RevCMS Housekeeping Release

Status
Not open for further replies.

Stee

Oh hot damn. This is my jam.
Jun 28, 2011
285
158
I won't slate this, it's a decent enough release but it needs some work, some immediate and some just for personal pettiness.

I believe that the permissions check could be a lot better, perhaps have that in class.core.php, out of the way of the templates. The same goes for some of the random functions inside of the template files.

Limit the amount of chatlogs chatlogs.php brings in, it isn't healthy to not have a limit. You'll experience timeouts with the current query, add a pagination.

Please don't say "Your staff shouldn't be staff if you cannot trust them." at this bit.

The following files; filter.php, test.php, addnews.php are vulnerable to SQL injection, via POST. Also, I'm unsure without googling if 'intval' protects agains't SQL injection or not, if it doesn't then a bunch of other pages are vulnerable.

How to fix? Wrap the $_POST and $_GET variables with the 'filter' function, which already exists in Rev. (There is no need for the 'secureStr' function in addnews.php').

Other than that, nice share.

Did anyone fix the vulnerabilities to the SQL inject?

Also what's the web.config for this? it's not included..
 

MayoMayn

BestDev
Oct 18, 2016
1,423
683
Did anyone fix the vulnerabilities to the SQL inject?

Also what's the web.config for this? it's not included..
Tbh I'd just recommend NOT to use anything related to RevCMS as it's both deprecated and outdated.
Even back when it was first created it was using bad practices.

To be fair, @Kryptos probably wrote the original release within a few days.
 

Stee

Oh hot damn. This is my jam.
Jun 28, 2011
285
158
Tbh I'd just recommend NOT to use anything related to RevCMS as it's both deprecated and outdated.
Even back when it was first created it was using bad practices.

To be fair, @Kryptos probably wrote the original release within a few days.

You suggest not using RevCMS at all?
 

Paypal

Freelance developer
Apr 1, 2017
310
131
You suggest not using RevCMS at all?
Revcms is not very secure if you know what you are doing then yes you can run revcms and make sure its secre but if you are a noob revCMS is the easiest to setup but not the most secure but thats my opinion
 

Stee

Oh hot damn. This is my jam.
Jun 28, 2011
285
158
Revcms is not very secure if you know what you are doing then yes you can run revcms and make sure its secre but if you are a noob revCMS is the easiest to setup but not the most secure but thats my opinion

Thanks for the advice. I appreciate it. I've been using it for a while. Just easy to use cause it's what I'm used too aha.
 

AlopPapo

New Member
Jan 3, 2015
10
2
when i try to get into hk, its reload to me.
pls someone teach me how to install it.

im a newbie!
 
Status
Not open for further replies.

Users who are viewing this thread

Top