New PHP Script.. Test it out will ya?
Collapse
X
-
New PHP Script.. Test it out will ya?

TGPFactory Full TGP Design & Installation Services
ICQ 250 142 484 · AIM TGPDynamix · Email: patrick (at) tgpfactory (dot) com
See who I am at AdultWhosWho.com!Tags: None -
-
-
Okay two questions then--
1) At the top of the index there's a thumbnail (the "Latest Photo").. should this link to the photo or to the celebrity gallery it belongs to?
2) The "This Month" What's New page.. should it show updates in the last 30 days or just in that month, even if it's the 1st of the month?
Any other suggestions?
TGPFactory Full TGP Design & Installation Services
ICQ 250 142 484 · AIM TGPDynamix · Email: patrick (at) tgpfactory (dot) com
See who I am at AdultWhosWho.com!Comment
-
1. If you are going to have ads and such in the gallery then to the gallery. If not then I would say link to the pic.Originally posted by Dynamix
Okay two questions then--
1) At the top of the index there's a thumbnail (the "Latest Photo").. should this link to the photo or to the celebrity gallery it belongs to?
2) The "This Month" What's New page.. should it show updates in the last 30 days or just in that month, even if it's the 1st of the month?
Any other suggestions?
2. I would think that "This Month" should only be the current month.
Side Note: I am really not impressed with all the blue on blue. Maybe add another color or something to make it stand out.
Comment
-
OK, a few security concerns.
1) Looks like your just pulling whatever file the user asks for. See: http://www.dxan.com/cobra/image.php?...ges/header.gif
This is bad.
2) You are not validating input, equally bad; see:
http://www.dxan.com/cobra/model.php?...g%20input&id=1
You are escaping meta characters, which is a good thing.
Let me know if you need any help closing these things up.
Otherwise, looks cool
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews
The new and improved iBOUNCER. Give us a try.
ICQ: 201971159 or http://www.iBOUNCER.comComment
-
Aye, those are from trying to upload GIF's.. I had the ImageMagick functions only working with JPEG's before updating.Originally posted by rickholio
I'm noticing that a couple of the thumbnails are turning out all black, like here ...
TGPFactory Full TGP Design & Installation Services
ICQ 250 142 484 · AIM TGPDynamix · Email: patrick (at) tgpfactory (dot) com
See who I am at AdultWhosWho.com!Comment
-
You beat me to itOriginally posted by iBOUNCER
OK, a few security concerns.
1) Looks like your just pulling whatever file the user asks for. See: http://www.dxan.com/cobra/image.php?...ges/header.gif
This is bad.
2) You are not validating input, equally bad; see:
http://www.dxan.com/cobra/model.php?...g%20input&id=1
You are escaping meta characters, which is a good thing.
Let me know if you need any help closing these things up.
Otherwise, looks cool
Comment
-
Hey, that's why I make the BigBucks(TM) as a security consultant to the stars.Originally posted by swedguy
You beat me to it
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews
The new and improved iBOUNCER. Give us a try.
ICQ: 201971159 or http://www.iBOUNCER.comComment
-
Thanks for the input, both flaws have been fixedOriginally posted by iBOUNCER
OK, a few security concerns.
1) Looks like your just pulling whatever file the user asks for. See: http://www.dxan.com/cobra/image.php?...ges/header.gif
This is bad.
2) You are not validating input, equally bad; see:
http://www.dxan.com/cobra/model.php?...g%20input&id=1
You are escaping meta characters, which is a good thing.
Let me know if you need any help closing these things up.
Otherwise, looks cool

TGPFactory Full TGP Design & Installation Services
ICQ 250 142 484 · AIM TGPDynamix · Email: patrick (at) tgpfactory (dot) com
See who I am at AdultWhosWho.com!Comment
-
Comment
-
http://www.dxan.com/cobra/browse.php?type=fname&kw=%Originally posted by Dynamix
Thanks for the input, both flaws have been fixed
Might wanna change so you can only use for example a-z in "kw" and every other var that can only have specific input.Comment



Comment