Frank Hochmuth

@deltalima, is the issue with RC1 still valid?

Hello @rrossouw01, Many thanks for your feedback. What output do you get in [current 1.3.1 branch](https://github.com/flatpressblog/flatpress/archive/refs/heads/issue371_httphttps.zip) if you insert ``` @ini_set('display_errors', 'on'); @error_reporting(E_ALL); var_dump($_SERVER ['HTTPS']); var_dump($serverport); ``` in the line...

With both? `return (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on'));` and also: `return (!empty($_SERVER ['HTTPS']) && $_SERVER['HTTPS'] != 'off' or $_SERVER ['SERVER_PORT'] == 443);` ?

@azett Apparently a load balancer `$_SERVER ['HTTPS']` is not defined here. Can you please check the execution of @rrossouw01? @rrossouw01 I will test your variant. Unfortunately, I do not have...

Hello everyone, I take the liberty of closing this issue with pleasure https://github.com/flatpressblog/flatpress/issues/371#issuecomment-2081504366. @rrossouw01, please check the [master branch](https://github.com/flatpressblog/flatpress/archive/refs/heads/master.zip) to see if the setup problem is still reproducible. We may...

Hello Parag Bagul, thanks for asking and for your code snippets. We are committed to investigate and fix all vulnerabilities as soon as possible. Currently, we are still working on...

Idea: ``` // Define allowed characters in filename /input field $allowed_chars_regex = "/^[a-zA-Z0-9_\-\.]+$/"; ``` This is to prevent the filename/input field and its extension from containing special characters like <...

@azett , normally I assign these preventions to [basic filesystem handling](https://github.com/flatpressblog/flatpress/blob/master/fp-includes/core/core.filesystem.php). Does the uploader use this core module? - [x] cross-site scripting (XSS) in the FlatPress installer in the parameter...

Hello all, laborix has created a solution in [the forum](https://forum.flatpress.org/viewtopic.php?t=489). With best regards Frank

Closed with #259