Stefano Novelli has just sent me a mail, pointing out an XSS security treat threat with the search.php parameters. Am I dumb? I didn’t filter the input!
Well, thanks Stefano, kudos to you!
Because this is FlatPress’ first security bulletin w00t, let’s party :D
You can download the full package from SourceForge as usual, but the files that changed are only two; actually it’s only a matter of ONE line in search.php, the other file just raisesthe minor version number of +1…
So, you can also download the patch for 0.703.2
(and I did all of this on time for dinner…)
PLEASE UPDATE!