kiku90 Posted January 19, 2011 Share Posted January 19, 2011 Modification for Languages that have Special Characters ... IMPORTANT: This file now MUST be saved as the correct charset, it can no longer be saved as a standard ASCII file. Hello, thank you for another great contribution. Everything seems to work fine, but situation gets complicated because of special chars in my shop. I have a polish language shop encoded in UTF-8. When I "install" the modification for languages that have Special Characters and save the file in UTF-8 encode I get a warning at the very top of my page: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\sklep\includes\modules\fwr_media_security_pro.php:1) in C:\xampp\htdocs\sklep\includes\functions\sessions.php on line 102 but the search with special char which I inserted in $lang_additions = 'Ż'; works fine. It's just that wired warning. Line 102 in ...\includes\functions\sessions.php: return session_start(); Any advice? Please help. Quote Link to comment Share on other sites More sharing options...
♥FWR Media Posted January 19, 2011 Author Share Posted January 19, 2011 Any advice? Please help. It simply means that after you have edited the file it is sending information to the browser. This usually means a space or BOM before the opening <?php tab. Are you using a flat file editor like notepad? kiku90 1 Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
kiku90 Posted January 19, 2011 Share Posted January 19, 2011 It simply means that after you have edited the file it is sending information to the browser. This usually means a space or BOM before the opening <?php tab. Are you using a flat file editor like notepad? Thank you for quick replying. You are right, I'm using notepad++. Now I've saved the file using adobe dreamweaver and it's working. Best regards! Quote Link to comment Share on other sites More sharing options...
♥FWR Media Posted January 19, 2011 Author Share Posted January 19, 2011 Thank you for quick replying. You are right, I'm using notepad++. Now I've saved the file using adobe dreamweaver and it's working. Best regards! notepad++ is a much better editor than Dreamweaver ( which I think is aweful ) probably you just had the settings wrong in notepadd++ e.g. saving with BOM. Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Ted Thompson Posted January 20, 2011 Share Posted January 20, 2011 Your security addon strips / out of the $_get which is killing "Product URL"s where they are "www.somesite.com/somefolder" - it comes back as www.somesite.comsomefolder Which would be better? Changing product_info.php to just create a straight link, skipping the call to redirect.php or altering the $_get cleansing to allow / through?? Based on you saying that allowing "/" through is a big big risk, it sounds like I should alter product_info.php to build a direct link and avoid using redirect.php - yes? Quote Link to comment Share on other sites More sharing options...
♥FWR Media Posted January 20, 2011 Author Share Posted January 20, 2011 Your security addon strips / out of the $_get which is killing "Product URL"s where they are "www.somesite.com/somefolder" - it comes back as www.somesite.comsomefolder Which would be better? Changing product_info.php to just create a straight link, skipping the call to redirect.php or altering the $_get cleansing to allow / through?? Based on you saying that allowing "/" through is a big big risk, it sounds like I should alter product_info.php to build a direct link and avoid using redirect.php - yes? Well osCommerce feel that it is fine to have the full URL in the querystring .. and it is in the case where it is coded correctly. Security Pro isn't however necessary because the coding of osCommerce is bad, as it isn't it's very good, it exists to protect against all of the badly coded contributions ( which most are ). Having said that I don't see why it wasn't coded like the manufacturers link like .. redirect.php?action=manufacturer&manufacturers_id=1 Instead of .. redirect.php?action=url&goto=www.matrox.com%2Fmga%2Fproducts%2Fg200_mms%2Fhome.cfm Couldn't it just have been .. redirect.php?action=url&goto=product&products_id=1 Then pull the URL from the products description table based on the products id Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
♥FWR Media Posted January 20, 2011 Author Share Posted January 20, 2011 (edited) Modifying the product url code for Security Pro As standard osCommerce allows a link in product info which includes a URI with forward slashes. This is stripped by Security Pro so below is revised code to restore the functionality without compromising the white list or excluding redirect.php. catalog/product_info.php Find .. <td class="main"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=' . urlencode($product_info['products_url']), 'NONSSL', true, false)); ?></td> Change to .. <td class="main"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=product&products_id=' . (int)$HTTP_GET_VARS['products_id'], 'NONSSL', true, false)); ?></td> catalog/redirect.php Find .. case 'url': if (isset($HTTP_GET_VARS['goto']) && tep_not_null($HTTP_GET_VARS['goto'])) { $check_query = tep_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_url = '" . tep_db_input($HTTP_GET_VARS['goto']) . "' limit 1"); if (tep_db_num_rows($check_query)) { tep_redirect('http://' . $HTTP_GET_VARS['goto']); } } break; Change to ... case 'url': if ( ( isset( $HTTP_GET_VARS['goto'] ) && ( $HTTP_GET_VARS['goto'] == 'product' ) ) && ( isset( $HTTP_GET_VARS['products_id'] ) && is_numeric( $HTTP_GET_VARS['products_id'] ) ) ) { $url_query = tep_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "'"); if (tep_db_num_rows($url_query)) { $row = tep_db_fetch_array( $url_query ); tep_db_free_result( $url_query ); if ( tep_not_null( $row['products_url'] ) ) { tep_redirect('http://' . $row['products_url']); } } } elseif (isset($HTTP_GET_VARS['goto']) && tep_not_null($HTTP_GET_VARS['goto'])) { $check_query = tep_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_url = '" . tep_db_input($HTTP_GET_VARS['goto']) . "' limit 1"); if (tep_db_num_rows($check_query)) { tep_redirect('http://' . $HTTP_GET_VARS['goto']); } } break; Excuse the lack of formatting and indentation but the forum currently breaks it. Edited January 20, 2011 by FWR Media Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Ted Thompson Posted January 20, 2011 Share Posted January 20, 2011 (edited) Modifying the product url code for Security Pro As standard osCommerce allows a link in product info which includes a URI with forward slashes. This is stripped by Security Pro so below is revised code to restore the functionality without compromising the white list or excluding redirect.php. catalog/product_info.php Find .. <td class="main"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=' . urlencode($product_info['products_url']), 'NONSSL', true, false)); ?></td> Change to .. <td class="main"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=product&products_id=' . (int)$HTTP_GET_VARS['products_id'], 'NONSSL', true, false)); ?></td> catalog/redirect.php Find .. case 'url': if (isset($HTTP_GET_VARS['goto']) && tep_not_null($HTTP_GET_VARS['goto'])) { $check_query = tep_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_url = '" . tep_db_input($HTTP_GET_VARS['goto']) . "' limit 1"); if (tep_db_num_rows($check_query)) { tep_redirect('http://' . $HTTP_GET_VARS['goto']); } } break; Change to ... case 'url': if ( ( isset( $HTTP_GET_VARS['goto'] ) && ( $HTTP_GET_VARS['goto'] == 'product' ) ) && ( isset( $HTTP_GET_VARS['products_id'] ) && is_numeric( $HTTP_GET_VARS['products_id'] ) ) ) { $url_query = tep_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "'"); if (tep_db_num_rows($url_query)) { $row = tep_db_fetch_array( $url_query ); tep_db_free_result( $url_query ); if ( tep_not_null( $row['products_url'] ) ) { tep_redirect('http://' . $row['products_url']); } } } elseif (isset($HTTP_GET_VARS['goto']) && tep_not_null($HTTP_GET_VARS['goto'])) { $check_query = tep_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_url = '" . tep_db_input($HTTP_GET_VARS['goto']) . "' limit 1"); if (tep_db_num_rows($check_query)) { tep_redirect('http://' . $HTTP_GET_VARS['goto']); } } break; Excuse the lack of formatting and indentation but the forum currently breaks it. Perfect, but I mut point out that <td class="main"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=' . urlencode($product_info['products_url']), 'NONSSL', true, false)); ?></td> is actually <div class="product_url"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=' . urlencode($product_info['products_url']), 'NONSSL', true, false)); ?></div> I don't *think* I changed that... but I could be wrong... Also, aren't we "supposed" to be using $_get now? (really I don't know) Edited January 20, 2011 by TedThompson Quote Link to comment Share on other sites More sharing options...
♥FWR Media Posted January 20, 2011 Author Share Posted January 20, 2011 (edited) Perfect, but I mut point out that <td class="main"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=' . urlencode($product_info['products_url']), 'NONSSL', true, false)); ?></td> is actually <div class="product_url"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=' . urlencode($product_info['products_url']), 'NONSSL', true, false)); ?></div> I don't *think* I changed that... but I could be wrong... No the original code is a td. Also, aren't we "supposed" to be using $_get now? (really I don't know) I always use $_GET as the long arrays are deprecated, but, the osCommerce team have decided to retain them in the core code so when changing core code I have to respect that. Edited January 20, 2011 by FWR Media Moxamint and spoofy 2 Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
♥Moxamint Posted January 23, 2011 Share Posted January 23, 2011 Security Pro has nothing to do with base file names it cleanses the querystring. If you have already installed USU5 or USU5 PRO then this has already been done. Thanks for your help. I'll make a note of this for my new installation of osC v 2.3.1 when I put your USU5 PRO in. Thanks again. Quote Link to comment Share on other sites More sharing options...
snowrabbit Posted January 23, 2011 Share Posted January 23, 2011 (edited) After installing the Security Pro 2.0(r7) http://addons.oscommerce.com/info/5752. My Advanced Search at the bottom part (search Date From, Date To) does not work properly. I entered correct date format, it came up with this warning message: "Errors have occured during the process of your form. *Invalid From Date, *Invalid To Date" When I remove the code added on catalog/includes/application_top.php in this contribution below, it is working properly. include_once DIR_WS_MODULES . 'fwr_media_security_pro.php'; $security_pro = new Fwr_Media_Security_Pro; // If you need to exclude a file from cleansing then you can add it like below //$security_pro->addExclusion( 'some_file.php' ); $security_pro->cleanse( $PHP_SELF ); I am seeking the solution, if any experienced helper can help for solving this issue. Thanks. Edited January 23, 2011 by snowrabbit Quote Link to comment Share on other sites More sharing options...
ztwistbooks Posted February 1, 2011 Share Posted February 1, 2011 I removed the old Security Pro and installed the new one. It works fine on the search string. It does not cleanse the Full Name, E-Mail Address, and Enquiry fields of the Contact Us (catalog/contact_us.php) page. My PCI Compliance scanner says that these pages represent a Cross-Site Scripting risk, as whatever you type in comes back pre-filled in the forms. E.g., if you type "[w](o)%3Cr%3Ek|i*n^g" in as your e-mail address, the page comes back with an error message saying "Your E-Mail Address does not appear to be valid - please make any necessary corrections." The e-mail address still has "[w](o)%3Cr%3Ek|i*n^g" in it. More to the point, "<script> comes right back. Is there a way to make this cleanse the input, or else is there a way that I can explain to my PCI scanning service that there is not a risk of a cross-site scripting attack here? Quote Link to comment Share on other sites More sharing options...
ztwistbooks Posted February 1, 2011 Share Posted February 1, 2011 Gah, there doesn't seem to be an "edit" button on this forum. This is a modified 2.2 install, if that matters. In other news, the un-install instructions (for old Security Pro) are wrong. This line: DELETE FROM configuration_GROUP WHERE configuration_group_title = 'FWR Security Pro'; should be: DELETE FROM configuration_group WHERE configuration_group_title = 'FWR Security Pro'; Quote Link to comment Share on other sites More sharing options...
spoofy Posted February 1, 2011 Share Posted February 1, 2011 Dan, That's because Security Pro is NOT supposed to cleanse anything which is form related ($_POST). It is only meant for $_GET You will need to install the following to get the forms to work: http://www.oscommerce.com/forums/index.php?showtopic=313323&view=findpost&p=1477869 Quote My Contributions: Google XML Sitemap SEO compatible with Ultimate SEO URL by FWR Media ::: Accurate & Precise Bread Crumb Trail Link to comment Share on other sites More sharing options...
♥FWR Media Posted February 1, 2011 Author Share Posted February 1, 2011 Dan, That's because Security Pro is NOT supposed to cleanse anything which is form related ($_POST). It is only meant for $_GET You will need to install the following to get the forms to work: http://forums.oscomm...dpost&p=1477869 Not entirely correct, forms can have the method get as well as post but in the case of contact us it is a post form. As far as that contribution is concerned, I personally don't recommend it. It tries to apply Security Pro code to _POST but this is not really appropriate. _POST can contain a far larger range of data, files, images, html code etc. therefore it cannot be whitelisted in the manner of _GET. Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
spoofy Posted February 1, 2011 Share Posted February 1, 2011 Robert, I understand that $_GET can be used in forms as well but login.php create_account.php and checkout related files all use the post method. Am I correct? Also, can you give some specifics as to why you feel that it is not appropriate to use Security Pro code for $_POST ? I have done a lot of testing to ensure that all the bad data is cleansed and that we do not loose any good data from the forms by using the method mentioned above. Your input is greatly appreciated. Thanks Quote My Contributions: Google XML Sitemap SEO compatible with Ultimate SEO URL by FWR Media ::: Accurate & Precise Bread Crumb Trail Link to comment Share on other sites More sharing options...
♥FWR Media Posted February 1, 2011 Author Share Posted February 1, 2011 (edited) Also, can you give some specifics as to why you feel that it is not appropriate to use Security Pro code for $_POST ? I already said, _POST can contain a very wide range of data types so it is not appropriate to white list on a site wide basis. The best way to deal with _POST ( and any user input in fact _GET, _POST, _COOKIE ) is to validate or type cast the expected key => values for a given file, this should always be done in any script. If you are expecting a key of my_val and a value of an int you simply do .. $my_clean_val = 0; if ( array_key_exists( 'my_val', $_POST ) ) { $my_clean_val = (int)$_POST['my_val']; } Edited February 1, 2011 by FWR Media Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
florist Posted February 3, 2011 Share Posted February 3, 2011 (edited) After installing the Security Pro 2.0(r7) http://addons.oscommerce.com/info/5752. My Advanced Search at the bottom part (search Date From, Date To) does not work properly. I entered correct date format, it came up with this warning message: "Errors have occured during the process of your form. *Invalid From Date, *Invalid To Date" When I remove the code added on catalog/includes/application_top.php in this contribution below, it is working properly. include_once DIR_WS_MODULES . 'fwr_media_security_pro.php'; $security_pro = new Fwr_Media_Security_Pro; // If you need to exclude a file from cleansing then you can add it like below //$security_pro->addExclusion( 'some_file.php' ); $security_pro->cleanse( $PHP_SELF ); I am seeking the solution, if any experienced helper can help for solving this issue. Thanks. I had the same problem. I have fixed it in this open includes/modules/fwr_media_security_pro.php find var $excluded_from_cleansing = array( add into array ,'advanced_search_result.php' this ok. Edited February 3, 2011 by florist Quote Link to comment Share on other sites More sharing options...
♥FWR Media Posted February 3, 2011 Author Share Posted February 3, 2011 (edited) I had the same problem. I have fixed it in this open includes/modules/fwr_media_security_pro.php find var $excluded_from_cleansing = array( add into array ,'advanced_search_result.php' this ok. You have fixed nothing in fact you have broken something. No files should be excluded unless they are payment or perhaps shipping files. All you have done it stopped the search system from being white listed which is a very bad idea. Just change the date so it uses hyphens instead of / or even better use the osCommerce calendar set to use hyphens. Edited February 3, 2011 by FWR Media Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Fresh Start Posted February 7, 2011 Share Posted February 7, 2011 Hello all, I am currently trying to set up multiple stores using OSC with Paypal Standard as the payment processor. To this end, I have succeeded in applying relevant code to both stores and have tested purchase / repayment etc and that now appears to work with both, using one PP business account. Took days of research and wonderful assistance from several contributors to this forum to achieve this result. I am looking at the security of the site and am, amongst other things, looking at installing Security Pro (as well as other changes, such as changing the name of Admin file, etc). Not being a coder, I am finding the discussions about Security Pro, quite difficult to grasp. I want to 'keep things simple stupid', but am becoming bogged down and leaning towards the 'feeling stupid' end of the scale. My current concern is if I installed whatever latest version of Security Pro exists, would this effect the payment processor that I have just managed to get working across my two test stores? I will keep reading to enable a better understanding of this contribution, but it is going to take some time. Sorry if my questions / concerns have been raised and answered elsewhere (if they have, I will eventually find them). Quote Kind regards, Peter... Link to comment Share on other sites More sharing options...
Follkes Posted February 7, 2011 Share Posted February 7, 2011 (edited) Robert, when upgrading to Security Pro 2.0 ( r7 ) When: Remove the database settings 3) Run the below code using phpMyAdmin or your favoured method. DELETE FROM configuration WHERE configuration_key = 'FWR_SECURITY_PRO_ON'; DELETE FROM configuration_GROUP WHERE configuration_group_title = 'FWR Security Pro'; DELETE FROM configuration WHERE configuration_key = 'FWR_SECURITY_PRO_FILE_EXCLUSIONS_ON'; DELETE FROM configuration WHERE configuration_key = 'FWR_SECURITY_PRO_FILE_EXCLUSIONS'; I get DELETE FROM configuration_GROUP WHERE configuration_group_title = 'FWR Security Pro'; MySQL #1146 - Table 'xxxxxxxx.configuration_GROUP' doesn't exist How should I proceed? Thank you Edited February 7, 2011 by Follkes Quote Link to comment Share on other sites More sharing options...
♥FWR Media Posted February 7, 2011 Author Share Posted February 7, 2011 Robert, when upgrading to Security Pro 2.0 ( r7 ) When: Remove the database settings 3) Run the below code using phpMyAdmin or your favoured method. DELETE FROM configuration WHERE configuration_key = 'FWR_SECURITY_PRO_ON'; DELETE FROM configuration_GROUP WHERE configuration_group_title = 'FWR Security Pro'; DELETE FROM configuration WHERE configuration_key = 'FWR_SECURITY_PRO_FILE_EXCLUSIONS_ON'; DELETE FROM configuration WHERE configuration_key = 'FWR_SECURITY_PRO_FILE_EXCLUSIONS'; I get DELETE FROM configuration_GROUP WHERE configuration_group_title = 'FWR Security Pro'; MySQL #1146 - Table 'xxxxxxxx.configuration_GROUP' doesn't exist How should I proceed? Thank you This is covered in this thread, it is a typo. configuration_GROUP Should be .. configuration_group Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Follkes Posted February 7, 2011 Share Posted February 7, 2011 Solved! In the previous version I added a redirect.php exception. With this version will I need to add it? It´s working as before. Regards Quote Link to comment Share on other sites More sharing options...
Fresh Start Posted February 8, 2011 Share Posted February 8, 2011 My current concern is if I installed whatever latest version of Security Pro exists, would this effect the payment processor that I have just managed to get working across my two test stores? I will keep reading to enable a better understanding of this contribution, but it is going to take some time. Hello all, Update. Just read a ton of information posted by 'Spooks' and associated contributors regarding security. Still not clicking into place for me 'yet'. Keep reading I suppose? Original newbie question still 'live' at this point until I find the answer. Quote Kind regards, Peter... Link to comment Share on other sites More sharing options...
♥FWR Media Posted February 8, 2011 Author Share Posted February 8, 2011 Hello all, Update. Just read a ton of information posted by 'Spooks' and associated contributors regarding security. Still not clicking into place for me 'yet'. Keep reading I suppose? Original newbie question still 'live' at this point until I find the answer. Install Security Pro, test your payment system. Any problems you can add the payment system file to the file excludes as per the instructions. Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.