the simple blogging engine
You are not logged in.
This is a ridiculously small fix to an XSS vulnerability that was graciously pointed out to me via email (thanks).
I also added minimal CSS styling to the installation pages and replaced all tab characters throughout Kure's entirety with dual spaces. There should be no tab characters left anywhere. This has absolutely no effect on performance and you probably shouldn't care, but it's a change.
To upgrade from 0.7, just copy all files (except install.php) over from this release into your current directory for Kure, replacing duplicates.
Or, if you'd like, you can perform the vulnerability fix yourself by adding the following line
$string = htmlspecialchars($string);
to functions.php after line 349 (in the sanitize() function near the bottom of the file, before return $string;)
Download Kure 0.7.1
Details:
-fixed an XSS vulnerability in function sanitize()
-stylized install.php's output
-replaced tab characters with spaces (two per)
Offline
Unfortunately the plugins page on the admin panel won't appear without Fluffball's fix.
Nice to know Kure is still being developed. Keep it up!
Offline