[geeklog-cvs] geeklog: Updated documentation and version number

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/052245bd696a
changeset: 7202:052245bd696a
user:      Dirk Haun <dirk@xxxxxxxxxxxxxx>
date:      Wed Jul 29 20:33:20 2009 +0200
description:
Updated documentation and version number

diffstat:

 public_html/admin/install/index.php |   2 +-
 public_html/docs/changes.html       |  12 ++++++++++++
 public_html/docs/history            |  11 +++++++++++
 public_html/siteconfig.php.dist     |   2 +-
 4 files changed, 25 insertions(+), 2 deletions(-)

diffs (66 lines):

diff -r afae3e80949c -r 052245bd696a public_html/admin/install/index.php
--- a/public_html/admin/install/index.php       Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/admin/install/index.php       Wed Jul 29 20:33:20 2009 +0200
@@ -48,7 +48,7 @@
     define("LB", "\n");
 }
 if (!defined('VERSION')) {
-    define('VERSION', '1.5.2sr4');
+    define('VERSION', '1.5.2sr5');
 }
 if (!defined('XHTML')) {
     define('XHTML', ' /');
diff -r afae3e80949c -r 052245bd696a public_html/docs/changes.html
--- a/public_html/docs/changes.html     Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/docs/changes.html     Wed Jul 29 20:33:20 2009 +0200
@@ -16,6 +16,18 @@
 <a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a 
list
 of files that have been changed since the last release.</p>
 
+<h2><a name="changes152sr5">Geeklog 1.5.2sr5</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+    email a story to a friend.</li>
+<li>The "Mail Story to a Friend" function didn't check story permissions, so
+    that it was possible to email a story even if you didn't have the
+    permissions to view it on the site.</li>
+</ol>
+
+
 <h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
 
 <p>Bookoo of the Nine Situations Group posted another SQL injection exploit, 
targetting an old bug in usersettings.php. As with the previous issues, this 
allowed an attacker to extract the password hash for any account and is fixed 
with this release.</p>
diff -r afae3e80949c -r 052245bd696a public_html/docs/history
--- a/public_html/docs/history  Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/docs/history  Wed Jul 29 20:33:20 2009 +0200
@@ -1,5 +1,16 @@
 Geeklog History/Changes:
 
+Jul 30, 2009 (1.5.2sr5)
+------------
+
+This release addresses the following security issues:
+- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+  email a story to a friend.
+- The "Mail Story to a Friend" function didn't check story permissions, so that
+  it was possible to email a story even if you didn't have the permissions to
+  view it on the site.
+
+
 Apr 18, 2009 (1.5.2sr4)
 ------------
 
diff -r afae3e80949c -r 052245bd696a public_html/siteconfig.php.dist
--- a/public_html/siteconfig.php.dist   Wed Jul 29 19:56:01 2009 +0200
+++ b/public_html/siteconfig.php.dist   Wed Jul 29 20:33:20 2009 +0200
@@ -38,7 +38,7 @@
   define('LB',"\n");
 }
 if (!defined('VERSION')) {
-  define('VERSION', '1.5.2sr4');
+  define('VERSION', '1.5.2sr5');
 }
 
 ?>
_______________________________________________
geeklog-cvs mailing list
geeklog-cvs@xxxxxxxxxxxxxxxxx
http://eight.pairlist.net/mailman/listinfo/geeklog-cvs