miniBB ® 


Support Forums
 | Start | Register | Search | Statistics | File Bank | Manual |
News miniBB Support Forums / News /  

RSS addon update - file inclusion vulnerability fix

Author Paul
Lead Developer 
#1 | Posted: 13 Jun 2007 12:56 
For those who are using RSS addon, we recommend to install the patch which fixes so known vulnerability when register_globals in PHP is set to ON.

If register_globals is set to OFF, or if you are using Premoderation addon, you don't need to worry.

Else modify the file rss2.php and paste this line BEFORE the line which declares the setting called $premodDir (commented by default):

if(isset($premodDir)) unset($premodDir);
//$premodDir='./shared_files/'; /* If you are using premoderation addon, set/uncomment this option to not display pending messages in the RSS feed. */

Thanks to our user kazim09 who has been reported this issue.

News miniBB Support Forums / News /
 RSS addon update - file inclusion vulnerability fix
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message

Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.

Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.


miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.