Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

No new stories

Comments last 2 weeks

No new comments

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Wednesday, April 23 2014 @ 09:58 PM EDT

Geeklog 1.3.8-1sr3 and 1.3.7sr4 security updates

Security
  • Saturday, December 06 2003 @ 02:00 PM EST
  • Contributed by:
  • Views:
    7,153
These updates fix a few minor security-related issues:
  1. As "dr.wh0" pointed out, the category field for link submissions was not filtered at all. Although you probably can't cause too much harm with those 32 characters, this has now been fixed.
  2. Vincent Furia found that the restrictions for the form to email users could be circumvented and could even be used to spam users.
    On 1.3.8-1sr3, there is now also a speed limit when sending emails to users.
  3. There was a way to post comments anonymously even when posting for anonymous users had been disabled.
  4. It was possible to post comments under someone else's username.

As usual, there's an upgrade and complete tarball for 1.3.8-1sr3. The 1.3.7sr4 upgrade is only available as an upgrade tarball and requires 1.3.7sr3.

* sigh * Comment posting was so secure now that it didn't let you post any comments at all. The problem has been fixed and the tarballs have been updated. Please replace comment.php (if you've downloaded the full tarball, you only need the upgrade tarball now). Sorry about that.

The following comments are owned by whomever posted them. This site is not responsible for what they say.

  • Geeklog 1.3.8-1sr3 and 1.3.7sr4 security updates
  • Authored by:Remdotc on Sunday, December 07 2003 @ 06:28 PM EST
Great. Now lets say I was running a really old piece of code , geeklog 1.3.6. I look in the mysql directory to see various sql update scripts for every version save for 1.36. Would I be correct in assuming 1.36 and 1.38 sr2 use exactly the same table configuration?
  • Geeklog 1.3.8-1sr3 and 1.3.7sr4 security updates
  • Authored by:Dirk on Monday, December 08 2003 @ 02:00 AM EST
No, you would be wrong. There's a mysql_1.3.7_to_1.3.8.php update script and the install script handles the changes from 1.3.6 to 1.3.7 without a separate update script.

bye, Dirk
  • Geeklog 1.3.8-1sr3 and 1.3.7sr4 security updates
  • Authored by:Equalib on Wednesday, December 10 2003 @ 12:23 AM EST
Intalled the new Geeklog and now I can not get into the Admin area.
I put in Admin and password and it does not open the Admin area.
Please help.
  • Geeklog 1.3.8-1sr3 still having problems with comments
  • Authored by:tepsu on Tuesday, December 23 2003 @ 07:08 AM EST
I downloaded and installed the latest tarball. Got i site running.
Started testing. Worked OK, except I couldn't the comments posted
did not show up. Found out that other people had the same
problems and there was a fix. Downloaded the upgrade (today).
Replaced comments.php, but it did not help. Same problem
continiues.

Any solutions?