Security Vulnerability Fixed
Posted on Sunday, April 15, 2007Users have reported a security vulnerability in Pixaria which can be exploited if PHP's register_globals variable is turned on.
My current advice is for everyone to upgrade to the newly released version 1.4.3 or if that's not possible, to install this patched file: class.Smarty.php.zip into resources/includes on your current installation.
For reference, the installation documentation of Pixaria has been updated with information on how to prevent malicious access to Pixaria's 'include' and 'libraries' scripts as this can easily be prevented by creating a text file called .htaccess with the following text in it:
Order Deny,Allow
Deny from all This file should then be uploaded to:
-/resources/incoming/
-/resources/library/
-/resources/includes/
-/resources/pixies/
-/resources/smarty/
To test whether this is working on your site, browse to these directories using your web browser like this:
http://www.mysite.com/pixaria/resources/includes/
You should get an error message and access denied warning.
Permalink del.icio.us Digg itHot Picks
- Extras, Tools & Utilities
- Get more out of Pixaria Gallery
- Technical Specifications
- In depth technical information
- Pixaria Demo Website
- Have a go with the real thing
- Frequently Asked Questions
- Answers to common enquiries
Pro Photographers
- Karel Delvoye
- Sport Photography
- Frédéric Sune
- Photo journalism
- Jordan Weeks
- Action and event photography
- Justin Roselt
- Wedding and portrait photography
- Jason Friend
- Landscape photographer profile
Blog Diary
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
Recent Entries
More Blog Entries
Remember that you can keep up to date on news from Pixaria.com and access the blog directly by subscribing to our RSS news feed.
