Update of /cvsroot/php-blog/serendipity/docs
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2931/docs
Modified Files:
NEWS
Log Message:
Fixed possible security issues reported on the forums: http://www.s9y.org/forums/viewtopic.php?p=3303#3303
This will enforce the path_stripping on every call - patterns like "../../" will be removed, leaving simple directory intact. A slash in first place will be removed.
Index: NEWS
===================================================================
RCS file: /cvsroot/php-blog/serendipity/docs/NEWS,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- NEWS 2 Jan 2005 15:53:20 -0000 1.34
+++ NEWS 2 Jan 2005 18:58:39 -0000 1.35
@@ -3,6 +3,9 @@
Version 0.8 ()
------------------------------------------------------------------------
+ * Fixed security issue about uploading image files with path-names
+ in them. Thanks to raperu2000 from the forums! (garvinhicking)
+
* Added Finnish language by Mauri Sahlberg (garvinhicking)
* Added Japanese language by Tadashi Jokagi (garvinhicking)
|
