Security Flaw in Geeklog/Gallery Plugin
- Tuesday, December 09 2003 @ 10:48 pm EST
- Contributed by: Tony
- Views: 18,297

For those of you using the Geeklog Gallery plugin, you should comment all references to $GEEKLOG_DIR in the plugin. Instances of this can be found in: /path/to/geeklog/gallery_dir/init.php
/path/to/geeklog/gallery_dir/classes/geeklog/UserDB.php
/path/to/geeklog/gallery_dir/classes/geeklog/User.php
There are four lines total you will need to address. The first occurance in init.php where $GEEKLOG_DIR gets set which is simply fixed by commenting it out. As for theoccurances of
require_once($GEEKLOG_DIR . 'lib-common.php');
be sure to replace the entire string with
require_once '/path/to/geeklog/public_html/lib-common.php';
Hopefully this is clear to everyone. In the meantime, we are contacting the maintainer of the Geeklog/Gallery plugin to make the necessary fix.