Nabeel

Nothing in your spam folder? Can you PM me your email address, please?

Changed Files: Merge pull request #126 from PierreLvx/master FirePHP update View complete changes Download from here

Changed Files: Merge pull request #125 from SilentT-FR/patch-1 Create fr.lang.php View complete changes Download from here

Changed Files: Merge pull request #128 from sergioag/master Fix 2 more strict warnings View complete changes Download from here

Changed Files: Added static to setBidOnSchedule() as needed View complete changes Download from here

Changed Files: OFCharts::show_chart() was missing static attribute, corrected it now View complete changes Download from here

Changed Files: Merge pull request #127 from Vansers/master Updated Event upon success on login. View complete changes Download from here

Changed Files: Added Event Trigger for Pilot ID Change Added CodonEvent::Dispatch for Pilot ID that has been changed, so future add-on modules will be able to update whatever they have with Pilot ID's View complete changes Download from here

Changed Files: Updated Event upon success on login. Added Auth::$userinfo in the event upon on login. View complete changes Download from here

After thinking about it for some time, I have decided to change the license for phpVMS to the much simpler BSD 3-clause license. Development has pretty much stopped as my work schedule gives me almost no time for side-projects, so hopefully this fosters more forks and development, which I will be happy to merge back into the mainline branch(es). Nabeel

Changed Files: Formatting for license View complete changes Download from here

Changed Files: Changed project license to BSD 3-clause View complete changes Download from here

Can you send me a support ticket, so I can have your user id, etc? Thanks

This is usually a problem with the server rejecting the credentials. Google, as far as I know, doesn't allow their SMTP to be used by scripts and automated daemons

Changed Files: Merge pull request #122 from equinoxmatt/master SQL Injection fix View complete changes Download from here

Changed Files: SQL Injection fix View complete changes Download from here

Changed Files: Changed to static method View complete changes Download from here

Changed Files: Merge pull request #117 from agarzon/master Global variables can't be used as parameters, they are global already. View complete changes Download from here

Changed Files: Fixing bug Declaring static properties and use it as object View complete changes Download from here

Changed Files: Global variables can't be used as parameters, they are global already. View complete changes Download from here

Good would have been an alert :\ Delete the core/lib/ofc_image_upload.php file, or replace it with the one from the latest download. ofc_image_upload.php is something that's not even used. The rest of the library is just an interface to the charts, which are used internally, and no URL parameters are passed in.

That looks like your database credentials were likely incorrect

Hi all, I've updated the download to 2.1.936 - basically to null the file where I believe the exploit is coming from. I looked through the other files, and I think they look OK. Please update as soon as possible - really the only updated file was core/lib/php-ofc-library/ofc_upload_image.php. Instead of deleting it, I patched it, so then it will get patched on an upload. Sorry for all the trouble guys! Please be sure to look through your server and account very carefully - if you see something suspicious, delete it, or rename it to add a .txt extension so it can't be found, until you can verify if the file is safe or not. Thanks!

Changed Files: Patch for php-ofc-library exploit View complete changes Download from here

Yeah, unfortunately it's through a 3rd party library. I'm going to try to patch the exact location. phpVMS itself is pretty secure; I follow the thought of "trust no input", and combed through pretty diligently. I'll have another pass to see if I'm missing anything