New Development Release: Qdig 20060524
This release corrects code that can possibly be used for cross-site scripting if a server is configured with register_globals enabled. It also includes some other minor changes to prepare for conversion to the next stable version.
This release corrects code that can possibly permit
cross-site scripting if a server is configured with
register_globals enabled (not PHP's default since version
4.2.0, which was released April 22, 2002).
This release also makes caption editing slightly more
convenient and has some other minor refinements.
- Improved the caption-editing portion of the INSTALL.txt document.
- Corrected code that exposed vulnerability to cross-site scripting when running on some web servers (reported by http://seclab.tuwien.ac.at/).
- Caption edit auto-lock is now reset by uploading a file, so editing is automatically enabled just by uploading a file.
- The EXIF link will now work for paths that include an ampersand (reported by kaczmar2).
See CHANGELOG.txt for a complete list of changes.
<< New Stable Release: Qdig 126.96.36.199 | News | >>