[bug #35388] commentized subjects allow PHP code injection

2012-01-29 10:27:45
Follow-up Comment #1, bug #35388 (project mhonarc):

Posting this as a security bug in savannah didn't have the effect I intended
-- it is marked as private in savannah, but unfortunately it showed up in the
mhonarc-dev archives in as a public post.  So I went ahead and
patched it as suggested on our site; it has been working well for us.  We
would appreciate that this patch (or something equivalent) is integrated onto
the next version of Mhonarc.

All sites using PHP for archives are affected by this PHP injection bug; it's
quite possible that sites using other languages are similarly affected too.


Reply to this item at:


  Message sent via/by Savannah

To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the