News

I am submitting a wonderful little script that allows you to create a store at CafePress.com and have it displayed within your GeekLog installation with ease.

See mine in action Here or download it here.

These updates fix a few minor security-related issues:

1. As "dr.wh0" pointed out, the category field for link submissions was not filtered at all. Although you probably can't cause too much harm with those 32 characters, this has now been fixed.
2. Vincent Furia found that the restrictions for the form to email users could be circumvented and could even be used to spam users.
   On 1.3.8-1sr3, there is now also a speed limit when sending emails to users.
3. There was a way to post comments anonymously even when posting for anonymous users had been disabled.
4. It was possible to post comments under someone else's username.

As usual, there's an upgrade and complete tarball for 1.3.8-1sr3. The 1.3.7sr4 upgrade is only available as an upgrade tarball and requires 1.3.7sr3.

* sigh * Comment posting was so secure now that it didn't let you post any comments at all. The problem has been fixed and the tarballs have been updated. Please replace comment.php (if you've downloaded the full tarball, you only need the upgrade tarball now). Sorry about that.

The Geeklog Development Team has created a new page devoted to security issues related to our product. This new page is our attempt to show all of you in the community the importance we put on security, to discuss how we handle security issues and to give you a single place to get a feel for how secure Geeklog really is. If there is something that you all feel is missing or more detail you would like please provide us with some suggestions.