Re: Twocents security
Posted: Sun Jul 19, 2020 5:45 pm
I set cryptograph in setting of twocents, but can not see captcha in comments. Any solution?cmb wrote: ↑Sun Jul 19, 2020 11:32 amHmm, there is no built-in CAPTCHA in Twocents_XH (Advancedform_XH has one, though).
Eine Alternative zu Recaptcha_XH ist Cryptographp_XH 1.0beta6. Weniger elegant als Recaptcha, aber dafür kommt man ohne Registrierung und Schlüssel aus. Allerdings sollte man noch diesen Fix vornehmen.
The captcha is only displayed when you are logged out, not in the backand.
It seems there is a fundamental flaw regarding the internal variable $su, because it may not be URL decoded. While https://www.cmsimple-xh.org/?About-CMSimple_XH works as expected, https://www.cmsimple-xh.org/?%41bout-CMSimple_XH does not, although it is the same. Maybe replacing this line withustalo wrote: ↑Mon Oct 25, 2021 5:21 pmi download
reinstall crypt
change browser
captcha is on, but the is no images with code
https://ustalo.ru/?Пробуем/Коментарии-Два-цента
Code: Select all
$su = utf8_substr(urldecode($su), 0, $cf['uri']['length']);
cmb wrote: ↑Mon Oct 25, 2021 10:41 pmIt seems there is a fundamental flaw regarding the internal variable $su, because it may not be URL decoded. While https://www.cmsimple-xh.org/?About-CMSimple_XH works as expected, https://www.cmsimple-xh.org/?%41bout-CMSimple_XH does not, although it is the same. Maybe replacing this line withis a proper fix?Code: Select all
$su = utf8_substr(urldecode($su), 0, $cf['uri']['length']);
This needs more investigation by the CMSimple_XH developers! There might be issues with external services encoding the URL (?foo/bar → ?foo%2Fbar).
I can confirm this.
The problem is that the guestbook is called on a subpage (level-2). Somewhere here we had this before, but can't find it right now.ustalo wrote: ↑Mon Oct 25, 2021 5:21 pmi download
reinstall crypt
change browser
captcha is on, but the is no images with code
https://ustalo.ru/?Пробуем/Коментарии-Два-цента