I was able to install Protector without too much trouble. Now, I can access the Security Advisory link and receive the following:
'register_globals' : off ok
'allow_url_fopen' : on Not secure
This setting allows attackers to execute arbitrary scripts on remote servers.
Only administrator can change this option.
If you are an admin, edit php.ini or httpd.conf.
Sample of httpd.conf:
php_admin_flag allow_url_fopen off
Else, claim it to your administrators.
'session.use_trans_sid' : on Not secure
Your Session ID will be diplayed in anchor tags etc.
For preventing from session hi-jacking, add a line into .htaccess in XOOPS_ROOT_PATH.
php_flag session.use_trans_sid off
'XOOPS_DB_PREFIX' : xoops Not secure
This setting invites 'SQL Injections'.
Don't forget turning 'Force sanitizing *' on in this module's preferences.
Go to prefix manager
'mainfile.php' : patched ok
I know I need to update the areas that are still not secure.
When I try to click on Protect Center or the main Protector icon, I received a blank white page. Upon turning on debug, I receive the following error:
Fatal error: Cannot redeclare class protector in /home/myrootdirectory/XOOPS_TRUST_PATH/modules/protector/class/protector.php on line 3
Thanks for your help.
Quote:
skincarekim wrotes:
When I try to click on Protect Center or the main Protector icon, I received a blank white page. Upon turning on debug, I receive the following error:
Fatal error: Cannot redeclare class protector in /home/myrootdirectory/XOOPS_TRUST_PATH/modules/protector/class/protector.php on line 3
If you have installed Protector 2.x, remove all files under XOOPS_ROOT_PATH/modules/protector/ once.
Thank you for helping me with this but that doesn't seem to be the problem. This is a fresh install of xoops 2.016 and protector 3. I never installed protector 2.
I did check and there was no XOOPS_ROOT_PATH directory.
Any other ideas of things to check? I do appreciate your help and from what I've read on the xoops site this is definitely a module I want to get working!
Quote:
skincarekim wrotes:
I did check and there was no XOOPS_ROOT_PATH directory.
I cannot understand what you mean.
Perhaps, your patch into mainfile.php will be wrong.
Quote:
Any other ideas of things to check? I do appreciate your help and from what I've read on the xoops site this is definitely a module I want to get working!
Read the advisory carefully.
It tells you how to fix it.