I've released a new version of GUS. I highly recommend that everyone upgrade to this version because it contains a security fix. Before you start freaking out, the problem does not allow any kind of compromise of the system - it only allows non-authorised users to view some of the GUS pages.
In this release:
v1.5.0 [13 Oct 2005]
- [security fix] fixed a problem which might allow non-authorised users to view some stats pages
- [fix] if you had a file outside the document root which included lib-common.php, the path would not be correct when the stats were entered in the database [introduced in 1.4]
- [fix] if your $CONF['site_url'] was 'http://foo.com' and someone arrived via 'http://www.foo.com', then 'foo.com' would show up as a referrer in the Who's Online block
- [fix] sorting columns on today's stats was broken
- [new] added new config option $_GUS_CONF['allow_ignore_anonymous'] to optimise a bit if you do not need the ability to ignore the user 'Anonymous'
- [new] added filtering by referrer
- [new] added some more navigation options to some pages
It is available through my geeklog software[*1] page.
- Andy Maloney