning again,

please forget the note with the debug info (see my posting this morning Sa Jan 25, 2025 9:11 am), I had an update and then a faulty configuration of the penetration software :roll:
I'll try to fix it this weekend and then send some more info on FlatPress 1.4-dev Github 1844 ...
by laborix
Sat Jan 25, 2025 8:11 am
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

Good morning Frank,

I take a look at the Github 1844 this morning and compared it with the previous core.language.php version. Very interesting solution ;)

Regardless of this, while a penetration test of FlatPress 1.4-dev Github 1844, the PHP error log is filled, filled and filled again, filled ...
by laborix
Fri Jan 24, 2025 1:26 pm
Forum: FlatPress project
Topic: PHP 8.3 and 8.4
Replies: 30
Views: 10474

Re: PHP 8.3 and 8.4

... an 18 year old Thinkpad ...
I used an old T490 " refurbed " for testing :D
... If you feel like testing an expansion stage of the function ...
I will wait with testing until the core.language.php is added to the FlatPress Github version or a working alternative solution is available.

I'm ...