Security Updates are released for Fox and FoxForum, fixing a javascript injection vulnerability.
Details: All input values from php $_POST or $_GET are now filtered with htmlspecialchars(stripmagic($value),ENT_NOQUOTES); I added the filter htmlspecialchars. Wthout this I could inject javascript code on my local machine with a post. This did not happen on my hosting server, so I do not know the extent of the danger for javascript injection attacks. Still I advise anyone using Fox or FoxForum to upgrade. ~Hans _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
