总站发布 XOOPS 安全修正版本 - XOOPS 2.012a
分别根据GulfTech Security Research和日本 XOOPS 社区的报告修正几处安全隐患。请各位XOOPS用户及时更新
如果您在北京时间 6月30日早5:30之前下载,请重新下载该软件包 (版本号XOOPS 2.012a)或用升级包更新
============================
2005/06/30: Version 2.0.12a
============================
- Fixed bug in comments, where editing a comment would post a new one
- Removed PHP parsing in Saxparser's handleProcessingInstruction() method (Thanks to GIJOE)
============================
2005/06/28: Version 2.0.12
============================
- Fixed sanitation bug in include/comment_form.php and include/comment_post.php (Mithrandir/James@Gulftech)
- Fixed sanitation bug in class/xml/rpc/xmlrpcapi.php and class/criteria.php (Mithrandir/James@Gulftech/XOOPS JP)
- Changed admin.php to fetch news from xoops.org via Snoopy (Mithrandir/XOOPS JP)
- Fixed possible XSS hole in redirect_header (Mithrandir/XOOPS JP)
- Security fixes in pda.php and misc.php (Mithrandir/XOOPS JP)
- Fixed typos in kernel/object.php (Mithrandir/brandycoke)