News

We are nearing the release candidate for 1.3.5. In CVS now, I have added the support for images in articles. For the impatient, you can download it from CVS. An actual release candidate is probably still a couple of days off yet.

If you try the new image support, please let me know what you think or how it could be improved.

I think search.php of geeklog-1.3.x has
possible cross site scripting vulnerability. For example, let put this string as search keyword.

<script>alert(self.location)</script>

This gives alert window when JavaScript is enabled.
Because any HTML tags are transparently displayed in a \"No matchs\" screen, and search.php accept GET method, this can be easily exploitable with manner of ordinary cross site scripting attacks.
<BR>
This simple patch for search.php can prevent this type of attack.

--- search.php Fri Apr 5 01:21:15 2002
+++ search.php.org Mon Apr 8 03:38:07 2002
@@ -264,7 +264,7 @@
$retval .= $searchresults->parse(\'output\',\'searchresults\');
} else {
$retval .= COM_startBlock($LANG09[13])
- . $LANG09[14].\' <b>\'.htmlentities($query).\'</b> \'.$LANG09[15]
+ . $LANG09[14].\' <b>\'.$query.\'</b> \'.$LANG09[15]
. COM_endBlock();
}

I am happy to announce the addition of two new translations: 1) Russian 2) Portuguese (Brazil) Slowly but surely, Geeklog is starting to mature...the submission of translations is proof of that and we are now up to 8 supported languages! I want to take a minute to thank all of you that have bared through some hard times, bugs, poor code, etc to get us here. A lot of work still needs to be done but we have a great community and good things will continue to follow!