Geeklog 1.3.11
- Friday, December 31 2004 @ 12:43 pm EST
- Contributed by: Dirk
- Views: 19,124
Geeklog 1.3.11 is both a bugfix and a security update over Geeklog 1.3.10. It fixes the following security issues:
- It was possible to submit stories anonymously even if anonymous submissions were turned off in config.php (reported by Barry Wong).
These stories still ended up in the submission queue, though, unless you disabled it in config.php. - Some of the parameters in link and event submissions weren't filtered, leaving them open to potential SQL injections.
- The links for the What's Related block were created from the unfiltered story text, opening the possibility of XSS attacks (reported by Vincent Furia).
This update is strongly recommended for all users of Geeklog 1.3.10 since, in addition to the above security issues, it also fixes quite a few bugs in 1.3.10. Geeklog 1.3.11 is also meant as a replacement for 1.3.10, i.e. there will be no further development for 1.3.10.
Installation instructions follow ...
- To upgrade from 1.3.11rc1, please see the file public_html/docs/history for a list of changes and changed files since 1.3.11rc1. Simply replace the files mentioned there.
- To upgrade from 1.3.10 you can either follow the normal routine for an update or you can refer to the file public_html/docs/changed-files for a list of all the files that have changed since 1.3.10. Don't forget to run the install script in upgrade mode afterwards.
- Users of older versions should follow the normal upgrading instructions.