[pmwiki-users] Security Update for Fox and FoxForum
Hans
design5 at softflow.co.uk
Sat Dec 1 08:09:04 CST 2007
Security Updates are released for Fox and FoxForum,
fixing a javascript injection vulnerability.
Details:
All input values from php $_POST or $_GET are now filtered with
htmlspecialchars(stripmagic($value),ENT_NOQUOTES);
I added the filter htmlspecialchars.
Wthout this I could inject javascript code on my local machine with a
post. This did not happen on my hosting server, so I do not know the
extent of the danger for javascript injection attacks.
Still I advise anyone using Fox or FoxForum to upgrade.
~Hans
More information about the pmwiki-users
mailing list