Official Home of the PHPFusion CMS

New hole in messages.php.
Posted by Falk on 04/16/2006

With more holes than a domestic sieve, messages.php has had yet another xss exploit discovered and fixed. This script has caused countless problems (I didn't write it, CrappoMan did) and it may be time for us to scrap it and start afresh. Anyway, for now I have added a fix which you can get from the cvs. Normally we'd release a patch but with v6.00.4 near completion there is little point. I have updated the two sourceforge packages, so this file is for existing users only.

Download messages.php