We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Another Security Hole! | Forum

Topic location: Forum home » Support » Bug reports and troubleshooting
DesignOX
DesignOX Sep 9 '12
If someone type in:
http://yoursite.com/blogs/save/delete/id/(BlogID)

They can delete any post they want.
#1
Purusothaman Ramanujam
Purusothaman Ramanujam Sep 9 '12
I confirm this.
#2
Purusothaman Ramanujam
Purusothaman Ramanujam Sep 9 '12
Oxwall team has been alerted about this. Thanks Steffen for finding this.
#3
DesignOX
DesignOX Sep 10 '12
No problem. I sent Oxwall a message too about my findings.
#4
Den Team
Den Sep 10 '12
We've been already alerted about the issue.Thanks for reporting guys. As we update blog plugin in store, you should perform an autoupdate for blogs in your admin area. 
The Forum post is edited by Den Sep 10 '12
#5
DesignOX
DesignOX Sep 11 '12
No problem Den!
I spend all my days on Oxwall now. So it is kind of imporant that it is secure.
#6
DesignOX
DesignOX Sep 11 '12

Quote from Paul Cuffe you could block the "path" via the init file to prevent this until they fix it :)
Could you please tell me how?
#7
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software