Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Updates for 2.2.5 release

  • Loading branch information...
commit ab93657d72dfdd7e6cca64ab39021bb40a2ef05e 1 parent df070ef
@pudge pudge authored
View
11 CHANGES
@@ -1,3 +1,14 @@
+slash-2.2.5, 2002.02.07
+-----------------------
+
+* It is VERY STRONGLY RECOMMENDED that you upgrade to 2.2.5 from
+ versions 2.2.0 through 2.2.4, immediately. This update fixes a
+ bug which allows scripting attacks which can compromise both
+ user and admin passwords.
+
+* Add note in INSTALL about potential problems with perl 5.6.0
+ (5.6.1 is recommended, 5.005_03 should work fine).
+
slash-2.2.4, 2002.01.14
-----------------------
View
3  INSTALL
@@ -523,7 +523,8 @@ REQUIREMENTS
is not.
perl
- Version 5.6.1 (5.005_03).
+ Version 5.6.1 (5.005_03). [NOTE: perl 5.6.0 may have some problems.
+ 5.6.1 is recommended.]
http://www.cpan.org/
View
2  Makefile
@@ -8,7 +8,7 @@
##
# the used tools
-VERSION = 2.2.4
+VERSION = 2.2.5
DISTNAME = slash
DISTVNAME = $(DISTNAME)-$(VERSION)
View
2  Slash/Utility/Environment/Environment.pm
@@ -1199,7 +1199,7 @@ sub filter_params {
# fields that have ONLY a-zA-Z0-9_
my %alphas = map {($_ => 1)} qw(
- mode section
+ formkey mode section type
);
# regexes to match dynamically generated numeric fields
View
3  docs/INSTALL.html
@@ -585,7 +585,8 @@
<DL>
<DT><STRONG><A NAME="item_perl">perl</A></STRONG><BR>
<DD>
-Version 5.6.1 (5.005_03).
+Version 5.6.1 (5.005_03). [NOTE: perl 5.6.0 may have some problems.
+5.6.1 is recommended.]
<PRE>
<A HREF="http://www.cpan.org/">http://www.cpan.org/</A></PRE>
<P></P>
View
3  docs/INSTALL.pod
@@ -666,7 +666,8 @@ perl 5.005_03 is supported, but MySQL 3.22 is not.
=item perl
-Version 5.6.1 (5.005_03).
+Version 5.6.1 (5.005_03). [NOTE: perl 5.6.0 may have some problems.
+5.6.1 is recommended.]
http://www.cpan.org/
View
12 themes/slashcode/templates/messages;users;default
@@ -31,10 +31,10 @@ __template__
[% CASE 'newuser_msg' %]
[% PROCESS titlebar title=title width="100%" %]
- <B>email</B>=[% form.email %]<BR>
+ <B>email</B>=[% form.email | strip_literal %]<BR>
<B>user id</B>=[% uid %]<BR>
<B>nick</B>=[% form.newusernick %]<BR>
- <B>passwd</B>=mailed to [% form.email %]<BR>
+ <B>passwd</B>=mailed to [% form.email | strip_literal %]<BR>
[% IF suadmin_flag %]
<P>Now you can edit the newly created user
<A HREF="[% constants.rootdir %]/users.pl?op=userinfo&userfield=[% uid %]">
@@ -91,7 +91,8 @@ change your password, or just click pretty widgets to kill time.
[% CASE 'saveuser_email_msg' %]
The user account [% nickname %] on [% constants.sitename %]
had this email associated with it. A web user from
- [% env.remote_addr %] has just changed it to [% realemail %].
+ [% env.remote_addr %] has just changed it to
+ [% realemail | strip_literal %].
If this is not correct, if you did not request this change,
please contact the site administrator immediately.
@@ -128,8 +129,9 @@ change your password, or just click pretty widgets to kill time.
<P>Saving [% nickname.substr(0,20) %].<BR>
[% CASE 'changeemail_msg' %]
- Notifying [% realemail %] of the change to their account.<BR>
- E-mail address changed and re-registration information sent to: [% form.realemail %]<BR>
+ Notifying [% realemail | strip_literal %] of the change to their account.<BR>
+ E-mail address changed and re-registration information sent to:
+ [% form.realemail | strip_literal %]<BR>
[% CASE 'saveuser_passchanged_msg' %]
Password changed for [% nick %], UID [% uid %].<BR>
Please sign in to comment.
Something went wrong with that request. Please try again.