Welcome to Geeklog Thursday, December 14 2017 @ 05:42 pm EST

Forum plugin 2.7.4 security fix

  • Contributed by:
  • Views: 5,517
Security

Mark Evans informs us that Saif El-Shere reported XSS in the bbcode of the Forum plugin for glFusion. Due to the shared history of the two projects, these XSS also exist in the Forum plugin for Geeklog. The Forum plugin 2.7.4 fixes these issues.

To upgrade from version 2.7.3, you need to replace these 3 files:

  • config.php (for the version number)
  • functions.inc (for the upgrade code)
  • public_html/include/gf_format.php (which contains the actual fix)

Then simply run the upgrade from Geeklog's Plugin admin panel.

This version also includes a minor improvement that we've been using here on geeklog.net for a long time but that somehow never made it into the official code: When viewing a forum discussion, the HTML title tag will now include the discussion's topic. If you're upgrading from 2.7.3, replace public_html/viewtopic.php in addition to the files listed above to get this improvement.