Evening all,
Since i'm going away on holiday on Monday 17th September, this seasons update will be performed on the afternoon of Sunday 16th September.
I have a big update to push over to the Live server before the season update, probably on Sunday, where i have
refactored the session variables (
as i did here for the national teams) across the whole site. This will require about 15 minutes of downtime and a server reboot.
The issue was being caused by standard or request variables overwriting these session variables, because they had the same name. I've made changes to 172 files in total that make up the structure of the user interface to the game, since this was a huge security flaw anyway. The only files not affected are the match engine files and scheduled task files.
This is part of an ongoing security update across the site, because of an insecure and deprecated feature in PHP, that was used during FGs initial development (it was pretty much standard to use it back then). I've spent quite a lot of time in the past refactoring affected code, but i've been putting this specific bit off for a long time, since it required a lot of work to get 100% right. This update fixes the biggest flaw, with session variables, but some of the other code is still not secured and will take another 40 or so hours to clean up entirely.
My formation scripts are working great if teams have 18 or more players, but not with less, so i'm holding off on that to see if i can get it working, but i'm not holding out much hope. The chances are i'll set the 18 player rule in stone and force free transfer for teams with less than this in the near future, so it might be worth trying to find your own players if your team is less than 18 strong!
I've also slipped the ads back in with this update for non-paying managers and those who opt in, thought i'd better mention that since they've been gone for a while now. Don't worry, they're unobtrusive enough. Don't forget to click them if you love FG!
