Please beware that the replacement suggested above opens a hole for SQL injection attacks...
Please Log in to join the conversation.
Please Log in to join the conversation.
what folder do i find this comprofiler.php in?
Please Log in to join the conversation.
Sibling Chris wrote:
if your problems are exactly the same as I described mine were using mambo 4.5.3 then I would think the same fix I suggested to comprofiler.php will work, it certainly sorted things for me
in comprofiler.php look for
confirm(mosGetParameter($_REQUEST,'confirmcode','1');
and replace with
confirm( $_GET );
Thanks for finding the problem. I'm amazed that Mambo changed the mosGetParameter function...
But please beware that the replacement suggested above opens a hole for SQL injection attacks...
Instead, a SQL-safe replacement is:
[code:1]cbGetEscaped(isset($_GET) ? $_GET : ""«»);
[/code:1]
Please Log in to join the conversation.
Take a look there: SQL Injection Attacks by Examplesort of a noob question.... but can someone explain what exactly is a SQL injection attack? and how would this affect a website if the above code was changed as suggested?
Please Log in to join the conversation.