News»News2006-06-24-2

New Development Release: Qdig 20060524

This release corrects code that can possibly be used for cross-site scripting if a server is configured with register_globals enabled. It also includes some other minor changes to prepare for conversion to the next stable version.

Notes:

This release corrects code that can possibly permit cross-site scripting if a server is configured with register_globals enabled (not PHP's default since version 4.2.0, which was released April 22, 2002).

This release also makes caption editing slightly more convenient and has some other minor refinements.

Changes:

  • Improved the caption-editing portion of the INSTALL.txt document.
  • Corrected code that exposed vulnerability to cross-site scripting when running on some web servers (reported by http://seclab.tuwien.ac.at/).
  • Caption edit auto-lock is now reset by uploading a file, so editing is automatically enabled just by uploading a file.
  • The EXIF link will now work for paths that include an ampersand (reported by kaczmar2).

See CHANGELOG.txt for a complete list of changes.

<< New Stable Release: Qdig 1.2.9.3 | News | >>