Classifieds 2.02: Security Fix
 

=======================
PHOTOPOST CLASSIFIEDS 2.02
=======================

Minor update to address possible security vunerability.

Files changes since 2.01:

showcat.php
header-inc.php
uploadproduct.php

templates/searchbox.tmpl

Version numbers were updated with the files and should be uploaded:

pp-inc.php
adm-editcfg.php

You only need to upload these two files to bring your release up-to-date. There is no upgrade script to run and no database changes.

Security Fix Info
============

I've updated the current build which modifys a single line in uploadproduct.php which prevents unauthorized file types from being uploaded.

In uploadproduct.php at line 230 is the line:

if ( $realname != "none" && $realname != "" && is_image($realname) ) {

the modification has been made in bold. You can either modify the line yourself and update your script or download the current build and upload the file uploadproduct.php

The other files contain a minor fix to prevent html code from being passed as part of a URL string.