Well, my bad. Stefano has just told me that the bug was still there. And he was right; well, I fixed the wrong file :D
By the way, he let me know there were many (two) other XSS bugs, and I occasionally found another (potential) pair here and there, which I hope are now fixed for good.
Again kudos to Stefano, and all the crew.
Files at the usual places:
Sourceforge for the “big” package, and here for the patch (it will work from 0.702 too)
PS: if you eventually customized defaults.php, this patches that file too, so you’ll have to edit it again to have your changes back
bye
Saturday, September 22, 2007 - 01:30:46
Had someone ever “disallowed comment for an entry” ?
When I do that I have ” SmartyValidate: [validate plugin] form ‘default’ is not registered. in /home/…/fp-includes/smarty/plugins/function.validate.php on line 46
Happenned in firefox and IE6. Flatpress is 0.703.4-crescendo.
(Sorry I didn’t know where else to ask this. Is there a forum for flat press ?)
Saturday, September 22, 2007 - 14:10:01
That does seem a regression :/ as I haven’t time to further investigate I’ve sent you a temporary fix, if anybody here doesn’t need to lock comments I’ll let it as it is for now; please don’t blame me :P