v6.00.106 update fixes xss exploit
Posted by Falk on 07/01/2005

---

While I was away an xss exploit was uncovered in the news/article submission functions. The code I had produced to prevent the exploit was not quite right. This problem has now been rectified. Existing PHPFusion users can update using the v6.00.106 update pack. If you want to add the fix manaully you simply need to replace the descript() function in your maincore.php. The sourceforge file has been updated.

Update: It seems we forgot to include the prune forum function, the code was in place but there is no prune button in the forum settings admin page. I've added the required fixes as per Rayxen's advice. Sorry about that.

To update, simply upload the files contained in the zip and then click Upgrade under System Admin in your Admin Panel. Download v6.00.106 update (8Kb).