|
From: Tom S. <tom...@us...> - 2004-10-22 17:34:01
|
Update of /cvsroot/php-blog/serendipity In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4545 Modified Files: Tag: branch-smarty serendipity_functions.inc.php NEWS Log Message: - MFH Index: NEWS =================================================================== RCS file: /cvsroot/php-blog/serendipity/NEWS,v retrieving revision 1.214.2.37 retrieving revision 1.214.2.38 diff -u -d -r1.214.2.37 -r1.214.2.38 --- NEWS 17 Oct 2004 20:04:34 -0000 1.214.2.37 +++ NEWS 22 Oct 2004 17:33:51 -0000 1.214.2.38 @@ -47,6 +47,12 @@ Version 0.7 () ------------------------------------------------------------------------ + * Fixed comment counter for deleting non-approved comments + (tomsommer, griffinn) + +Version 0.7-rc1 (October 20th, 2004) +------------------------------------------------------------------------ + * Fixed possible HTTP Response Splitting security issue. Thanks to ChaoticEvil for reporting! (jannis, garvinhicking) @@ -149,9 +155,6 @@ * Fixed missing CSS-class for BBCode Event-Plugin (Jez Hancock) - * Fixed comment counter for deleting non-approved comments - (tomsommer) - * Fixed possible SQL injections. Thanks to aCiDBiTS! * Fixed postgreSQL quicksearch, thanks to Mauri Sahlberg! Index: serendipity_functions.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v retrieving revision 1.419.2.52 retrieving revision 1.419.2.53 diff -u -d -r1.419.2.52 -r1.419.2.53 --- serendipity_functions.inc.php 16 Oct 2004 17:27:12 -0000 1.419.2.52 +++ serendipity_functions.inc.php 22 Oct 2004 17:33:51 -0000 1.419.2.53 @@ -1086,7 +1086,7 @@ $sql = serendipity_db_query("SELECT status FROM {$serendipity['dbPrefix']}comments WHERE entry_id = '". (int)$entry_id ."' AND id = '". (int)$id ."' - $admin"); + $admin", true); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}comments WHERE entry_id = '". (int)$entry_id ."' |
