Contribute  :  Support  :  Downloads  :  Forum  :  Links  :  Polls  :  Calendar  :  Directory  :  Advanced Search  
Geeklog The Ultimate Weblog System

advanced search 

Resources

Getting started
Support
Development

Sections

Home
Geeklog (190)
Geeklog 2 (28)
Announcements (201)
Summer of Code (8)
Security (55)
Plugins (50)
Server (26)
Spam (10)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

What's New

STORIES

No new stories

COMMENTS last 2 days

No new comments

TRACKBACKS last 2 days

No new trackback comments

NEW FILES last 14 days


LINKS last 2 weeks

No recent new links

Older Stories

Monday 17-Mar


Tuesday 08-Jan


Saturday 29-Dec


Tuesday 04-Dec


Sunday 04-Nov
Welcome to Geeklog
Friday, May 16 2008 @ 02:37 AM EDT
   

Geeklog 1.3.11

Friday, December 31 2004 @ 12:43 PM EST
Contributed by: Dirk
Views: 12,492
SecurityGeeklog 1.3.11 is both a bugfix and a security update over Geeklog 1.3.10. It fixes the following security issues:
  1. It was possible to submit stories anonymously even if anonymous submissions were turned off in config.php (reported by Barry Wong).
    These stories still ended up in the submission queue, though, unless you disabled it in config.php.
  2. Some of the parameters in link and event submissions weren't filtered, leaving them open to potential SQL injections.
  3. The links for the What's Related block were created from the unfiltered story text, opening the possibility of XSS attacks (reported by Vincent Furia).

This update is strongly recommended for all users of Geeklog 1.3.10 since, in addition to the above security issues, it also fixes quite a few bugs in 1.3.10. Geeklog 1.3.11 is also meant as a replacement for 1.3.10, i.e. there will be no further development for 1.3.10.

Installation instructions follow ...

  • To upgrade from 1.3.11rc1, please see the file public_html/docs/history for a list of changes and changed files since 1.3.11rc1. Simply replace the files mentioned there.
  • To upgrade from 1.3.10 you can either follow the normal routine for an update or you can refer to the file public_html/docs/changed-files for a list of all the files that have changed since 1.3.10. Don't forget to run the install script in upgrade mode afterwards.
  • Users of older versions should follow the normal upgrading instructions.
 

What's Related

Story Options

Geeklog 1.3.11 | 7 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Geeklog 1.3.11
Authored by: rv8 on Sunday, January 02 2005 @ 10:20 AM EST
Many of the old stock themes display the menus for plugins and static pages
twice. The content of {plg_menu_elements} seems to be included in
{menu_elements}, yet the Classic, Clean, Digital Monochrome and
Gameserver themes (and possibly others) call both these elements. I'm not
sure if the problem is in the themes, or in the definition of
{menu_elements}. I modded the affected theme header.thtml files by
removing the superfluous {plg_menu_elements} item.

---
Kevin
Geeklog 1.3.11
Authored by: Dirk on Sunday, January 02 2005 @ 04:05 PM EST
This has been the case since 1.3.10 and is also mentioned in the FAQ:
Please note that the use of the 'plugins' keyword in $_CONF['menu_elements'] will add all plugin entries to {menu_elements}, so you may up end with duplicate plugin entries if your theme uses both the {menu_elements} and the {plg_menu_elements} variable.

bye, Dirk

Geeklog 1.3.11
Authored by: rv8 on Sunday, January 02 2005 @ 07:32 PM EST
OK, I missed that FAQ entry. But it does seem a bit strange that many of
the officially supplied themes don't work properly with the latest Geeklog.

Anyway, I sorted out the problem for my site. I just reported it as it looked
like a possible bug that someone might want to fix.

---
Kevin
Geeklog 1.3.11
Authored by: tk421 on Monday, January 03 2005 @ 04:51 PM EST
Should themes that were updated to 1.3.10 work with 1.3.11?
Geeklog 1.3.11
Authored by: samstone on Monday, January 03 2005 @ 08:06 PM EST
They should.

There are only two theme files changed. One is the header.thml and there wasn't really any changes in it except Dirk has clean it up for easier editing.

The easiest way to know is to see the changed-files. And on 1.3.10, the theme changes are also listed in theme.html file.
google's rel="nofollow" idea
Authored by: stephen_pollei on Wednesday, January 19 2005 @ 06:28 PM EST
Hello I don't know where the best place to do a feature request would be at; so I'll try here. Anyway google has an idea about blog commenting spam. I made a comment on groklaw about it and how in particular it could help groklaw, as they currently have google and the other search engines not spider their pages at all. The thread at groklaw also has a little bit of brain-storming on what might be some criteria to decide whether a link should get this rel attribute or not.
google's rel="nofollow"
Authored by: Dirk on Thursday, January 20 2005 @ 03:21 AM EST

There's already a forum thread about this here.

bye, Dirk
© 2002-2008 Geeklog
Created this page in 0.41 seconds		 Powered By Geeklog 1.4.1 
Hosted by pair.com