Critical Security update
Posted by Falk on 03/05/2005
FireSt0rm has today alerted me to an exploit in PHPFusion 5.01's javascript sanitising code which can be bypassed using ascii characters. This can be fixed by updating your fusion_core.php from the latest service pack. You are strongly advised to apply this update. You can update manually by adding the following lines to fusion_core.php:

Line 321: $message = preg_replace_callback("/&#([0-9]{1,3});/", create_function('$matches', 'return chr($matches[1]);'), $message);
Line 340: $message = preg_replace_callback("/&#([0-9]{1,3});/", create_function('$matches', 'return chr($matches[1]);'), $message);

The Sourceforge files have been updated.
Download PHPFusion 5.01 Service Pack (123Kb).