News
Security Parch v4.6.20 - 2012.05.24
- 24/05/2012 @ 17:59 by GuppY_Team
Security patch 4.6.20 - 2012.05.24
The patch_nc_4.6.20 fixes an XSS flaw, two vulnerabilities allowing code injection and three squeaks reported by Antoine Cervoise, a computer security expert.
Many thanks to Antoine Cervoise, for his interest and for his research on the security of GuppY.
You may see his works on http://www.antoine-cervoise.fr
In addition to the correction of faults and squeaks, here is what we've added in this patch:
- Correction of files for all boxes display (thanks Saxbar)
- Correction of blocked registration of members by automatically deleting the .dtb file with missing pseudo (thanks Saxbar, JeanMi)
- Management of foreign languages by the FCK Editor plugin smileys in file admin/editors/guppy_fckconfig.js (thanks jchouix)
- Correction of image insertion with Chrome in admin/editors/upload/upload.php (thanks jchouix)
- Correction of admin/inc/attribdroits.inc for $ plugin list (thanks Saxbar)
- Correction of $boxwidth in the blog files (thanks Saxbar)
- Correction of $boxwidth in all skins (thanks Saxbar - Papinou)
- Correction of the untitled boxes display in all skins (thanks Saxbar)
- Correction of the display of the block quote (thanks Saxbar)
- Update of CK Editor version 3.6.3 (thanks Papinou)
- Correction of CKEditor and FCK Editor (htlmspecialchars, $charset) for editing text in admin for PHP 5.4 and higher (thanks Saxbar, jchouix)
Many thanks to JeanMi for its proposals and the correction of a squeak for $site['TZ'].
Warning: All skins are affected by changes.
For skins no_skin, skn1, skn_css, skn_css1 you must regenerate the file style.css of each skin with admin/config look/config style to apply the changes.
For skins island and web20, the style.css has been changed for each one in the patch.
As with any new version, remember to update your plugins, reinstall or do your forks again, revalidate your configuration pages.
To go from version 4.6.19 to version 4.6.20, this is what you should use patch_nc_4620.
Many thanks to all contributors to this patch
The GuppY Team
The patch_nc_4.6.20 fixes an XSS flaw, two vulnerabilities allowing code injection and three squeaks reported by Antoine Cervoise, a computer security expert.
Many thanks to Antoine Cervoise, for his interest and for his research on the security of GuppY.
You may see his works on http://www.antoine-cervoise.fr
In addition to the correction of faults and squeaks, here is what we've added in this patch:
- Correction of files for all boxes display (thanks Saxbar)
- Correction of blocked registration of members by automatically deleting the .dtb file with missing pseudo (thanks Saxbar, JeanMi)
- Management of foreign languages by the FCK Editor plugin smileys in file admin/editors/guppy_fckconfig.js (thanks jchouix)
- Correction of image insertion with Chrome in admin/editors/upload/upload.php (thanks jchouix)
- Correction of admin/inc/attribdroits.inc for $ plugin list (thanks Saxbar)
- Correction of $boxwidth in the blog files (thanks Saxbar)
- Correction of $boxwidth in all skins (thanks Saxbar - Papinou)
- Correction of the untitled boxes display in all skins (thanks Saxbar)
- Correction of the display of the block quote (thanks Saxbar)
- Update of CK Editor version 3.6.3 (thanks Papinou)
- Correction of CKEditor and FCK Editor (htlmspecialchars, $charset) for editing text in admin for PHP 5.4 and higher (thanks Saxbar, jchouix)
Many thanks to JeanMi for its proposals and the correction of a squeak for $site['TZ'].
Warning: All skins are affected by changes.
For skins no_skin, skn1, skn_css, skn_css1 you must regenerate the file style.css of each skin with admin/config look/config style to apply the changes.
For skins island and web20, the style.css has been changed for each one in the patch.
As with any new version, remember to update your plugins, reinstall or do your forks again, revalidate your configuration pages.
To go from version 4.6.19 to version 4.6.20, this is what you should use patch_nc_4620.
Many thanks to all contributors to this patch
The GuppY Team
