This is another techy post – sorry guys!
Yesterday we rolled out a few more SQL injection fixes (we’ve moved the vast majority – if not all – of the public “used” SQL statements from mysql_* connection strings to parametrised PDO connections) and a number of XSS (Cross-Site-Scripting) vulnerability fixes to make the PublicWhip code even more secure. We’ve also tweaked import routines ever so slightly (to try and use “indexes” on table joins) and to provide a bit logging as to what is happening during the import. We also updated the code to move away from PHP short tags (such as “ echo..." and "= $variable" to make it a bit more usable (PHP now comes as "default" with short tags disabled) - we've also updated the mysql_escape_string statements to use mysql_real_escape_string as the first one has been depreciated (the latter is also being depreciated, but can still be used - hopefully this will buy us some time whilst we recode the site). We also made some database optimisation changes in MySQL which should see some page load speed improvements and also enabled Apache suExec to help increase security that little bit more. We've just finished pushing all the code changes to our new BitBucket repository at https://bitbucket.org/publicwhip/publicwhip-v1/ – the old GitHub repository will be maintained until at least April this year, but we urge people to move over to the BitBucket Git repository as soon as possible.