'[OSC-ANNOUNCE] [WEEKLY] Issue #29: June 13, 2003'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       osc-announce
Subject:    [OSC-ANNOUNCE] [WEEKLY] Issue #29: June 13, 2003
From:       Harald Ponce de Leon <hpdl () oscommerce ! com>
Date:       2003-06-13 19:30:33
[Download RAW message or body]

By Harald Ponce de Leon

June 13, 2003

osCommerce 2.2 Milestone 2 Release Date
User Input Now Sanitized
default.php Now index.php
New In The Press Section

Discussions regarding this weekly report can be found here:

http://forums.oscommerce.com/viewtopic.php?t=47793

osCommerce 2.2 Milestone 2 Release Date

The release date for osCommerce 2.2 Milestone 2 has been set to 17.06.2003.

This allows the Administration Tool to be put through the standards updates routine, \
and to perform a security audit on the code, which has already been performed on the \
Catalog module.

We appreciate it if you can help strengthen the codebase by testing the CVS sources, \
and by submiting problems to the Bug Reporter.

The Bug Reporter can be reached here:

http://www.oscommerce.com/community/bugs

User Input Now Sanitized

All user input provided on the Catalog module is now being put through a \
"strip-then-parse" process to prevent Cross Site Scripting vulnerabilities from \
occuring.

The "stripping" part replaces all occurances of "" characters in the user input with \
"_" characters, and the "parsing" part wraps the string around htmlspecialchars() or \
a weaker equivalent where appropriate (eg, form input fields) when it is being \
displayed.

A "strip-then-parse" proposal will soon be added to the Wiki documentation site which \
will go into further details of the implementatation.

Once the proposal is online, it will be mentioned in the pending Weekly Summary \
Report as it is important that contribution authors follow the project standards to \
keep their work secure.

The Wiki documentation site can be reached here:

http://wiki.oscommerce.com

default.php Now index.php

The main catalog page has been renamed from default.php to index.php to minimize \
problems encountered on new installations.

All three modules (Catalog, Administration Tool, Installation) are now consistent \
with using index.php.

New In The Press Section

A new In The Press section has been added to the support site, which contains short \
blurbs on the project being reviewed in the public media.

This section has been pending for a while to be added to the site, with Internet \
Professionell giving it a higher priority on our to-do list when it gave the project \
a whopping 94% rating in an open source online shop comparison review.

If you find the project being reviewed in the public media, please inform us about it \
and if possible forward the related material.

The new In The Press section can be reached here:

http://www.oscommerce.com/about/press
_______________________________________________
osCommerce, Announcements Mailing List
http://two.pairlist.net/mailman/listinfo/osc-announce

[prev in list] [next in list] [prev in thread] [next in thread] 