fix: address code review - remove magic_quotes_gpc, improve security warnings, add identifier escaping docs
Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/4b32e3c2-afec-458b-bf16-48e58045cc8b Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
GitHub
parent
b8543dfbc5
commit
1ba96d2b11
2 changed files with 25 additions and 8 deletions
|
|
@ -88,7 +88,17 @@ If the database already contains tables prefixed with `ogp_`:
|
|||
|
||||
This allows upgrading an existing OGP installation to GSP without losing data.
|
||||
|
||||
### 8. Branding
|
||||
### 8. MD5 password hashing (legacy)
|
||||
|
||||
The `OGPDatabaseMySQL::addUser()` method stores passwords using `MD5()`.
|
||||
This is legacy behaviour inherited from OGP and matches the existing panel
|
||||
login system. MD5 is cryptographically broken for new systems; however,
|
||||
changing the hashing scheme requires coordinated changes to the login code
|
||||
(`index.php`, `modules/register/`, etc.) and is outside the scope of the
|
||||
installer. Operators are strongly advised to audit and upgrade the hashing
|
||||
scheme in a follow-up change.
|
||||
|
||||
### 9. Branding
|
||||
|
||||
The installer title and default site settings reference **GSP – Game Server
|
||||
Panel** and **WDS** instead of "Open Game Panel".
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue