Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

v6.00.106 update fixes xss exploit

  1. Home
  2. News
  3. Security
  4. v6.00.106 update fixes xss exploit
v6.00.106 update fixes xss exploit
While I was away an xss exploit was uncovered in the news/article submission functions. The code I had produced to prevent the exploit was not quite right. This problem has now been rectified. Existing PHPFusion users can update using the v6.00.106 update pack. If you want to add the fix manaully you simply need to replace the descript() function in your maincore.php. The sourceforge file has been updated.

Update: It seems we forgot to include the prune forum function, the code was in place but there is no prune button in the forum settings admin page. I've added the required fixes as per Rayxen's advice. Sorry about that. smile

To update, simply upload the files contained in the zip and then click Upgrade under System Admin in your Admin Panel. Download v6.00.106 update (8Kb).

Falk July 01 2005 14,062
News Categories
Popular News
PHPFusion 9.0 Beta
PHPFusion 9.0 BetaOctober 03 2014 | Downloads
136395
Tesseract, Progress Report
Tesseract, Progress ReportApril 26 2014 | Development & Design
84850
Welcome Back
Welcome BackMarch 24 2006 | PHPFusion
80514
PHPFusion 9.0 ( Andromeda ) Stable
PHPFusion 9.0 ( Andromeda ) StableApril 27 2017 | PHPFusion
69532
Critical update - v6.00.305
Critical update - v6.00.305March 12 2006 | PHPFusion
67127
PHPFusion v7.02.06
PHPFusion v7.02.06January 27 2013 | Downloads
58865