[Vtigercrm-developers] Issues and malwares - vtiger market place extension

IT-Solutions4You info at its4you.sk
Mon May 4 13:24:31 GMT 2015


In your case it's problem with ", but if the array start with ' then 
another user has problem with another words like brother's. The array is 
also wrong. We need analyse it little more. Can you meanwhile change 
"Customer Portal" to \"Customer Portal\".

Matus

Dňa 28. 4. 2015 o 19:51 Sutharsan Jeganathan napísal(a):
> Hi
>
> I don't think it is a security issue, but might be a bug.
>
> When editing a label
> Inline image 1
>
>
> It goes like
> Inline image 2
>
> The Issue might be
>
> Inline image 3
>
>
> Thanks
> Sutharsan Jeganathan
>
> On Tue, Apr 28, 2015 at 9:47 PM, Prasad
> <prasad at vtiger.com
> <mailto:prasad at vtiger.com>> wrote:
>
>     Sutharsan,
>
>     Thank you - we will follow up with publisher and review the same.
>     Do you have instances where it posed trouble to system security?
>
>     --
>     FB <http://www.facebook.com/vtiger> I Twit
>     <http://twitter.com/vtigercrm> I LIn
>     <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
>     <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>
>     On Tue, Apr 28, 2015 at 9:21 PM, Sutharsan Jeganathan
>     <ajstharsan at gmail.com
>     <mailto:ajstharsan at gmail.com>> wrote:
>
>         Hi Prasad
>
>         I suspect similiar issue in Labels4you which I have already
>         mentioned here in the same topic. It upate / rewrite the
>         language files and overwrite them where the single quote is
>         replaced by double quote
>
>
>         Thanks
>         Sutharsan Jeganathan
>
>         On Tue, Apr 28, 2015 at 8:48 PM, Prasad
>         <prasad at vtiger.com
>         <mailto:prasad at vtiger.com>> wrote:
>
>             We have suspended vtDebug extension on marketplace..
>
>             @Alan, @Błażej:
>             Thank you for the supportive review - we will tighten our
>             process of approval.
>
>             Regards,
>             Prasad
>
>             --
>             FB <http://www.facebook.com/vtiger> I Twit
>             <http://twitter.com/vtigercrm> I LIn
>             <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
>             <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>
>             On Tue, Apr 28, 2015 at 7:30 PM, Alan Lord
>             <alanslists at gmail.com
>             <mailto:alanslists at gmail.com>>
>             wrote:
>
>                 On 28/04/15 14:50, Conrado Maggi wrote:
>
>                     Hello Blazec,
>
>                     Thanks a lot for taking the time to review the
>                     extension. I agree that
>                     the module needs to be removed from the marketplace.
>
>                     Also, I think vtiger really needs to reconsider the
>                     acceptance of
>                     encrypted/obfuscated code. This is a clear example
>                     that it's not
>                     sustainable.
>
>                     This impact not only that extension but the entire
>                     marketplace idea.
>
>
>                 That's pretty scary stuff I agree.
>
>                 I would suggest that if vtiger wants to allow encrypted
>                 code they should sign an NDA with the publisher and then
>                 not allow it on the Marketplace until they have reviewed
>                 an unencrypted version and they use *at least* an MD5
>                 hash to verify version updates etc...
>
>                 If Blazec's review is accurate (and I have no reason to
>                 doubt that) then That module really sucks.
>
>                 Al
>
>
>                 _______________________________________________
>                 http://www.vtiger.com/
>
>
>
>             _______________________________________________
>             http://www.vtiger.com/
>
>
>
>         _______________________________________________
>         http://www.vtiger.com/
>
>
>
>     _______________________________________________
>     http://www.vtiger.com/
>
>
>
>
> _______________________________________________
> http://www.vtiger.com/
>




More information about the vtigercrm-developers mailing list