For those who are using RSS addon
, we recommend to install the patch which fixes so known vulnerability when register_globals
in PHP is set to ON
If register_globals is set to OFF, or if you are using Premoderation addon, you don't need to worry.
Else modify the file rss2.php and paste this line BEFORE the line which declares the setting called $premodDir
(commented by default):if(isset($premodDir)) unset($premodDir);//$premodDir='./shared_files/'; /* If you are using premoderation addon, set/uncomment this option to not display pending messages in the RSS feed. */
Thanks to our user kazim09
who has been reported this issue.