[Xerte-dev] Fixes last night (XOT)

David Goodwin david at palepurple.co.uk
Tue Mar 6 07:37:39 GMT 2012


I made some fixes to XOT trunk last night - so you can at least install and login as a new user. (I did a full install and used demo.php to login). Again this breakage was due to merging by the looks of it. 

The installer will now remove any existing xerte db tables if they exist before trying to create then. 

The installer now tries to strongly suggest to people that they delete the setup folder. Can we change the installer so it aborts if someone has an existing database.php file or something so making deletion unnecessary? (obviously I can code it to - but is this an ok thing to do ?)

I've also created an issue on the google issue tracker covering a security problem in proxy_rss.php. Does XOT store a list of all remote urls someone may want to request anywhere so we can have a whitelist of good urls - at the moment someone can use proxy_rss.php to fetch any remote URL. 


David Goodwin 
Pale Purple Ltd. 
0845 0046746
07792 380669

More information about the Xerte-dev mailing list