MarkE Posted April 4 Share Posted April 4 Just posting this here as I raised an issue some time ago about TextformatterHannaCode module, which has not been responded to or addressed (see https://processwire.com/talk/topic/3745-hanna-code/page/18/?tab=comments#comment-217245 and https://github.com/ryancramerdesign/ProcessHannaCode/issues/26). I have also recently raised a PR (https://github.com/ryancramerdesign/ProcessHannaCode/pull/27) to fix it. Essentially the problem is that, if you have a PHP Hanna Code which is namespaced (ProcessWire), then the module will remove the namespace (irritating in itself), but also (and maybe more seriously) it will omit the line if(!defined("PROCESSWIRE")) die("no direct access"); which is potentially a security weakness. The PR is a simple one-word fix. 2 Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now