Secondary XSS fixes (6.01.8)

Notice: Undefined index: user_status in /home/pfusion/public_html/print.php on line 80
Posted by Digitanium on Mar 04 2007 at 15:07:51

---

Some of you may have noticed yesterday in the shoutbox that a new exploit had been discovered. I am pleased to say that these issues have now been corrected and the patch is now available for download. The files affected include forum/postify.php and forum/viewthread.php. For details of the exact updates please refer to the CVS. Credit: BloodKiller.

Existing v6.01.6 and 6.01.7 users can download the file '6.01.8 Update for v6.01.6/7 and simply upload the included files and click upgrade under System Admin. The full sourceforge package has been updated.

PHP-Fusion 6.01.8 Update FOR V6.01.6 and 6.01.7 ONLY (6Kb).
PHP-Fusion 6.01.8 (2.04Mb).

While I am on this issue, I would like to say that while I appreciate users reporting discovered exploits I do not appreciate being held to ransom, I will co-operate with anyone who operates in the correct manner, however, the behaviour of certain individuals in the last few weeks is nothing short of unacceptable. I do not wish to name any names but I will say that anyone who acts maliciously against this community in the future will be banned for life, no second chances. I am sick and tired of people thinking they can take me and this community for a ride. It ends here and now. That's all I have to say. Thank you.