[silveryhat]

Quote:

Originally Posted by TheLastSuperman

All I have to do is mow the yard (woohoo lol) since it's cool outside and after that the install video. Get that info to me and I'll make another one for the advanced features, if it's anything server dependant please be aware my host might not be setup exactly the same to provide what others could already have in place so that might hinder showing the results etc but we'll see what the advanced options are and do the best we can. Can you host the video or is bandwidth a problem? Let me know... ok BRB (Big Back Yard with a push mower so most likely 2-3 hours).

S-MAN

yes i can host the file just fine. Take all the time that you need and don't worry about advanced options. It's better to have a clean, basic setup instruction

Quote:

Originally Posted by R-D

Shouldn't that $_GET variable be sanitized or at least checked that it is for the same site? Not sure if it can be abused as an open redirect but it's better to be safe than sorry.

Also, $HTTP_SERVER_VARS is deprecated ($HTTP_SERVER_VARS['HTTP_USER_AGENT']). You should use $_SERVER. :up:

though $_GET is sent, if you check carefully it is not used anywhere. And the domain check is already available since we have Setup Domain List for DnP Firewall Gateway . I know $HTTP_SERVER_VARS is old...but believe it or not I ran into some incompatibility issue of using $_SERVER. So I have to keep it safe. I might provide information related to the change to $_SERVER, but I would not directly do that on the code just to avoid problems.

In version 1.3 there will be one more layer of protection besides the firewall itself