Welcome to Geeklog, Anonymous Tuesday, April 16 2024 @ 05:56 pm EDT

Forum plugin 2.7.3 security fix

Sunday, May 02 2010 @ 04:45 am EDT
Contributed by: Dirk
Views: 8,613

The Forum plugin 2.7.3 addresses a security issue where an XSS was possible in anonymous usernames, reported by Jaloh Smith.

To upgrade from version 2.7.2, you only need to replace 3 files:

config.php (for the version number)
functions.inc (for the upgrade code)
public_html/createtopic.php (which contains the actual fix)

Then simply run the upgrade from Geeklog's Plugin admin panel.

If you don't care about the version number, you can simply replace createtopic.php. As a short-term measure, you can also disable posting for anonymous users entirely: In the Forum's admin panel, select the Settings tab and set the option "Do you need to be registered to create posts" to "Yes".

Comments

Forum plugin 2.7.3 security fix | 0 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Warning: Javascript required to enable functionality

Forum plugin 2.7.3 security fix

Search

Resources

About

Getting started

Support

Development

Topics

User Functions

What's New

Articles last 4 weeks

Comments last 4 weeks

Pages last 4 weeks

Links last 4 weeks

Downloads last 4 weeks