[Xerte-dev] Re: Fixes last night (XOT)

Julian Tenney Julian.Tenney at nottingham.ac.uk
Tue Mar 6 07:43:37 GMT 2012


Thanks a lot, that's great. I'll have a look when I get to work...
________________________________________
From: xerte-dev-bounces at lists.nottingham.ac.uk [xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of David Goodwin [david at palepurple.co.uk]
Sent: 06 March 2012 07:37
To: For Xerte technical developers
Subject: [Xerte-dev] Fixes last night (XOT)

Hi

I made some fixes to XOT trunk last night - so you can at least install and login as a new user. (I did a full install and used demo.php to login). Again this breakage was due to merging by the looks of it.

The installer will now remove any existing xerte db tables if they exist before trying to create then.

The installer now tries to strongly suggest to people that they delete the setup folder. Can we change the installer so it aborts if someone has an existing database.php file or something so making deletion unnecessary? (obviously I can code it to - but is this an ok thing to do ?)


I've also created an issue on the google issue tracker covering a security problem in proxy_rss.php. Does XOT store a list of all remote urls someone may want to request anywhere so we can have a whitelist of good urls - at the moment someone can use proxy_rss.php to fetch any remote URL.

Thanks
David

David Goodwin
Pale Purple Ltd.
http://www.palepurple.co.uk
0845 0046746
07792 380669
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev



More information about the Xerte-dev mailing list