hi brash.
Quote:
Ok, just answered my first question. Clicking the ALL button doesn't actually select all the permissions, only the required ones. Perhaps if that button was renamed to something like 'Recommended Permissions' it would be a bit clearer.
The reason why the button is named 'ALL' is caused by language problem.
There are no proper constants like "Recommended" in language/(language)/global.php
Although I've just read your post in
www.xoops.org , I don't think it is the result of SQL Injection attack.
Usually, crackers try to get the password by SQL Injection.
It is not so interesting for crackers to duplicate some records, I guess.
Anyway, you'd better check the access log.
finding /* is good way.
*/