"Desc: Input passed via the parameter 'sortby' is not properly
sanitised before being returned to the user or used in SQL queries.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code. The param 'num' is vulnerable to a XSS issue
where the attacker can execute arbitrary HTML and script code in
a user's browser session in context of an affected site."
Security issues require admin login.
Don't redirect errors to /dev/null and don't return true(1)
unconditionally. Instead, don't check for the existence of index.theme.
This will allow us to catch errors that may be happening because of a
missing dependency in the chain.
Some hidden issues may appear, in which case please contact me.
discussed with and ok blind jasper@
here is the new port and the new stuff:
* Fix a bug where not the entire saved cert wouldn't be checked
* Add an include_config setting to load additional configuration
settings
* Add option to display when a download completes
* Rewrite mutex implementation to work around some bogus buggy mutex
implementation messages
* Make bunch of settings work in runtime vs start-of-day
* Add option to select search engine when used the first time
* Add ctrl-enter to prefix www. and postfix .com
* Add stop keybinding
* Fix a bunch of tiny bugs and general code improvement
OK sthen@
Fixes some bugs and a security issue (SA49330).
Many improvements and new features.
Now the MySQL user needs also the LOCK permission.
ok jasper@ on a previous diff
turnaround projects like screen-scraping.
Original diff against py-beutifoulsup from wen heping, converted to
a stand alone port after some discussion in ports@.
