Security: GeSHi Local PHP file inclusion

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
Enibevoli
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Wed Sep 07, 2005 7:10 am

Security: GeSHi Local PHP file inclusion

Post by Enibevoli » Thu Sep 29, 2005 3:01 pm

See: Security: GeSHi Local PHP file inclusion

I am not sure how this affects Joomla!, but I thought it was a good idea to drop a note here.

de
Joomla! Ace
Joomla! Ace
Posts: 1477
Joined: Thu Aug 18, 2005 9:06 am
Contact:

Re: Security: GeSHi Local PHP file inclusion

Post by de » Thu Sep 29, 2005 4:49 pm

Thanks for letting us know.
As far as I can tell Joomla/Mambo does not contain any GeSHi example files.

User avatar
stingrey
Joomla! Hero
Joomla! Hero
Posts: 2756
Joined: Mon Aug 15, 2005 4:36 pm
Location: Marikina, Metro Manila, Philippines
Contact:

Re: Security: GeSHi Local PHP file inclusion

Post by stingrey » Thu Sep 29, 2005 4:58 pm

Thank you for the warning, we were not aware of this security alert.


However, we do not include this file in our usuage of geshi within the core.
We only use geshi to format content stored in the database and do not allow the opening and format of code from external files, because of the potential for security exploits - like the one that this alert is about.



However, it does also alert us to the need to upgrade the geshi code library as it was on of the few libraries used in the core that was not upgraded in 1.0.0
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me :)
Partner, Business Development & Project Manager, Event Manager, Sports Coach :D


Locked

Return to “Security - 1.0.x”