Forum plugin 2.7.4 security fix
- Saturday, January 15 2011 @ 04:25 pm EST
- Contributed by: Dirk
- Views: 10,087
Mark Evans informs us that Saif El-Shere reported XSS in the bbcode of the Forum plugin for glFusion. Due to the shared history of the two projects, these XSS also exist in the Forum plugin for Geeklog. The Forum plugin 2.7.4 fixes these issues.
To upgrade from version 2.7.3, you need to replace these 3 files:
- config.php (for the version number)
- functions.inc (for the upgrade code)
- public_html/include/gf_format.php (which contains the actual fix)
Then simply run the upgrade from Geeklog's Plugin admin panel.