Resources

Getting started

Support

Development

Topics

User Functions

Events

There are no upcoming events

What's New

Stories

No new stories

Comments last 2 weeks

No new comments

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Wednesday, May 22 2013 @ 01:28 PM EDT

> >

Geeklog 1.5.2sr1

Security
  • Monday, March 30 2009 @ 02:40 PM EDT
  • Contributed by:
  • Views:
    7,421

Fernando Muñoz reported a possible XSS in the query form on most admin panels that we are fixing in this release.

You can download an upgrade archive for Geeklog 1.5.2 or the complete 1.5.2sr1 tarball to upgrade from any previous version.

The upgrade tarball contains only one file and should also work as a quick fix for Geeklog 1.5.0 and 1.5.1. We do recommend upgrading to 1.5.2sr1 from those versions, though, due to various other bugs that have since been fixed.

Fernando is one of the students applying for participation in the Google Summer of Code with Geeklog, btw. Which just goes to show that it's always good to have a fresh pair of eyes looking over your code. Thanks, Fernando!

On a side note, a recent security issue that was reported for glFusion (a fork of Geeklog) does not affect any of the currently released versions of Geeklog. It does, however, affect the current development version (what will become Geeklog 1.6.0). We will address that issue before the release of Geeklog 1.6.0.

What's Related

Story Options

Trackback

Trackback URL for this entry:
http://www.geeklog.net/trackback.php/geeklog-1.5.2sr1

Here's what others have to say about 'Geeklog 1.5.2sr1':

[...] une upgrade archive for Geeklog 1.5.2 ou la complete 1.5.2sr1 tarballArticle original http://www.geeklog.net/article.php/geeklog-1.5.2sr1  Ressources upgrade archive for Gee... complete 1.5.2sr1 tarball http://www.geeklog.net/... [...] [read more]

[...] 1.5.2 o bien el paquete completo de Geeklog 1.5.2sr1 para actualizar desde cualquier versión de Geeklog. Fuente: Geeklog. Fuente: Alcance Libre Leave a Reply Name (required) Mail (will not be published) (required) Website POPULAR COMMENTS [...] [read more]

The following comments are owned by whomever posted them. This site is not responsible for what they say.

  • Geeklog 1.5.2sr1
  • Authored by:LWC on Monday, March 30 2009 @ 03:58 PM EDT
The included README claims it's bug #84 where it's actually bug #841. Claiming a low number such as #84 makes it look like it wasn't fixed for years (and indeed #84 is a suspended feature request from 2004).
  • Geeklog 1.5.2sr1
  • Authored by:Dirk on Monday, March 30 2009 @ 04:21 PM EDT

Is was about to say "it's a typo, not a conspiracy". But I don't even see a typo - it does say

Fernando Munoz reported a possible XSS in the query form on most admin panels that we are fixing with this release (bug #0000841).

Does it not?

  • Geeklog 1.5.2sr1
  • Authored by:LWC on Monday, March 30 2009 @ 07:22 PM EDT
I could have sworn it said 84 earlier. Well, it doesn't matter now.
  • Geeklog 1.5.2sr1
  • Authored by:taca on Tuesday, March 31 2009 @ 01:01 AM EDT

Hi,

geeklog-1.5.2sr1/public_html/docs/changed-files lists these files:


geeklog-1.5.2sr1/public_html/admin/install/index.php
geeklog-1.5.2sr1/public_html/docs/changed-files
geeklog-1.5.2sr1/public_html/docs/changes.html
geeklog-1.5.2sr1/public_html/docs/history
geeklog-1.5.2sr1/public_html/siteconfig.php
geeklog-1.5.2sr1/system/lib-admin.php

But when I checked against geeklog-1.5.2,


geeklog-1.5.2sr1/system/pear/Archive/Tar.php

was also updated.

I wish that new Tar.php improve somthing and no negative effect. :-)

---
taca

Post a Comment

Your Name
Create Account
Allowed HTML Tags:
<p>, <b>, <strong>, <i>, <a>, <em>, <br>, <tt>, <hr>, <li>, <ol>, <ul>, <code>, <pre>, [code], [raw], [page_break], [staticpage:]InformationInformation[staticpage: id alternate title] - Displays a link to a static page using the static page title as the title. An alternate title may be specified but is not required. , [event:]InformationInformation[event: id alternate title] - Displays a link to an Event Link from the Calendar using the Event Title as the title. An alternate title may be specified but is not required. , [poll:]InformationInformation[poll: id alternate title] - Displays a link to a poll using the Poll Topic as the title. An alternate title may be specified but is not required. , [link:]InformationInformation[link: id alternate title] - Displays a link to a Link from the Links Plugin using the Link Title as the title. An alternate title may be specified but is not required. , [faq:], [forum:]InformationInformation[forum: id alternate title] - Displays a link to a forum topic using the text 'here' as the title. An alternate title may be specified but is not required. , [file:], [story:]InformationInformation[story: id alternate title] - Displays a link to a Story using the Story Title as the title. An alternate title may be specified but is not required. , [user:]InformationInformation[user: name alternate title] - Displays a link to a User using the Username as the title. An alternate title may be specified but is not required.
 

Security code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

What code is in the image?
Enter the bolded text, case sensitive!
Important Stuff
  • Please try to keep posts on topic.
  • Try to reply to other people comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Your email address will NOT be made public.