FlatPress support forum

... I will check if we have SQL injection vulnerability in the contact form ...
I had been working on the topic of SQL injection for some time and then wrote a string test method for form inputs, search fields and other string inputs.
/**
* Check string for SQL Injection Parameter
*
* Debug ...

Hi Frank,

New run, Penetration quick test, new test results:
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
Server Leaks Version Information via "Server" HTTP Response Header Field
Possible starting points:
// http://de.wikipedia.org/wiki/Liste_der_HTTP-Headerfelder ...

So, after a few minor difficulties :roll: , the whole system is up and running again.
Here are the results after several hours of penetration testing of FlatPress 1.4-dev Github 1844

PHP Warning: Undefined array key "y" in .../fpgit1844/fp-plugins/prettyurls/plugin.prettyurls.php on line 88
PHP ...

Good morning again,

please forget the note with the debug info (see my posting this morning Sa Jan 25, 2025 9:11 am), I had an update and then a faulty configuration of the penetration software :roll:
I'll try to fix it this weekend and then send some more info on FlatPress 1.4-dev Github 1844 ...

Good morning Frank,

I take a look at the Github 1844 this morning and compared it with the previous core.language.php version. Very interesting solution ;)

Regardless of this, while a penetration test of FlatPress 1.4-dev Github 1844, the PHP error log is filled, filled and filled again, filled ...

... an 18 year old Thinkpad ...
I used an old T490 " refurbed " for testing :D
... If you feel like testing an expansion stage of the function ...
I will wait with testing until the core.language.php is added to the FlatPress Github version or a working alternative solution is available.

I'm ...

...Good that you have several test environments. May I take advantage of that?...
There are tons of tutorials on all three operating systems in a virtual box and how to set them up. So you can quickly install them yourself with “click&click”, you just have to want to. A developer should actually ...

Whoever programmed this may have added a trigger_error() at this point just as internal developer info :roll: ?
A little debug run.

1. search field -> "features" used as search term
2. search button pressed
3. output of all entries containing the word “features"

My debug output for this:
PHP ...

Test environment:
Apache 2.4.58, PHP 8.4.3, Windows platform

Ok, new test FlatPress 1.4-dev (Github 1833)
Everything seems to work, but there are new PHP warnings when using search button.

PHP Warning: Missing or invalid key in language configuration: localecountry_a. Using fallback value. in ...

... as developers usually only have one test environment at their disposal ...
As a starting point, a standard notebook from the business sector with 8GB RAM, a processor and an SSD disk:

Test environment Apache, PHP 5.x - 8.x, MySQL database
Test environment NGinx, PHP 8.x, PostgreSQL, MySQL ...