[Xerte-dev] Re: Fixes last night (XOT)
David Goodwin
david at palepurple.co.uk
Tue Mar 6 10:05:22 GMT 2012
Julian -
Assuming you are the Google code boss - can you set GoogleCode up so issue(s) are cc'ed to this mailing list automatically? Does it provide any sort of integration between tickets and the mailing list?
It's a bit annoying having to notify the list that a ticket has been created or changed or whatever.
thanks,
David.
On 6 Mar 2012, at 08:10, Ron Mitchell wrote:
> I added this to the issue page but thought I'd post here too....
>
> Not sure it's practical to have a whitelist - too many potential urls that
> users might add to the relevant XOT page and unrealistic for someone with
> access to the code or management.php to keep adding new allowed url's upon
> request. Isn't there a way to restrict rss_proxy.php so that it can't be
> accessed via browser and can only be called from relevant XOT code?
>
> Sorry I might be mis-understanding the risk but in a big college or
> University I can't see it being practical to have and manage a whitelist.
>
> HTH
> Ron
>
> -----Original Message-----
> From: xerte-dev-bounces at lists.nottingham.ac.uk
> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of David Goodwin
> Sent: 06 March 2012 07:38
> To: For Xerte technical developers
> Subject: [Xerte-dev] Fixes last night (XOT)
>
> Hi
>
> I made some fixes to XOT trunk last night - so you can at least install and
> login as a new user. (I did a full install and used demo.php to login).
> Again this breakage was due to merging by the looks of it.
>
> The installer will now remove any existing xerte db tables if they exist
> before trying to create then.
>
> The installer now tries to strongly suggest to people that they delete the
> setup folder. Can we change the installer so it aborts if someone has an
> existing database.php file or something so making deletion unnecessary?
> (obviously I can code it to - but is this an ok thing to do ?)
>
>
> I've also created an issue on the google issue tracker covering a security
> problem in proxy_rss.php. Does XOT store a list of all remote urls someone
> may want to request anywhere so we can have a whitelist of good urls - at
> the moment someone can use proxy_rss.php to fetch any remote URL.
>
> Thanks
> David
>
> David Goodwin
> Pale Purple Ltd.
> http://www.palepurple.co.uk
> 0845 0046746
> 07792 380669
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
>
> This message and any attachment are intended solely for the addressee and
> may contain confidential information. If you have received this message in
> error, please send it back to me, and immediately delete it. Please do not
> use, copy or disclose the information contained in this message or in any
> attachment. Any views or opinions expressed by the author of this email do
> not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
>
>
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
Pale Purple Ltd. (Company No: 5580814)
'Business Web Application Development and Training in PHP'
http://www.palepurple.co.uk
Office: 0845 0046746 Mobile: 07792380669
Follow us on Twitter: @PalePurpleLtd
More information about the Xerte-dev
mailing list