View Single Post
  #1  
Old 05-28-2007, 07:56 PM
The Geek's Avatar
The Geek The Geek is offline
Senior Member
 
Join Date: Aug 2005
Posts: 6,717
Geek Article and Review System License Holder GeekMart License Holder Geek Auto-Linker Pro License Holder Geek Advertising Banner License Holder Geek Gazette License Holder 
Default GARS 2.1.8b & 2.1.8c release discussion

As much as I hate releasing another update so soon after the last one, it has come to my attention of a potential XSS flaw in all versions of GARS previous to 2.1.8b

There are 3 options for fixing this issue:
  • If you are running GARS 2.1.8, then download the latest package and upload the following files from the new package (you do not have to update your product xml):
    • geek/gars/includes/gars_class_core.php
    • geek/gars/includes/gars_class_page.php
  • If you are running a version older than 2.1.8 then I stongly suggest that you upgrade to 2.1.8b to take full advantage of bug fixes (inluding this security fix). Please check out the 2.1.8 release thread on upgrading.
  • If you can not currently upgrade GARS but want to apply the fixes, you can manually edit the 2 affected files by following the text file attached to this post.
Please leave this thread open for discussion of 2.1.8b. Post bugs or feature requests in Project Tools or start a new thread to troubleshoot.
FYI, the latest package is 2.1.8c. Read here
Attached Files
File Type: txt xss.txt (1.4 KB, 99 views)

Last edited by The Geek; 06-02-2007 at 10:24 PM..
Reply With Quote