GIJOE wrote:
And the security hole of 1.2.2 or 2.0 beta 2 is found by me, not by onokazu.
I read the source and I had the conviction wjue does not have skills to be able to create modules which can be opened to the public.
wjue wrote:
I agree, scarring people in this manner is not a professional practice.
The security problem mentionned here occur only if your PHP have register_global set to ON and "remote include" also set to on, "remote include" often causing security risk is well known. The latest version (1.2.2) I released is sufficiently safe. Users of 1.2.1 version can also adopte Onokazu's simple patch.