Secondary XSS fixes (6.01.8)
Posted by Falk on 03/04/2007

---

Some of you may have noticed yesterday in the shoutbox that a new exploit had been discovered. I am pleased to say that these issues have now been corrected and the patch is now available for download. The files affected include forum/postify.php and forum/viewthread.php. For details of the exact updates please refer to the CVS. Credit: BloodKiller.

Existing v6.01.6 and 6.01.7 users can download the file '6.01.8 Update for v6.01.6/7 and simply upload the included files and click upgrade under System Admin. The full sourceforge package has been updated.

PHPFusion 6.01.8 Update FOR V6.01.6 and 6.01.7 ONLY (6Kb).
PHPFusion 6.01.8 (2.04Mb).

While I am on this issue, I would like to say that while I appreciate users reporting discovered exploits I do not appreciate being held to ransom, I will co-operate with anyone who operates in the correct manner, however, the behaviour of certain individuals in the last few weeks is nothing short of unacceptable. I do not wish to name any names but I will say that anyone who acts maliciously against this community in the future will be banned for life, no second chances. I am sick and tired of people thinking they can take me and this community for a ride. It ends here and now. That's all I have to say. Thank you.