Welcome to Geeklog Saturday, May 18 2013 @ 04:47 PM EDT
$topicin most of the language files (thanks to the anonymous submitter of bug #293).
The upgrade to 1.3.9sr2 also includes a lib-plugins.php that fixes problems with plugins on PHP 5. The complete 1.3.9sr2 tarball also includes updated PEAR packages that should resolve email problems that some users had (see this story for details).
For those who made changes in the language files, it may be easier to apply the following fix manually: The 3rd text string in the
$LANG05 array should read
' for topic %s' (instead of using
$topic). This only fixes the XSS vulnerability but not the comment posting bug, for which comment.php has to be replaced.
Users still running on earlier versions may also want to apply the above fix manually. I'd like to point out again, though, that there is no offical support for versions older than 1.3.8 any more and that you should at the very least be running Geeklog 1.3.7sr5 plus the comment posting fix linked from this story.