Contribute  :  Support  :  Downloads  :  Forum  :  Links  :  Polls  :  Calendar  :  Directory  :  Advanced Search  
Geeklog The Ultimate Weblog System

advanced search 

Resources

Getting started
Support
Development

Sections

Home
Geeklog (190)
Geeklog 2 (28)
Announcements (201)
Summer of Code (8)
Security (55)
Plugins (50)
Server (26)
Spam (10)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

What's New

STORIES

No new stories

COMMENTS last 2 days

No new comments

TRACKBACKS last 2 days

No new trackback comments

NEW FILES last 14 days


LINKS last 2 weeks

No recent new links

Older Stories

Monday 17-Mar


Tuesday 08-Jan


Saturday 29-Dec


Tuesday 04-Dec


Sunday 04-Nov
Welcome to Geeklog
Friday, May 16 2008 @ 04:25 AM EDT
   

Geeklog 1.3.11sr3

Sunday, December 18 2005 @ 10:30 AM EST
Contributed by: Dirk
Views: 4,679
Security

Geeklog 1.3.11sr3 addresses two security issues as well as a few bugs:

  • It was possible to submit comments even if you didn't have read permissions for the story or the topic, provided you knew the story's ID (reported by LWC).
  • When tampering with the dates in a search, Geeklog produced a warning message that would disclose the path in which Geeklog was installed on the server (reported by r0t3d3Vil). It was not possible to use this for SQL injections.

The most notable bugfix in this release addresses the problems editing static pages when 'url_rewrite' was enabled (that bug was only introduced in 1.3.11sr2).

As usual, we provide both a complete 1.3.11sr3 tarball as well as an upgrade over 1.3.11sr2 (please see the included installation instructions).

Note: Both issues also exist in Geeklog 1.4.0b1 but have since been fixed in CVS. We will be releasing 1.4.0rc1 in a couple of days. In the meantime, you can get the nightly tarball if you want to update your 1.4.0b1 install now.

 

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.geeklog.net/trackback.php/geeklog-1.3.11sr3

No trackback comments for this entry.
Geeklog 1.3.11sr3 | 6 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Geeklog 1.3.11sr3
Authored by: julianna on Sunday, December 18 2005 @ 06:09 PM EST
Does the comment bug apply to other themes? (It looks like only a fix for the Professional theme was included in the upgrade.)

Does the comment bug apply if comments have been disabled?
Geeklog 1.3.11sr3
Authored by: Dirk on Monday, December 19 2005 @ 01:58 AM EST

The supplied change for commentbar.thtml has to be applied to all themes. This is for the comment bug mentioned in the changelog, not for the comment security issue.

bye, Dirk

Geeklog 1.3.11sr3
Authored by: Anonymous on Monday, December 19 2005 @ 02:26 AM EST
I replaced all included files to update to sr3 but when I get to replace the lib-common.php file and reload my site I get this error:
"An SQL error has occured. Please see error.log for details."

My error log says:
"Mon Dec 19 14:00:52 2005 - 1146: Table 'xxx_gl_b.WP_BB_LOG' doesn't exist. SQL in question: SELECT COUNT(*) FROM WP_BB_LOG "

I can't even imagine for which plugin these table are meant to be....

Frank
Geeklog 1.3.11sr3
Authored by: Dirk on Monday, December 19 2005 @ 03:21 AM EST

Bad Behavior. You forgot that extra line in lib-common.php which that plugin needs.

bye, Dirk

Geeklog 1.3.11sr3
Authored by: Anonymous on Tuesday, December 20 2005 @ 06:48 AM EST
bad bahavior it was! After I put the extra line in, it is working.

Thanks/Frank
Inmemoriam Install Problem
Authored by: jackbox on Saturday, December 24 2005 @ 09:27 PM EST
When I installed Inmemoriam photo galleries it created double menu items for the forums and for itself. I do not know what file I need to edit to remove the double menu items. Anyone who knows how to fix this please reply asap. Thank you.
© 2002-2008 Geeklog
Created this page in 0.39 seconds		 Powered By Geeklog 1.4.1 
Hosted by pair.com