Leaderboard

i don't know why you didn't want to protect the upgrade script frop unauthorized users !! at least ask for licence number in upgrade , this is the simple way .

if a over-exaggerating now, is to avoid surprise in the future , mate . keep in mind nothing is this world is 100% secure . and stop advertising blesta as other think blesta is the 1 soft ranking in this world . blesta is good and is not a complete piece of art in his category, this is the reality and you should accept it woth "FAIR PLAY" spirit .

so this is a blesta code probleme , not mine . the upgrade script in all the other soft , has just a login page and next step is upgrade , you think the upgrade script should get the admin fields and profiles and other detaille from database . just make it validate the login/pass . the login page just need 2 input and 1 hidden , and check it in the database !!!! let imagine the worst case , the upgrade script has a security hole , the guest can send command to the database directly without to check the authorized user or not , and next day you will find your database in a dirty hands . security is a + in blesta , don't play with this point . finallyn , if you find this is not really a probleme, close the thread as not a bug .