Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 06:32 pm EST

News

OpenID pre-announcement

  • Monday, May 28 2007 @ 08:30 am EDT
  • Contributed by:
  • Views: 16,029
Announcements

The first result from our bounties hunt has now landed in CVS: OpenID support, provided by Choplair. And for those of you who are feeling adventurous and don't want to wait for the next Geeklog release, there is also a patch available for Geeklog 1.4.1.

So what is OpenID again? It provides an identity that you can use to log in to all sites that support OpenID. No need to create new accounts with every new site you want to participate in. But note that two problems that OpenID does not solve are trust and spam.

CAPTCHA v2.1.2 Released

  • Thursday, May 24 2007 @ 11:22 am EDT
  • Contributed by:
  • Views: 7,927
Security

CAPTCHA v2.1.2 has been released to address a security vulnerability I discovered in the code this morning. All CAPTCHA users are encouraged to upgrade as soon as possible. The upgrade process is very straight forward, simply copy over the new source files, then go into your Plugin Manager and select Update for the CAPTCHA plugin.

There is one other small tweak, if the session start fails, it will do so silently, no longer causing scripts to stop. This should resolve any issues with the emailgeeklogstories cron script.

Security Vulnerability in Media Gallery v1.4x

  • Tuesday, May 15 2007 @ 09:53 am EDT
  • Contributed by:
  • Views: 8,457
Security A security vulnerability has been identified in Media Gallery affecting all of the v1.4 releases. This vulnerability could allow properly crafted URLs to load files onto your web server and potentially overwrite existing files. Media Gallery v1.4.8b has been released to address this vulnerability and should be upgraded immediately! My thanks to Max for reporting this issue this morning and providing the relevant site logs to validate the vulnerability.

If you do not want to upgrade to the latest version of Media Gallery, you should apply the following patch:

Edit mediagallery/maint/ftpmedia.php

Near the top, immediately before the following line:

require_once($_MG_CONF['path_html'] . 'lib-batch.php');

Add the following code:

// this file can't be used on its own
if (strpos ($_SERVER['PHP_SELF'], 'ftpmedia.php') !== false)
{
    die ('This file can not be used on its own.');
}

Save ftpmedia.php. This should resolve the issue.

For more information on other enhancements and fixes to Media Gallery v1.4.8b, please see www.gllabs.org.

Thanks!
Mark

Page navigation