News

Geeklog 1.3.9sr2 and 1.3.8-1sr6 fix the following security issues:

1. A cross site scripting issue, due to the use of the (unfiltered) variable $topic in most of the language files (thanks to the anonymous submitter of bug #293).
2. It was possible to post comments to stories and polls for which comments had been disabled. The comments were never displayed, though, but did show up in the What's New block.

The upgrade to 1.3.9sr2 also includes a lib-plugins.php that fixes problems with plugins on PHP 5. The complete 1.3.9sr2 tarball also includes updated PEAR packages that should resolve email problems that some users had (see this story for details).

Looking through the server logs of a low-traffic Geeklog site, I couldn't help noticing that Googlebot and its colleagues had been busy there indexing each and every variation of Geeklog's submission forms, e.g.

/submit.php?type=event&mode=&month=08&day=07&year=2004&hour=2
/submit.php?type=event&mode=&month=06&day=17&year=2004&hour=8
etc.

/comment.php?sid=20020513230754519&pid=0&type=article
/comment.php?sid=20020427185655276&pid=0&type=article
etc.

Obviously, it doesn't make a lot of sense to index these particular pages, or the submission forms in general.

There's an easy way to prevent this: Create a robots.txt file.

Something escaped from the Axonz labs today, Its name is Project XU 1.0 (pronounced "project zoo"), and it has taken over the site!

It's now available for download here: www.axonz.com

Enjoy!