ReviewPost 2.84: Security Update

[Michael P]

===============
REVIEWPOST 2.84
===============

Minor update to address possible security vunerability.

Files changes since 2.83:

header-inc.php
showcat.php
uploadproduct.php

templates/searchbox.tmpl

Version numbers were updated with the files and should be uploaded:

pp-inc.php
adm-editcfg.php

You only need to upload these two files to bring your release up-to-date. There is no upgrade script to run and no database changes.

Security Fix Info
============

I've updated the current build which modifys a single line in uploadproduct.php which prevents unauthorized file types from being uploaded.

In uploadproduct.php at line 171 is the line:

if ( $realname != "none" && $realname != "" && is_image($realname) ) {

the modification has been made in bold. You can either modify the line yourself and update your script or download the current build and upload the file uploadproduct.php

Another minor fix was added to the other files to prevent HTML code from being passed in URLs.

[Coastie]

I do not see 2.84 in the download area, just the older 2.83. Opening and looking at pp_inc.php verifies it is only 2.83

where can the update be downloaded?

[Michael P]

Doh!

My bad, I forgot to upload it with all these updates!

Uploading now...