Jump to content

Welcome, Guest!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

Leaderboard


Popular Content

Showing content with the highest reputation on 07/12/2020 in Posts

  1. 1 point
    New versions 1.2.2 (free) and 2.2.2 (premium) has just been released: fixed PHP 7.4 deprecation warnings fixed database tables charset -- it's not possible to use smileys in review content fixed microdata in js code -- rich metadata were emitted only in .tpl templates. Now they are also in DOM nodes created by javascript
  2. 1 point
    Das "Sicherheitslücke" schreibe ich mal in Anführungszeichen, denn es geht um Git, das sowieso keine Sicherheitsmechanismen hat. Was nicht ist, kann auch keine Lücke haben. Es geht um das hier: Zehntausende Server deutscher Firmen von Sicherheitsproblem betroffen Es geht da offensichtlich um (zahlreiche) Server, die Git für die Versionierung des Inhalts verwenden und das Git-Repo direkt auf dem öffentlichen Server haben. Sperrt man dieses Repo nicht, ist es öffentlich zugänglich. Damit kann man das Repo auslesen, z.B. die rohen PHP-Dateien. Problem erkennen. Wie im Artikel schon steht, kann man einfach die passende URL versuchen auszulesen: https://meinedomain.de/.git/config Kommt da was anderes als 403 oder 404 zurück, ist das ein Problem. Abhilfe. 1. Das Verzeichnis /.git in Apache/Nginx sperren. 2. (besser) Das Git-Repo anderswo unterbringen und nach Änderungen den Inhalt der Webseite mit FTP oder Rsync hochladen. Natürlich ohne das Verzeichnis .git. Plesk/cPanel und einige andere haben ein Feature, mit dem man Git-Repos "live" machen kann. Jeder Commit in das Repo wird automatisch auf die öffentliche Seite hochgeladen. In wie weit diese Funktion betroffen ist, kann ich nicht sagen. Geheuer war mir das jedoch noch nie, denn beim committen in ein Repo sind Flüchtigkeitsfehler eigentlich an der Tagesordnung, das will man nicht ungeprüft öffentlich haben. Man kann das jedoch auch wie oben beschrieben heraus finden.
  3. 1 point
    Hi everyone We know it's now been a while since our first post. While we'd love to have new news to share, we're still waiting for some important documents to continue the negotiations. Someone here mentioned that buying a company can sometimes take months. Unfortunately we're seeing that this may be the case here too. We are eager to pick up the reigns and move TB forward, but will have to ask you all for your continued patience while we sort out all the details of purchasing TB. We're picking up that it could still take many weeks before this thing has been finalised. On the plus side, we do have some info to share: The Core Developer has essentially been finalised and has indicated that he is on board (subject to the sale of TB being concluded and other details, of course). We will reveal who, once everything is sorted. He will be full-time. And you will be more than happy 😉 We plan to move TB forward with continued maintenance and improvements and evolution. Making TB better, by building on its solid foundation and listening to the community. Not ripping it up and starting again. So no plans to change architecture or any crazy Prestashop 1.7 or Symfony ideas. There will be roadmaps, bug fixes, new features, enhancements, support and massive community involvement, feedback and participation. We look forward to finalising the negotiations and purchase of TB. We will provide feedback within the next few months. Hopefully sooner. In the meantime, please keep using and promoting TB. We promise an exciting future for TB ahead. Thanks for all your support 👍
  4. 1 point
    I have used ErpNext for the past two years in my previous gig until a year ago. While it does have a shop face, I would go as far as saying that it's shop front is not mature and flexible enough for a shopping cat in the same way that a system like Thirtybees is. Customisation is going to a b^&ch. Anyhows. it is excellent as an ERP, with full chart of accounts, sales life cycle and MRP and so on. It has a fairly flattened database structure, and some complex linkage tables. It is certainly possible to write directly to their database table, but I would not recommend it. It does have a mature API, with some example projects with PHP, phyton etc. The commended route would be to use the API as a migration tool.
×
×
  • Create New...