Bug Fix - DataLife Engine Support

Bug Fix - DataLife Engine Support http://dleviet.com/ ru Bug Fix - DataLife Engine Support DataLife Engine Insufficient filtering of incoming data for DLE 8.5 http://dleviet.com/dle/bug-fix/480-Insufficient-filtering-of-incoming-data-for-DLE-85.html http://dleviet.com/dle/bug-fix/480-Insufficient-filtering-of-incoming-data-for-DLE-85.html Problem: User is allowed to upload files to server (no pictures), may go beyond the permitted download folder, and if he has the administrator account, then interrogate the script.

Error in version: All Versions

The degree of danger: Medium (High if the administrator account are online)

Distribution version 8.5 has been updated.]]> admin Wed, 09 Jun 2010 23:38:50 -0600 Fix bug cross-site scripting (XSS) attacks http://dleviet.com/dle/bug-fix/475-Fix-bug-cross-site-scripting-XSS-attacks.html http://dleviet.com/dle/bug-fix/475-Fix-bug-cross-site-scripting-XSS-attacks.html Problem: Under certain conditions, your site can be attacked XSS. Attacker can steal cookies; browser if administrator use outdated browser. So he can access to authorized area.
View more about XSS : http://en.wikipedia.org/wiki/Cross-site_scripting

Affected version: 7.x - 8.5

The degree of danger: Low

Download the patch and copy to your own server patch: dle7_85_path.zip

This patch applies to all versions: 7.x - 8.5]]> admin Sun, 06 Jun 2010 03:33:19 -0600 Fix lost Category of DLE after move hosting http://dleviet.com/dle/bug-fix/373-Fix-lost-Category-of-DLE-after-move-hosting.html http://dleviet.com/dle/bug-fix/373-Fix-lost-Category-of-DLE-after-move-hosting.html

Fix lost Category of DLE after move hosting
]]> admin Wed, 05 May 2010 22:23:06 -0600 DLE 8.5 SQL (fixes User Groups, Banners, Vote) http://dleviet.com/dle/bug-fix/309-DLE-85-SQL-fixes-User-Groups-Banners-Vote.html http://dleviet.com/dle/bug-fix/309-DLE-85-SQL-fixes-User-Groups-Banners-Vote.html You might face Unknown Column "Start" & "End" problem after Restoring DLE 8.3 SQL

Its because there are two new columns in DLE 8.5 to start a Banner , Vote Transitions.
Also and other col "Image_size" in user groups

Here is the solution]]> Pakistan Thu, 11 Mar 2010 20:09:49 -0700 Lack of filtering incoming data in the module reset your password in DataLife Engine 8.2 http://dleviet.com/dle/bug-fix/287-Lack-of-filtering-incoming-data-in-the-module-reset-your-password-in-DataLife-Engine-82.html http://dleviet.com/dle/bug-fix/287-Lack-of-filtering-incoming-data-in-the-module-reset-your-password-in-DataLife-Engine-82.html Problem: Lack of filtering incoming data in the module reset your password.

Error in version: only 8.2, the versions below 8.2, as well as the current version 8.3 is not affected

The degree of danger: Very high

Distribution version 8.2 has been updated.]]> admin Thu, 25 Feb 2010 22:14:34 -0700 Lack of filtering incoming data in the processing of news http://dleviet.com/dle/bug-fix/286-Lack-of-filtering-incoming-data-in-the-processing-of-news.html http://dleviet.com/dle/bug-fix/286-Lack-of-filtering-incoming-data-in-the-processing-of-news.html Problem: Lack of filtering incoming data in the processing of news.

Error in version: All Versions before DLE 8.0

The degree of danger: Low]]> admin Thu, 25 Feb 2010 21:56:42 -0700 Insufficient filtering of incoming data for DLE http://dleviet.com/dle/bug-fix/185-Insufficient-filtering-of-incoming-data-for-DLE.html http://dleviet.com/dle/bug-fix/185-Insufficient-filtering-of-incoming-data-for-DLE.html Problem: Lack of filtering incoming data in the processing of news.

Error in version: All Versions (except DLE 8.2)

The degree of danger: Low

Source :

http://dle-news.ru/bags/665-nedostatochnaya-filtraciya-vxodyashhix-dannyx.html

]]> admin Sat, 17 Oct 2009 09:41:21 -0600 Insufficient filtering of incoming data in DaraLife Engine 7.5 http://dleviet.com/dle/bug-fix/15-Insufficient-filtering-of-incoming-data-in-DaraLife-Engine-7.5.html http://dleviet.com/dle/bug-fix/15-Insufficient-filtering-of-incoming-data-in-DaraLife-Engine-7.5.html Problem: Lack of filtering incoming data.

Error in version: 7.5 and below

The degree of danger: Low

To download the patch and copy to your server patch: http://dle-news.ru/files/dle75_path.zip (Note the patch is for version 7.5)

Distribution version 7.5 has been updated.

Source:

http://dle-news.ru/bags/v75/570-nedostatochnaya-filtraciya-vxodyashhix-dannyx.html

]]> admin Sun, 26 Apr 2009 15:09:37 -0600