Geeklog 1.5.1 Security Fixes
- Monday, September 22 2008 @ 03:09 pm EDT
- Contributed by: Dirk
- Views: 7,898
Geeklog 1.5.1 addresses the following security issues:
- The recently reported file upload issue in FCKeditor. A fix is now included. When upgrading from earlier versions, we strongly recommend that you remove your old copy of the "fckeditor" directory and replace it with the version that ships with Geeklog 1.5.1 to ensure that old files are removed and replaced properly.
- Mark Evans reported that our protection against direct execution of include files did not work properly on non-case sensitive file systems (e.g. on Windows). This only affects sites that weren't installed correctly in the first place (the files in question should not be reachable from the web). This includes sites installed through Fantastico, though.
The following issues are bugs in Geeklog 1.5.0 regarding the access control for stories: