hey guys, i've spent some time reworking the codebase of the site. (essentially transitioning from PHP4 to PHP5 and trying to clean up all the SQL injection points.)
anyway, hopefully everything is working and nothing has changed, but if you see any bugs, please post them to the forum right away.
and if you find any sql injection spots, please email me.
Internal site update
Re: Internal site update
ah hopefully it'll work...
(i'm kinda curious, are you going to publish the flaws and how they were fixed?
also could u please take a look at the get problem on the main page (fails to work)
also if you're going to leave the commercials on the front it might be nice to call them so and not partner sites
edit: also see attempt paths doesnt work ^^*
(i'm kinda curious, are you going to publish the flaws and how they were fixed?
also could u please take a look at the get problem on the main page (fails to work)
also if you're going to leave the commercials on the front it might be nice to call them so and not partner sites
edit: also see attempt paths doesnt work ^^*
Re: Internal site update
thanks santa -- i have fixed the get problem from main page, and also the attempt paths.
sorry about the ads on the front page, but my contract says i have to call them partner sites. hopefully nobody will get confused, or i'll remove them when the contract is up.
the site flaws weren't very interesting -- basically, i didn't pay any attention to sql injection when i designed the site, so any page that queried the db based on user input was vulnerable. there were also some places where i didn't screen user input well enough for things like embedded javascript.
thanks,
adum
sorry about the ads on the front page, but my contract says i have to call them partner sites. hopefully nobody will get confused, or i'll remove them when the contract is up.
the site flaws weren't very interesting -- basically, i didn't pay any attention to sql injection when i designed the site, so any page that queried the db based on user input was vulnerable. there were also some places where i didn't screen user input well enough for things like embedded javascript.
thanks,
adum
Re: Internal site update
I don't know if this is related with the site update, but there is a (recent?) change with my user account right management.
It seems :
- I can see the "Desactivate comment" checkbox on any comment on any problem, but I can't desactivate comments (even mine).
- I can see the "Edit" button on all problems (before it was only with mine), but I cannot edit other's problem.
It seems :
- I can see the "Desactivate comment" checkbox on any comment on any problem, but I can't desactivate comments (even mine).
- I can see the "Edit" button on all problems (before it was only with mine), but I cannot edit other's problem.
Last edited by lok on Mon Apr 13, 2009 10:50 am, edited 1 time in total.
Re: Internal site update
Maybe it's not from update but my solving history was erased somehow . I think I've solved 4-5 hundred problems (anyhow all problems between 30 and 15 k were solved).
Now it seems that I dosen't solved any problem. In this moment appears solved only the problems I did today.
Than you.
Now it seems that I dosen't solved any problem. In this moment appears solved only the problems I did today.
Than you.
Re: Internal site update
lok -- thanks, i've fixed both of those problems now.
sorinab -- unless you have a pro account, your solving history will periodically get erased.
sorinab -- unless you have a pro account, your solving history will periodically get erased.
Re: Internal site update
txadum wrote:sorinab -- unless you have a pro account, your solving history will periodically get erased.