Geeklog 1.6.0sr1 and 1.5.2sr5

Contributed by: Dirk on Thursday, July 30 2009 @ 02:00 pm EDT

Last modified on

Geeklog 1.6.0sr1 and 1.5.2sr5 address the following security issues:

  1. Gerendi Sandor Attila reported an XSS in the forms to email a user and to email a story to a friend.
  2. The "Mail Story to a Friend" function didn't check story permissions, so that it was possible to email a story even if you didn't have the permissions to view it on the site.

For Geeklog 1.6.0, we also fixed two bugs (an SQL error when the story submission queue was off and a call to a nonexistent function).

The following files are available:

  • a complete tarball[*1] of Geeklog 1.6.0sr1
  • an upgrade archive[*2] from Geeklog 1.6.0
  • an upgrade archive[*3] from Geeklog 1.5.2sr4
  • a combo update[*4] from any previous 1.5.2 version
Comments (7)

Geeklog - Geeklog 1.6.0sr1 and 1.5.2sr5
https://www.geeklog.net/article.php/geeklog-1.6.0sr1

[*1] http://www.geeklog.net/filemgmt/index.php?id=977
[*2] http://www.geeklog.net/filemgmt/index.php?id=976
[*3] http://www.geeklog.net/filemgmt/index.php?id=974
[*4] http://www.geeklog.net/filemgmt/index.php?id=975