If you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:
sudo apt-get install php5-suhosin
This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.
What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from ...
The protected node module has global settings found under:
Administer » Site configuration » Protected node
The page starts with statistics to let you know how pages are protected on your website. All the counts include published and unpublished content.
The To Do module supports tokens that can be retrieved using the Token module.
The available tokens will generally appear in the list of tokens as found under a text area.
The raw tokens are no representing any security risk. They simply return the raw value instead of a more human representation of the value. For example, when the priority is "High", the raw value is 2.
WARNING
This parameter is considered a security hazard. There is an option in your format definition that you have to turn on in order for the feature to work. When not selected, override is ignored. Only allow this feature in an input filter where you can trust users 100%.
One can use the override parameter to replace the expected data with their own data. Although one would think using the data directly would work as well, there are cases when this is useful.
By default the InsertNode module gets data from the $node object as defined by the system. At times, the data available in the
Interestingly enough, today I received a Security Advisory from Drupal saying that users received an email from a hacker asking them to install a Trojan module on their Drupal system.
I find it quite interesting since, if Drupal wasn't secure, the hackers would not have to ask you to make it unsecure, would they?
However, this shows how many CMS systems introduce a security issue problem to your web server installation since it is required to let your web server execute any one PHP file...
All the files installed on your web server and that are directly accessible from the outside (i.e. ...
A security issue was found in all versions of jsMath before 2.x-dev for Drupal 6.x of Jul 29, 2010.
You may still securely use older versions of jsMath on private websites and websites were you are the only user (as in, the only one who can log in.)
The Drupal Security Advisory issue is here: https://www.drupal.org/node/854402
There is another problem: jsMath offers a JavaScript function that parses entire web pages (although there are ways to circumvent that problem, the module does not currently make use of those.) The jsMath Drupal module uses the ...
In order to use the jsMath for displaying mathematics with TeX Drupal 6.x module you need:
At this point, most of the Table of Contents configuration is done in the Table of Contents filter.
This means multiple Input formats allow you to make use of several different configurations.
The repeat keyword is used to repeat the filtering on the data just inserted. This is particularly useful with the asterisk name or on nodes that do not otherwise include a format that transforms the tags included in themselves.
This let you create nodes that are like macros.
Note that the macro can itself include a repeat in one of its Insert Node tags.1
Although the accessibility of the node and comments are checked, it is a good idea to see this module as a security risk giving users a way to display nodes otherwise forbidden to them.
Because a lot of the data is used unfiltered, it is strongly suggest that you pay very close attention to the order of your filters. If you authorize this module to your users (i.e. where they can select an Input filter that includes this specific filter,) then look into checking the HTML code after this filter. Otherwise, a user could inject some unwanted HTML code1