Recently the security firm Procheckup performed a security scan on BlogCFC. This was for a customer of theirs but they gladly shared the issues they found. This was rather nice of them so I'd like to thank them. They not only sent me a very detailed list of the issues (XSS issues), but also worked to help me verify they were fixed. Grab the latest bits from RIAForge: http://blogcfc.riaforge.org
(This post is more than 2 years old.)
Important BlogCFC update - thanks to ProCheckup
Support this Content!
If you like this content, please consider supporting me. You can become a Patron, visit my Amazon wishlist, or buy me a coffee! Any support helps!
Want to get a copy of every new post? Use the form below to sign up for my newsletter.
Archived Comments
Have you ever looked at Portcullis?(http://portcullis.riaforge..... It's a SQL injection and XSS filter. I use it and it seems to work pretty well. Filters all form, url, and cookie variables.
No, I've not. I tend to prefer to do things more obvious - directly on the page. Of course, it leads to mistakes like those corrected by Procheckup.
Hey Raymond, what if I want to update those specific files. I have my blog cfc customized.
Check the readme.txt file. It always details exactly what files changed in what release.