http://www.gmhi.org/

All of the content is easily editable through cmsms. Most tags of each type have been styled to make adding content in a manner that looks consistent a breeze. The gallery also using the gallery template allows for adding a new image to the slider along with new text a breeze.

Let me know what you guys think.

By the way, I encourage all of you readers to donate. They are doing really good things for those in need.

These are the modules in use.

CGSimpleSmarty
1.4.8

Gallery
1.4.4

CGExtensions
1.26.3

FormBuilder
0.7

CGBlog
1.7.5

I added a bit more polish to it.

Let me know what you guys think

nyandres,
FormBuilder is vulnerable to XSS attacks.

You must fix this problem in FormBuilder's templates or not use FormBuilder at all, because the default settings are highly unsafe.

A nice little demo on request.

Best regards,
David

Care to explain?

_________________
Make your community a better place!

Sure.

Almost every variable in the Submission template of the default template set is unsafe and susceptible to Cross Site Scripting attacks.

The fix would be not to echo any user variables at all or to sanitize them first with PHP's strip_tags. And don't use Smarty's strip_tags, it's broken and also unsafe.

POC:


You'll have to adjust your variable names accordingly. You understand that I cannot post a working proof of concept here, but you get the idea.

Hi Dwave,

So using "pretty URL's" would be secure?

pretty URL ex:
"http://www.domain.com/contact-us/"
After submitting the form the URL stays the same

ps: don't think this matters but no information the user submitted is being shown on the form result page.

Greetings,
Manuel

Hi,
Nice site, but I can't use the Contact link in the main menu in the index page, it is in a second line behind the slider. I can use it in the ohter pages even though still appears in a second line .

I use a resolution of 1280x800 and FF.

All the best.
A.