Important BlogCFC update - thanks to ProCheckup

Recently the security firm Procheckup performed a security scan on BlogCFC. This was for a customer of theirs but they gladly shared the issues they found. This was rather nice of them so I'd like to thank them. They not only sent me a very detailed list of the issues (XSS issues), but also worked to help me verify they were fixed. Grab the latest bits from RIAForge: http://blogcfc.riaforge.org

Archived Comments

Comment 1 by Josh posted on 5/19/2010 at 9:11 PM

Have you ever looked at Portcullis?(http://portcullis.riaforge..... It's a SQL injection and XSS filter. I use it and it seems to work pretty well. Filters all form, url, and cookie variables.

Comment 2 by Raymond Camden posted on 5/19/2010 at 9:27 PM

No, I've not. I tend to prefer to do things more obvious - directly on the page. Of course, it leads to mistakes like those corrected by Procheckup.

Comment 3 by Mavelar posted on 6/12/2010 at 12:43 AM

Hey Raymond, what if I want to update those specific files. I have my blog cfc customized.

Comment 4 by Raymond Camden posted on 6/12/2010 at 12:48 AM

Check the readme.txt file. It always details exactly what files changed in what release.