Recent security vulnerabilities (XSS + Session fixation)

Hello, It’s late, but I will try to describe security vulnerabilities I found recently: 1) XSS in BugTrackerYou visit bug tracker, hacker can login on your account. This works only if you – as admin – logs into bug tracker and there is malicious report/code from user. The fix is here: Fix XSS in bugtracker.php …

Read More Recent security vulnerabilities (XSS + Session fixation)

v0.9.0-alpha released

After 3 years again, it’s time to release our latest work – MyAAC v0.9.0. Minimum PHP version for this release is PHP v7.2.5. This time as alpha. Please not use in production server. Download & test & give feedback on what’s working, what’s not, and what’s good about this release.

Read More v0.9.0-alpha released

MyAAC 0.7.10 released!

This has been almost 1 month since I released version 0.7.10 of MyAAC, but I think it’s worthy notifying on our site. With this update, I’m starting to write changelogs grouped by types. Added: * new configurable: smtp_secure * robots.txt Fixed: * editing an existing page that had PHP enabled * chrome bug on save …

Read More MyAAC 0.7.10 released!

MyAAC 0.7.9 released!

removed 6mb of trash (some useless things) (fix) TFS 1.x not showing promoted vocations in highscores otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature) fixed default stamina on otserv 0.6.x engine (and some others perhaps) install: change permission check to is_writable changed highscores_groups_hidden to 3 (for …

Read More MyAAC 0.7.9 released!

MyAAC 0.7.4 released!

fixed mysql fatal error on tibiacom template – top 5 box fixed displaying of level percent bar on tibian signature inform user about Twig cache failure on installation, instead of http 500 error when dir system/cache is not writable by the webserver, then show some nice notice to the user about it instead of http …

Read More MyAAC 0.7.4 released!

MyAAC 0.6.2 released!

added forums for guilds and groups added nice looking menu for my account page in default template new command line tool: install_plugin.php – can be used to install plugins from command line. Usage: “php install_plugin.php” added new tooltip to view characters equipment item name and monster loot added items.xml loader class and weapons.xml loader …

Read More MyAAC 0.6.2 released!