miniBB Support Forums | 15 years on The Web
miniBB ®


 | Forums | Register | Reply | Search | Statistics | Manual |
News & Announcements miniBB Support Forums / News & Announcements /   

RSS addon update - file inclusion vulnerability fix

Author Paul
Lead Developer
#1 | Posted: 13 Jun 2007 12:56 | Edited by: Paul 
For those who are using RSS addon, we recommend to install the patch which fixes so known vulnerability when register_globals in PHP is set to ON.

If register_globals is set to OFF, or if you are using Premoderation addon, you don't need to worry.

Else modify the file rss2.php and paste this line BEFORE the line which declares the setting called $premodDir (commented by default):

if(isset($premodDir)) unset($premodDir);
//$premodDir='./shared_files/'; /* If you are using premoderation addon, set/uncomment this option to not display pending messages in the RSS feed. */

Thanks to our user kazim09 who has been reported this issue.

News & Announcements miniBB Support Forums / News & Announcements /
 RSS addon update - file inclusion vulnerability fix
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message

You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.