Le 16/06/2011 13:30, Stuart Henderson a écrit :
anyone running phplist? please test this and report back. homepage
says "This version fixes several bugs and a security vulnerability.
Everyone running the 2.10 versions or before is strongly advised
to upgrade to this version."
unfortunately no detailed info on the security vuln, it's not
clear from the changelog, and the diff between versions is about
10K lines...
Probably this change?
---
C:/Users/root/Downloads/diff/phplist-2.10.13/public_html/lists/admin/init.php
Mon Mar 09 12:02:02 2009
+++
C:/Users/root/Downloads/diff/phplist-2.10.14/public_html/lists/admin/init.php
Fri Apr 29 13:45:50 2011
@@ -29,7 +29,9 @@
$GLOBALS['show_dev_errors'] = $show_dev_errors;
## @@ would be nice to move this to the config file at some point
-$GLOBALS['scheme'] = 'http';
+# http://mantis.phplist.com/view.php?id=15521
+## set it on the fly, although that will probably only work with Apache
+$GLOBALS['scheme'] = (isset($_SERVER['HTTPS']) &&
(strtolower($_SERVER['HTTPS']) == 'on')) ? 'https' : 'http';
## spelling mistake in earlier version, make sure to set it correctly
if (!isset($bounce_unsubscribe_threshold) &&
isset($bounce_unsubscribe_treshold)) {
@@ -51,4 +53,4 @@
}
}
-?>
\ No newline at end of file
+?>
--
Stéphane Aulery