You're not really reading what I'm posting are you? Please read all that's posted on here then reply.
The bugs listed for PhotoPost were addressed in PhotoPost I gather, however this is a ReviewPost forum ergo what I posted is a problem with ReviewPost.
Some of the security issues for PhotoPost are equally applicable to ReviewPost. Take for example the SQL injection one I highlighted right above with proof of concept. At least one bug highlighted in "showgallery.php" (posted on Secunia on 2005-03-29) is directly applicable to "showproduct.php" in ReviewPost because it's basically the SAME CODE and it still remains open and unfixed.
The version number issue I mentioned is also just listed as an advisory.. nothing more. I even said that in my post. It's just a personal thing. Publicising your exact version number is a bad idea and one that phpBB adopted for the same obvious reasons.
MichaelP posted on July 30th:
Quote:
|
PhotoPost Classifieds will be out tomorrow and I expect ReviewPost to get the same code changes for a release in the next week or two.
|
The question asked by the first poster was... with the publicised flaws in PhotoPost that have been addressed, when will we see a fix for ReviewPost as it shares the same code?
Ergo.. I've posted bugs, pointed out possible security flaws, and posted fixes where I can (with proof of concept if applicable) in ReviewPost that are all applicable to this topic because for at least one of them you've known about it for at least 2 months and failed to help.
IMHO individual security flaws need to be addressed ASAP when you're notified (preferably within a certain number of days). Glorified "code overhauls" can wait.