Users have reported a security vulnerability in Pixaria which can be exploited if PHP's register_globals variable is turned on.
My current advice is for everyone to upgrade to the newly released version 1.4.3 or if that's not possible, to install this patched file: class.Smarty.php.zip into resources/includes on your current installation.
For reference, the installation documentation of Pixaria has been updated with information on how to prevent malicious access to Pixaria's 'include' and 'libraries' scripts as this can easily be prevented by creating a text file called .htaccess with the following text in it:
Order Deny,Allow
Deny from all This file should then be uploaded to:
-/resources/incoming/
-/resources/library/
-/resources/includes/
-/resources/pixies/
-/resources/smarty/
To test whether this is working on your site, browse to these directories using your web browser like this:
http://www.mysite.com/pixaria/resources/includes/
You should get an error message and access denied warning.
del.icio.us Digg itPixaria Roadmap Update
Friday, March 12, 2010
Pixaria News Gets Comments
Thursday, February 18, 2010
Documentation Update
Tuesday, February 16, 2010
Is this 'FaceBook Login'?
Friday, February 12, 2010
Pixaria Gallery 2.8.0 Released
Tuesday, February 9, 2010
Pixaria 2.7.9 Now Available
Thursday, January 7, 2010
Welcome to 2010
Friday, January 1, 2010
Advertising Experiment
Thursday, December 31, 2009
Offline Between Dec 19th and 29th
Friday, December 18, 2009
Pixaria 2.7.8 Released
Thursday, December 3, 2009
In association with Amazon, here are some great book recommendations to help you get started using Pixaria Gallery and support continued development - all at the same time!
