New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Sure but gravatar handles that fine without the security concern.
Francisco
Oh yeah, I'm dumb, I think I might have my avatar on gravatar lmao. I replied to this right after I woke up.
@DataWagon as stated in our email, this function were never used in the theme.
Lagom Client Theme is not just a WHMCS theme, it's much more. That's why there is a lot of back-end code, which is required to extend the WHMCS functionalities, and implement features that are missing.
In first versions of the product, we had a lot of request from the Lagom Client Theme users, to add a feature in our theme, to allow uploading avatars for their customers. This implementation have been started, bat at the end we've resigned from this and implemented gravatar, as can be found on our website: https://lagom.rsstudio.net/docs/settings/#gravatar
Please note, that none of features which have been added to the theme, has been added without a reason, we're adding only these features, which are higly requested by the product users.
Without decoding the theme files (which is illegal), you wuldn't know that this function exist in the product files. Yes, this function should be removed, but it wasn't till now...
We do agree that this was our mistake, but it's important to highlight that such vulnerabilities can be effectively mitigated with the activation of standard security measures like WAF on the server, which is available in free CloudFlare plan (this worked for our website). Ensuring server protection is crucial for online businesses.
It is generally expected that WHMCS users, being primarily involved with server-based products, would be aware of such security essentials. Thus, responsibility is shared: while we recognize that our product should not have included such a vulnerability, it is also vital for business owners to employ fundamental server security tools.
For larger businesses seeking further security enhancements, we provide an Open Source version of our product. This allows for the implementation of necessary security upgrades and thorough security audits, essential for safeguarding their primary revenue-generating platform.