WordPress, Shopify ir PHPFusion programuotojų bendruomenė

Pašalintos problemos messages.php
Parašė 2005 lapkričio 29 18:11:49

Buvo aptikti nauji saugumo pažeidimai faile messages.php. Naudojant funkcija paieškos buvo galima manipuliuoti URL su tikslu sudarytį SQL-indeksavimą. Ir tuo pačiu ištaisytos forumo klaidos atsiradusios bandant perkeltį temą iš forumo turinio. Atnaujinimas randasi pagrindiniame saite.

Pagal Digitanium, lapkričio 29 d., 2005

Atsisiųsti: PHP-Fusion 6.00.207 Update for v6.00.206

Išplėstos naujienos

A new concern has been reported in messages.php. This time it's a weakness in the search feature in which the url can be minipulated to create a SQL injection. Again, it's easily fixed and I have released a patch. I've also fixed a minor error in the move thread function of forum/options.php. It only arises if you move a thread from a forum that contains only one thread.

The sourceforge archive has been updated. Existing 6.00.206 users: You can update your system by uploading the contents of the file 6-00-207up zip to your server, then click Upgrade under System Admin. If you prefer to add the fixes manually please refer the CVS Browser.

@Digitanium