Support ⇒ Modules & Blocks ⇒ OpenID - security issue ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexModules & Blocks

OpenID - security issue Reply to topic


Some time ago I wrote an OpenID hack for DragonFly which it transpires contains a security hole :-

dragonflycms.org/Forum...c/t=24386/

I've removed the code from the only site I was personally using it on, and have removed the package from my downloads section. I'm not sure how many people downloaded this, or have used it or are using it, but if you still have this on your website you should ...

STOP USING IT RIGHT NOW!

This package replaced the following core files :-

header.php
footer.php
blocks/block-User_Info.php
blocks/block-User_Info_Small.php
includes/cmsinit.inc
includes/class/cpg_member.php
language/english/your_account.php
modules/Your_Account/index.php
modules/Your_Account/register.php

Re-uploading the official DragonFly versions of these files to your website will remove the OpenID hack.

Many apologies for this, I was asked to implement this for a site I worked on and it wasn't a particularly good implementation anyway even without the security implication. Embarassed

Gaming League / Cup - www.leaguecms.co.uk :: Other DragonFly modules - www.cmsdreams.co.uk

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):

All times are UTC


Jump to: