Re: Yogurt Social Network multiple scripts uid variable XSS

I spoke a few months ago with Marcelo on maintaining the module also compatible for impressCMS. I sent a request to adjust this in a sector in particular. Nor did the translation for the Yogurt útlima for the Portuguese version of the module. Marcelo is a very reasonable and partner. I think we should get in touch with him yes. If there is no return, perhaps those who are interested in moving the module should change the name of the module and maintain the claims on all the work already done.
Here's how it works OpensSource. But remember, this work should send to the author also wherever possible.

[pt-br]
Eu conversei a alguns meses atras com marcelo sobre manter o módulo compatível também para impressCMS. Eu enviei uma solicitação para ajustar isto em um setor em especial. Também realizei toda a tradução para o Yogurt útlima versão para o português deste módulo. Marcelo é uma pessoa muito razoável e parceiro. Eu penso que devemos entrar em contato com ele sim. Se não houver retorno, talvez quem esteja interessado em evoluir o módulo deverá modificar o nome do módulo e manter os créditos sobre todo o trabalho já feito.
É assim que funciona OpensSource. Mas lembre-se, deve enviar este trabalho para o autor também sempre que possível.
[/pt-br]

Giba
Topic


Re: Yogurt Social Network multiple scripts uid variable XSS

Quote:


Stranger:
Off track a little but how long would it take to set up cbb like that? So we can get rid of the newbb crap. D3forum is not yet ready for primetime.

-----

Sidenote i wonder if xforum can be renamed...



we probably will need to review all files, and this may take some times ... and since newbb will get some problems in 1.1 I think it's better to start the works on it (now we have to hack a couple of files to make it work)

unfortunately I still have not worked with xforum .. how is it? is it better that newbb ? and what do you think about newbb 4?

Topic


Re: Yogurt Social Network multiple scripts uid variable XSS

Quote:


stranger wrote:
Sounds good to me ... other possibility might be, I add my improvement for easy renaming in the module?

then users can rename it to whatever they want ...




That would be hot!!! I love modules that can be changed to what you want to call them.

-----

Stranger:
Off track a little but how long would it take to set up cbb like that? So we can get rid of the newbb crap. D3forum is not yet ready for primetime.

-----

Sidenote i wonder if xforum can be renamed...



Re: Yogurt Social Network multiple scripts uid variable XSS

Why removing it? By fixing I meant sorting this out

I'm not the person in charge for this, I think it's better if you talk with sato and Vaughan .... I was just giving a suggestion in my earlier post ... Vaughan is working on that area I think.



Re: Yogurt Social Network multiple scripts uid variable XSS

Fix it? Remove it you mean? But do you have Authorization from Marcello to take the development of the module and/or make derivate works?



Re: Yogurt Social Network multiple scripts uid variable XSS

I believe sato can fix this for us, as he is one of the project admins of that project ...



Re: Yogurt Social Network multiple scripts uid variable XSS

Creative Commons, 'No Derivative Works. You may not alter, transform, or build upon this work.'



Re: Yogurt Social Network multiple scripts uid variable XSS

Vaughan is just fixing the vulnerabilities issues ...

Quote:

What about the CC license?



Sorry, I don't understand what you meant?



Re: Yogurt Social Network multiple scripts uid variable XSS

I am not understanding, are you taking the development of yogurt?
What about the CC license?



Re: Yogurt Social Network multiple scripts uid variable XSS

Sounds good to me ... other possibility might be, I add my improvement for easy renaming in the module?

then users can rename it to whatever they want ...



Re: Yogurt Social Network multiple scripts uid variable XSS

Sorry, i like name yogurt , but... if this module is changed in SVN impresscms, this correct is change name.

My vote is change name.

This will differentiate one version to version ImpressCMS a xoops. But if changes are just to send to Marcelo, my vote is to keep the name and developer support sending the amendments to it.

Giba


Re: Yogurt Social Network multiple scripts uid variable XSS

Perhaps we can modify it and give a better name?
frankly I don't like the name



Re: Yogurt Social Network multiple scripts uid variable XSS

It worked before - I think part of the old site is still cached as half of it appears in the old form for me.



Re: Yogurt Social Network multiple scripts uid variable XSS

Quote:


davidl2 wrote:
Latest cvs is available here:...


David, that link doesn't work (missing trailing slash?) SF has also changed their site a bit.
This is the correct link:
http://sourceforge.net/projects/galeriayogurt/?abmode=1



Re: Yogurt Social Network multiple scripts uid variable XSS

excellent :)

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!


Re: Yogurt Social Network multiple scripts uid variable XSS

I kontakt him and i have access to the CVS from him.



Re: Yogurt Social Network multiple scripts uid variable XSS

as far as i'm aware, the original author has stopped developing it due to time constraints.

there's a huge security risk for users at the moment due to these vulnerabilites being discovered, therefore i think it would be in everybodies interests to release an updated version.

i'm gathering 3.3 RC1 with it being at the RC stage has no more features to be added etc, so it would only be bugfixes & security fixes.

if so, we could do with updating the latest version.

could someone contact the author and find out what is going on?

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!






Re: Yogurt Social Network multiple scripts uid variable XSS

i can't checkout from that CVS?

if someone can get the latest version, we can start working on it.

Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!



 Top