[geeklog-devel] Plan B

Dirk Haun dirk at haun-online.de
Sat Oct 11 18:46:28 EDT 2003

Okay, since properly changing everything over to using COM_applyFilter
takes a lot longer than expected and since kses looks really promising,
I'm opting for a 1.3.8-1sr1 release tomorrow that would include

- kses, thus hopefully addressing all HTML / CSS / Javascript injection
scenarios once and for all
- the "don't show SQL errors in the browser" patch for the database class
- (not security-related) a fix to lib-sessions.php for when the cookie
domain is not set and the URL includes a port number
- and, possibly, a fix for an issue I seem to have found in
usersettings.php (need to double-check that first - more details then)

That would not address the issue when you're running MySQL 4.1, but I
guess we can ignore that for now (but include a warning). 1.3.9rc1, which
will address this, shouldn't be too far away ...

bye, Dirk


More information about the geeklog-devel mailing list