On Friday, 18 November 2005 15:32, Martin Dougiamas wrote: > These are all fixed in 1.5.3. > > Well, to be exact about the SQL injection we found it was almost impossible > to fix completely so we now just recommend correct PHP settings to overcome > that problem. It turns out that the particular settings that allowed > the SQL > injection were actually quite rare. Thanks Martin. :)
I've been following the SQL injection issue since it was "announced". I'm just decreased the severity of the bug. I'll add a notice warning about having register_globals=on and magic_gpc_quotes=off in the new Moodle upload. Best regards -- Isaac Clerencia at Warp Networks, http://www.warp.es Work: <[EMAIL PROTECTED]> | Debian: <[EMAIL PROTECTED]>
pgpyXgcQ6BS8V.pgp
Description: PGP signature
