Hi all,
I have just released v0.4.2 of OpenUpload.
It should fix a security flaw which allows to inject XSS scripting in
the fields (especially the logs), which was discovered by BatMat (
thanks for reporting).
I plan to use a better approach in v0.5 but for now it should work.
If any of you finds out more of such bugs please report.
Alessandro
----------------
Here are the notes on how to upgrade (as found in the release UGRADE file):
IMPORTANT
Before any upgrade be sure to have a backup of the database and the
configuration.
FROM v0.4.1 TO v0.4.2
1. Replace all files in the following files and directories
(www/config.inc.php does not need to be touched):
* www
* templates
* lib
* locale
* plugins
You might need to reapply changes to the templates if you made any.
2. Connect to your openupload installation and login as administrator:
http://<yourserver>/<openupload>/
3. Go to the administration page
4. Follow the "Upgrade to v0.4.2" link
5. IMPORTANT: check your logs for any error
|
