RevCMS Housekeeping Release

[Examed]

late but nice release

 

[Altercationz]

Does this work with IIS?

Yes this does.

 

[Qonflict]

Looks really fancy!

 

[Stee]

I won't slate this, it's a decent enough release but it needs some work, some immediate and some just for personal pettiness.

I believe that the permissions check could be a lot better, perhaps have that in class.core.php, out of the way of the templates. The same goes for some of the random functions inside of the template files.

Limit the amount of chatlogs chatlogs.php brings in, it isn't healthy to not have a limit. You'll experience timeouts with the current query, add a pagination.

Please don't say "Your staff shouldn't be staff if you cannot trust them." at this bit.

The following files; filter.php, test.php, addnews.php are vulnerable to SQL injection, via POST. Also, I'm unsure without googling if 'intval' protects agains't SQL injection or not, if it doesn't then a bunch of other pages are vulnerable.

How to fix? Wrap the $_POST and $_GET variables with the 'filter' function, which already exists in Rev. (There is no need for the 'secureStr' function in addnews.php').

Other than that, nice share.

Did anyone fix the vulnerabilities to the SQL inject?

Also what's the web.config for this? it's not included..

 

[MayoMayn]

Did anyone fix the vulnerabilities to the SQL inject?

Also what's the web.config for this? it's not included..

Tbh I'd just recommend NOT to use anything related to RevCMS as it's both deprecated and outdated.
Even back when it was first created it was using bad practices.

To be fair, @Kryptos probably wrote the original release within a few days.

 

[Stee]

Tbh I'd just recommend NOT to use anything related to RevCMS as it's both deprecated and outdated.
Even back when it was first created it was using bad practices.

To be fair, @Kryptos probably wrote the original release within a few days.

You suggest not using RevCMS at all?

 

[Paypal]

You suggest not using RevCMS at all?

Revcms is not very secure if you know what you are doing then yes you can run revcms and make sure its secre but if you are a noob revCMS is the easiest to setup but not the most secure but thats my opinion

 

[Stee]

Revcms is not very secure if you know what you are doing then yes you can run revcms and make sure its secre but if you are a noob revCMS is the easiest to setup but not the most secure but thats my opinion

Thanks for the advice. I appreciate it. I've been using it for a while. Just easy to use cause it's what I'm used too aha.

 

[stevenkks]

Thanks man! I like the layout and ill be using it!

 

[Alexeii]

Can someone please give instructions on how to add this HK?

 

[Kak]

Can someone please give instructions on how to add this HK?

Replace your hk folder in your skins folder with one in the download.

 

[AlopPapo]

when i try to get into hk, its reload to me.
pls someone teach me how to install it.

im a newbie!

 

[Joe]

when i try to get into hk, its reload to me.
pls someone teach me how to install it.

im a newbie!

Post in the help section.

Thread closed