<%= NewRelic::Agent.browser_timing_header rescue "" %>

David van Geest

Software, Life, and Stuff I Couldn't Find on the Internet

60cycleCMS 2.5.1 released

| Comments

I know, two posts about 60cycleCMS in one day :-). Supporting the webmaster over at aegamestudios while he was installing 60cycleCMS motivated me to put together another release.

60cycleCMS 2.5.1, ironically, considering my previous post, does address a potential security vulnerability. While previously I was using a somewhat lame white-list filter to filter input from the URL "post" parameter, I've switched to using PHP's real_escape_string() from mysqli. While I'm not sure of the exact method, I suspect my previous white-list filter could have been bypassed, and an attacker could have done some damage with SQL injection. Using real_escape_string() should completely mitigate this potential vulnerability.

This release also includes a custom negative CAPTCHA (in addition to ReCAPTCHA) to protect against spammers with a bunch of human CAPTCHA breakers from some disadvantaged country. Lastly it includes CSS stylesheet listing all the custom classes used by 60cycleCMS, for easier customization (thanks to Madison at aegamestudios.com for that suggestion).

As always, you can download the latest zip from the project page, or checkout the latest code from svn.

Comments