From john at userfrenzy.com Thu Oct 6 15:03:56 2005 From: john at userfrenzy.com (John Handelaar) Date: Thu, 06 Oct 2005 15:03:56 +0100 Subject: [DesDev] Security notice (WEO, TEO) Message-ID: <43452ECC.4060109@userfrenzy.com> Have removed xmlrpc.php from the root directory of both Drupal sites and replaced them with empty files. That is all jh From martin at uckwa.org Mon Oct 10 23:21:52 2005 From: martin at uckwa.org (Martin Burns) Date: Mon, 10 Oct 2005 23:21:52 +0100 Subject: [DesDev] Fwd: [Content] Feedback: Access denied References: Message-ID: <16F914B1-2D90-480E-99FF-C37775FEB268@uckwa.org> Begin forwarded message: > From: Jens Brueckmann > Date: 9 October 2005 08:34:41 BDT > To: content@lists.evolt.org > Subject: [Content] Feedback: Access denied > Reply-To: info@yalf.de, content@lists.evolt.org > > > > -- The following message was sent using the feedback page -- > > Hello, > > I just discovered some weird behaviour of the evolt site. > > When being logged in - which I did to comment on an article - further > access to most pages, including all articles is denied. Logging out > again, I can access these pages again. > > This occurs when using either Opera 8.02 or Firefox 1.07 on Windows > 2000. > > Now what is this behaviour supposed to achieve? > > I also see an MySQL error and a warning (presumably caused by the > error > message), pop up when having first logged in and then trying to access > the "Donate" page (despite access being denied): > > user error: You have an error in your SQL syntax. Check the manual > that corresponds to your MySQL server version for the right syntax to > use near 'OR format = 3' at line 1 > query: SELECT * FROM filter_formats WHERE OR format = 3 in > /store/host/www.evolt.org/includes/database.mysql.inc on line 66. > > warning: Cannot modify header information - headers already sent by > (output started at /store/host/www.evolt.org/includes/common.inc:384) > in /store/host/www.evolt.org/includes/common.inc on line 224 > > As a site note concerning the new design: The font size of 80% is > quite > aggravating and not user friendly at all. Time and again I have to > change my browser's font size settings to be able to read stuff. > I do hope you will be able to change evolt, making it literally more > accessible. > > Cheers, > > Jens Brueckmann > > > > ---------------------------------- > Site Name : evolt.org > Full Name : Jens Brueckmann > E-mail address : info@yalf.de > Referring page : http://www.evolt.org/ > IP Address : http://whois.sc/212.117.92.152 > Browser info : Opera/8.50 (Windows NT 5.0; U; en) > _______________________________________________ > Content mailing list > Content@lists.evolt.org > http://lists.evolt.org/mailman/listinfo/content > http://lists.evolt.org/htdig/search.html > -- > Spammers: Send me email -> yumyum@easyweb.co.uk to train my filter > http://www.nuclearelephant.com/projects/dspam/ From martin at uckwa.org Tue Oct 11 15:44:25 2005 From: martin at uckwa.org (Martin Burns) Date: Tue, 11 Oct 2005 15:44:25 +0100 Subject: [DesDev] Moving on with weo Message-ID: Right. We've had 6 weeks of rest since weo went live. Can we now please pick up the pace? We have a number of outstanding issues and feature requests to look at: http://evolt.org/issues plus stuff that has been complained about in emails/comments: 1) Trackback/comment layout not clear 2) Text size too small 3) Non-validation of the form-clearing JS taken wholesale from the old (non-xHTML) site Before we can do any of this, we need to update teo to match weo so we have a valid testbed. I'd also like to get both updated to Drupal 4.6.3 so we can re-enable the RPC functionality without opening security holes. We're also getting intermittent SQL errors related to spam.surbl. Enough to be getting on with? Cheers Martin -- > Spammers: Send me email -> yumyum@easyweb.co.uk to train my filter > http://www.nuclearelephant.com/projects/dspam/