Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: Normando on May 14, 2007, 07:50:31 AM
-
Searching for "serverAlias" I have found this post, but when I open the post, the page redirect to other .ch site. I tested with Firefox and IE7
See you:
http://forums.contribs.org/index.php?topic=4060.0
-
Searching for "serverAlias" I have found this post, but when I open the post, the page redirect to other .ch site. I tested with Firefox and IE7
See you:
http://forums.contribs.org/index.php?topic=4060.0
You can use lynx -source to see what is in that page. That page includes some HTML which has this with the redirect URL included:
meta http-equiv="refresh" ...
-
Thanks Charly. I found this code in the last reply:
<head>
<br />
<meta http-equiv="refresh" content="0;url=http://www.afro-pfingsten.ch">
<br />
</head>
but out of "code" tags. I think it is a security hole for visitors who read contribs forum, because any one can make a redirection to an infected page or something similar.
It is justify to post a bug in bugzilla? mmm...I am sure your answer is "YES" :D
Maybe disabling html code in the forum are ok.
Thank you for your reply.
-
I think it is a security hole for visitors who read contribs forum, because any one can make a redirection to an infected page or something similar.
Please Contact security [at] contribs [dot] org will be your best option. Thanks.
-
That post was from 2002. My guess is that it was always like that and you were the first to notice (or at least report) it. I don't think you can duplicate it now as HTML is off, and has been since we have been using phpBB - I think that post is one of the ones imported from the old e-smith forums.