[geeklog-cvs] geeklog-1.3/docs changes.html,1.24,1.24.2.1 history,1.168.2.1,1.168.2.2
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Mon May 31 14:20:07 EDT 2004
Update of /var/cvs/geeklog-1.3/docs
In directory www:/tmp/cvs-serv1421/docs
Modified Files:
Tag: geeklog_1_3_9_1
changes.html history
Log Message:
Updated documentation
Index: changes.html
===================================================================
RCS file: /var/cvs/geeklog-1.3/docs/changes.html,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -C2 -d -r1.24 -r1.24.2.1
*** changes.html 15 Feb 2004 16:31:39 -0000 1.24
--- changes.html 31 May 2004 18:20:05 -0000 1.24.2.1
***************
*** 23,26 ****
--- 23,62 ----
of files that have been changed since the last release.</p>
+ <h2><a name="changes139sr1">Geeklog 1.3.9sr1</a></h2>
+ <p>This release addresses the following security issues:</p>
+
+ <ol>
+ <li>It was possible to post anonymous comments, even when anonymous comment
+ posting had been switched off in config.php.<br>
+ This bug was apparently exploited by spammers to send hundreds of spam
+ posts to certain Geeklog sites.</li>
+ <li>An additional check for the comment speed limit was missing from
+ comment.php.</li>
+ <li>If none of the topics were visible for anonymous users, the site's index
+ page may still have displayed some stories for anonymous users, depending
+ on the stories' permissions.</li>
+ <li>Users still got Daily Digest emails for topics from which they had been
+ removed (bug #178).</li>
+ <li>It was possible to subscribe to the Daily Digest for all topics, even if
+ the user did not have access to certain topics.</li>
+ <li>Comments to stories were sometimes listed in a user's profile, even if the
+ user viewing the profile didn't have permissions to access the story the
+ comments belonged to.</li>
+ </ol>
+
+ <h3>Other fixes</h3>
+ <ul>
+ <li>Fixed an SQL error in <code>COM_showTopics</code> if users excluded topics
+ from their preferences.</li>
+ <li>Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log,
+ caused by the handling of pseudo-session ids for anonymous users.</li>
+ <li>Fixed incorrect author names in Daily Digest (bug #207).</li>
+ <li>The <code>plugin_profileblocksedit_<i>plugin-name</i> Plugin API function
+ wasn't working due to a missing piece of code in usersettings.php.</li>
+ <li><code>COM_extractLinks</code> will now ignore anchor tags that do not
+ contain "<code>href</code>" (bug #183).</li>
+ </ul>
+
+
<h2><a name="changes139">Geeklog 1.3.9</a></h2>
Index: history
===================================================================
RCS file: /var/cvs/geeklog-1.3/docs/history,v
retrieving revision 1.168.2.1
retrieving revision 1.168.2.2
diff -C2 -d -r1.168.2.1 -r1.168.2.2
*** history 31 May 2004 10:52:16 -0000 1.168.2.1
--- history 31 May 2004 18:20:05 -0000 1.168.2.2
***************
*** 24,29 ****
Non-security related fixes:
! - Fixed an SQL error in COM_showTopics if users excluded topics (in their
! preferences) [Dirk]
- Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log
(caused by the handling of pseudo-session ids for anonymous users) [Dirk]
--- 24,29 ----
Non-security related fixes:
! - Fixed an SQL error in COM_showTopics if users excluded topics in their
! preferences (reported by Rob Young) [Dirk]
- Fixed sporadic "Duplicate entry '...' for key 1." messages in error.log
(caused by the handling of pseudo-session ids for anonymous users) [Dirk]
***************
*** 31,34 ****
--- 31,36 ----
- The plugin_profileblocksedit_<plugin-name> Plugin API function wasn't working
due to a missing piece of code in usersettings.php [Dirk]
+ - COM_extractLinks will now ignore anchor tags that do not contain "href"
+ (bug #183) [Vinny]
More information about the geeklog-cvs
mailing list