Page 1 of 1

Security: GeSHi Local PHP file inclusion

Posted: Thu Sep 29, 2005 3:01 pm
by Enibevoli
See: Security: GeSHi Local PHP file inclusion

I am not sure how this affects Joomla!, but I thought it was a good idea to drop a note here.

Re: Security: GeSHi Local PHP file inclusion

Posted: Thu Sep 29, 2005 4:49 pm
by de
Thanks for letting us know.
As far as I can tell Joomla/Mambo does not contain any GeSHi example files.

Re: Security: GeSHi Local PHP file inclusion

Posted: Thu Sep 29, 2005 4:58 pm
by stingrey
Thank you for the warning, we were not aware of this security alert.


However, we do not include this file in our usuage of geshi within the core.
We only use geshi to format content stored in the database and do not allow the opening and format of code from external files, because of the potential for security exploits - like the one that this alert is about.



However, it does also alert us to the need to upgrade the geshi code library as it was on of the few libraries used in the core that was not upgraded in 1.0.0