[pLog-svn] Please update your templateeditor plugin asap

Oscar Renalias oscar at renalias.net
Thu Feb 22 17:09:14 EST 2007


You should have told us right away. We had sort of a justification  
for the security issue that resulted in LT 1.1.6 released (you had to  
know that "trick" to get it to work), but these ones are just  
embarrassing.

On 23 Feb 2007, at 00:09, Matt Wood wrote:

> Hah, I forgot about that one. That has been around since that  
> plugin came out. I kinda disregarded it because you had to be  
> logged in and pLog wasn't so multi-user back then.
>
> Good 'ole directory traversals.
>
> -Matt
>
> On 2/22/07, Oscar Renalias <oscar at renalias.net> wrote: http:// 
> www.lifetype.net/blog/lifetype-development-journal/2007/02/22/
> critical-security-issues-found-in-the-templateeditor-plugin
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn



More information about the pLog-svn mailing list