There was a major update on the Elgg platform. The new version, Elgg 1.7.4, has some major security changes and enhacements. Their community provides OpenGL plugins that anyone can use free of charge. However, they still host plugins from previous versions, that can hurt your site.
Tags: back, backing, death, elgg, of, paths, screen, security, up, view, view_paths, white, white screen of death
Posted under EggBlog, Elgg
Many of us have wondered, how can we change some of the PHP directives to match some script requirements? Even though this might sound complicated, it is much easier than it looks.
First, we should know a few facts about PHP directives and where they reside. We have 3 levels of php.ini file levels:
1) Server global php.ini (this file resides in the server configuration and this cannot be edited by the users in a shared hosting environment).
2) User global php.ini (this file usually resides in the main folder for a user website, like public_html and this serves all the php scripts that fall under the user account).
3) User local php.ini file (this file is not limited to a specific path and can be deployed by the user wherever he feels he needs to change some parameters for some script).
Some people are telling Elgg users to disable a plugin called “HTMLAWED plugin” ( a plugin that comes as default in every Elgg install) so that they can embed content. This is not recommended.
The plugin mentioned above stops users from adding arbitrary HTML/PHP code onto your site that could break your site design and might even allow phishers to embed code in order to steal their passwords.
Tags: code, code filter, elgg, elgg security, filter, html, html filter, htmlawed, plugin, protect, protecting, security, site
Posted under Elgg, Security/Vulnerability