[geeklog-devel] Plan B

[Dirk Haun]

Okay, since properly changing everything over to using COM_applyFilter
takes a lot longer than expected and since kses looks really promising,
I'm opting for a 1.3.8-1sr1 release tomorrow that would include

- kses, thus hopefully addressing all HTML / CSS / Javascript injection
scenarios once and for all
- the "don't show SQL errors in the browser" patch for the database class
- (not security-related) a fix to lib-sessions.php for when the cookie
domain is not set and the URL includes a port number
- and, possibly, a fix for an issue I seem to have found in
usersettings.php (need to double-check that first - more details then)

That would not address the issue when you're running MySQL 4.1, but I
guess we can ignore that for now (but include a warning). 1.3.9rc1, which
will address this, shouldn't be too far away ...

bye, Dirk


-- 
http://www.haun-online.de/
http://www.haun.info/