Hello. PmWiki version 2.2.136 was published today, and is available at:
https://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.136.tgz https://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.136.zip svn://www.pmwiki.org/pmwiki/tags/latest This version fixes a XSS vulnerability for WikiStyles reported today by Igor Sak-Sakovskiy. The fix adds a second argument $keep to the core function PQA($attr, $keep=true) which by default escapes HTML special characters and places the values in Keep() containers. If you have custom functions that call PQA() and expect the previous behavior, set the second argument to false. If you have any questions or difficulties, please let us know. Thanks, Petko -- If you upgrade : https://www.pmwiki.org/Upgrades _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
