The vB Geek

Go Back   The vB Geek > vB Geek Products > Geek Article and Review System

Geek Article and Review System GARS is the mega popular system for turning forums into articles, tutorials, or even reviews.

Advertisement
This is an HTML example. Isn't it just wonderful?!?!
  Learn how to remove ads

Reply
 
Thread Tools Display Modes
  #1  
Old 05-28-2007, 08:56 PM
The Geek's Avatar
The Geek The Geek is offline
Senior Member
 
Join Date: Aug 2005
Posts: 6,717
Geek Article and Review System License Holder GeekMart License Holder Geek Auto-Linker Pro License Holder Geek Advertising Banner License Holder Geek Gazette License Holder 
Default GARS 2.1.8b & 2.1.8c release discussion

As much as I hate releasing another update so soon after the last one, it has come to my attention of a potential XSS flaw in all versions of GARS previous to 2.1.8b

There are 3 options for fixing this issue:
  • If you are running GARS 2.1.8, then download the latest package and upload the following files from the new package (you do not have to update your product xml):
    • geek/gars/includes/gars_class_core.php
    • geek/gars/includes/gars_class_page.php
  • If you are running a version older than 2.1.8 then I stongly suggest that you upgrade to 2.1.8b to take full advantage of bug fixes (inluding this security fix). Please check out the 2.1.8 release thread on upgrading.
  • If you can not currently upgrade GARS but want to apply the fixes, you can manually edit the 2 affected files by following the text file attached to this post.
Please leave this thread open for discussion of 2.1.8b. Post bugs or feature requests in Project Tools or start a new thread to troubleshoot.
FYI, the latest package is 2.1.8c. Read here
Attached Files
File Type: txt xss.txt (1.4 KB, 99 views)

Last edited by The Geek; 06-02-2007 at 11:24 PM..
Reply With Quote
  #2  
Old 05-28-2007, 09:13 PM
Quisaz Haderach Quisaz Haderach is offline
Member
 
Join Date: Mar 2007
Posts: 53
Thumbs up

Thank you for providing fast that patch for the security issue
Take care
Reply With Quote
  #3  
Old 05-28-2007, 09:50 PM
Ranma Ranma is offline
Junior Member
 
Join Date: Jan 2006
Posts: 14
Geek Article and Review System License Holder Geek Auto-Linker Pro License Holder 
Default

Thanks for the update
Reply With Quote
  #4  
Old 05-28-2007, 11:17 PM
Chief Corn Chief Corn is offline
Junior Member
 
Join Date: Nov 2005
Location: Santa Monica, CA
Posts: 5
Geek Article and Review System License Holder 
Default

just upgraded from 2.0.2 to 2.1.8b and it seems to be functioning ok now. i had a problem with an invalid sql column 'gcv.gars6' in 'field list' but i think cleaning the cache and/or rebuilding custom field title and descriptions fixed it.
__________________
Life Slash Quit Films
Reply With Quote
  #5  
Old 05-28-2007, 11:45 PM
cupra cupra is offline
Junior Member
 
Join Date: Dec 2006
Posts: 18
Geek Article and Review System License Holder Geek Advertising Banner License Holder 
Default

installd - thx a lot for that update the geek = your doing a great work !
Reply With Quote
  #6  
Old 05-29-2007, 12:48 AM
florino florino is offline
Junior Member
 
Join Date: Jan 2007
Posts: 1
Geek Article and Review System License Holder Geek Gazette License Holder 
Default

Thank you !!
Reply With Quote
  #7  
Old 05-29-2007, 06:00 AM
Loco's Avatar
Loco Loco is offline
Senior Member
 
Join Date: Nov 2005
Posts: 132
Geek Article and Review System License Holder Geek Advertising Banner License Holder Geek Gazette License Holder 
Default

I didn't even see the 2.1.8 release, guess I know one thing I'll be doing this week.

Thanks for keeping us secure
__________________
-----==== Check out The Best Forum Ever! & my new biz Sheley Enterprises =====-----
I offer contract work marketing and modifying forums, let me know if you have any questions.
Reply With Quote
  #8  
Old 05-29-2007, 06:28 AM
Hornstar6969 Hornstar6969 is offline
Senior Member
 
Join Date: Aug 2006
Posts: 141
Geek Article and Review System License Holder Geek Auto-Linker Pro License Holder Geek Advertising Banner License Holder Geek Gazette License Holder 
Default

never a problem when it is dealing with security. thanks.
Reply With Quote
  #9  
Old 05-29-2007, 07:31 PM
artsin artsin is offline
Junior Member
 
Join Date: Oct 2006
Posts: 9
Geek Article and Review System License Holder GeekMart License Holder Geek Auto-Linker Pro License Holder Geek Advertising Banner License Holder Geek Gazette License Holder 
Default

Has thanked installs and it functions wonderfully
Reply With Quote
  #10  
Old 06-02-2007, 08:35 PM
efil's Avatar
efil efil is offline
Member
 
Join Date: Dec 2005
Posts: 74
Geek Article and Review System License Holder 
Default problem after upgrade

Hi,
After upgrade to 2.1.8b , i get this (see pic) where ever there is (").
It's
happen only in Forumdisplay. (my forum is in hebrew).
Attached Images
File Type: jpg 1.JPG (99.1 KB, 123 views)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
GARS 2.1.7 Release discussion The Geek Geek Article and Review System 47 05-22-2007 01:15 PM
GARS 2.1.1 Release Discussion The Geek Geek Article and Review System 23 12-13-2006 12:15 PM
GARS 2.1.0 Release Discussion The Geek Geek Article and Review System 32 12-12-2006 09:32 AM
GARS 2.0.2 Release Discussion The Geek Geek Article and Review System 15 11-17-2006 09:36 AM
GARS 1.01 Release Discussion The Geek Geek Article and Review System 37 04-11-2006 07:52 PM


All times are GMT. The time now is 03:24 AM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.