Jump to content

BryanB

Senior Member
  • Content Count

    259
  • Joined

  • Last visited

Community Reputation

1 Neutral

About BryanB

  • Rank
    Member
  1. No but if you are running a really old version it may have been implemented after that. I'm not sure what version it was added in but I believe it has been there for a while at least 1 year.
  2. In the mean time, I would change all admin usernames and lock all client fields from being edited (there is an option to do that under Setup > General Settings > Other
  3. Looks like an SQL injection. What version of WHMCS are you running? Have you opened a support ticket with WHMCS?
  4. It's not very clear what this module does. Does it actually use the new "Stripe Checkout" as shown here: http://stripe.com/checkout i.e. their popup box and credit card form? Does it do anything to the cart checkout pages or does it only affect the invoice page?
  5. Oddly, I have 2 sites running 5.2.13 and one has this issue, the other doesn't. I'm getting "invalid token" when using the search box at the top right of the header (in both blend and V4) and also when trying to insert a predfined reply in a support ticket. Emptied templates_c, cleared cache and still no luck.
  6. Yes it is difficult to find. I didn't know it existed. The problem is that the logged in session of these forums appears to be very short. Everytime I come back to them I'm kicked out and have to log in again (which itself is another annoying issue, maybe it can be extended) but anyway, after doing some digging around I found that the bug reports sub section is only visible to logged in users. I usually will browse the forums and if I have a topic to post I'll go to the most relevant section I can find but then realize that I'm no longer logged in, have to log in again and by the time I get logged in I'm just looking for the "new thread" button. Maybe making it visible to not logged in visitors will help.
  7. Honestly Chris, that's not good enough anymore. We need a statement from someone other than "whoops, here's a patch" - How about here's what we did wrong and here is what we are going to do to be better about security in the future? These are amateur exploits and it's a slap in the face that Matt or anyone from WHMCS hasn't stepped up yet to admit that they are screwing up big time with a plan to change things in the future.
  8. anddd yet another exploit has been found again today. Come on now... http://blog.whmcs.com/?t=80587
  9. Whats really concerning is the coding practices that lead to these exploits. As I understand it, they were really basic things that a beginner programmer should know and they also recreated a function that was removed from PHP because it was a security threat.
  10. I have a lot invested in WHMCS and would like for things to work out but my team has been discussing not being able to use WHMCS anymore because of the downward trend in the product quality. The recent security vulnerabilities that were discovered were the result of incredibly amateur coding mistakes. 2 vulnerabilities were discovered 2 days apart. It's great that they were patched relatively quickly, but unfortunately the vulnerability was already public and still leaves us vulnerable and gives us a lot of work to have to keep patching. Flaws happen in software but it is getting too frequent and the vulnerabilities are pretty basic issues that 1. shouldn't have been implemented into the code in the first place and 2. should have been audited. Why are there no audits of the WHMCS software and what is being done to prevent this in the future? There's a lot of outrage in the web hosting community and it seems that someone should at least come forward and say what is being done to better the security of WHMCS. All we've gotten so far is patches and really impersonal blog posts from Mat that don't allow comments so no discussion can be had.
  11. Awesome. Thanks. I was planning to switch over to Nginx soon. Was it pretty simple? Any other issues with whmcs? Did you notice any performance gains?
  12. Is there a way to stop invoices from being generated the next day when the cron runs if I create an order and uncheck the "generate invoice" box? I don't see why WHMCS does this or how it makes sense. Every time I give a quote and then convert the quote to an invoice the customer pays the invoice then I have to create the order without an invoice but the next day WHMCS makes a duplicate invoice and the customer emails wondering why they are being billed twice. How do you turn off automatic invoices for orders that were created without an invoice? And when is that ever useful?
  13. It's empty. I can also access every other page in the admin area by going directly to it but if I try to go back to the dashboard it sends me to clientarea.php. I checked .htaccess and even deleted it and that didnt help.
  14. After the mess with updating to 5.2 and having multiple issues I had to revert back to 5.1.4... everything is working ok now but for some reason my whmcs/admin index page is redirecting to whmcs/clientarea.php now. I can't figure out why. Does anyone know where I should look to fix this?
  15. Just some constructive feedback but the mailing list didn't seem like the easiest thing to comprehend to me either. Glad you fixed the spam but every email I get I also have to scroll down about 1/2 through the body of the email past all the unsubscribe links, replying instructions and email headers to actually figure out where the body of the message starts. I dont really blame HTB for missing the info on how to report a bug and the "go back and read your email" comment seemed a bit snarky.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated