Users have reported a security vulnerability in Pixaria which can be exploited if PHP's register_globals variable is turned on.
My current advice is for everyone to upgrade to the newly released version 1.4.3 or if that's not possible, to install this patched file: class.Smarty.php.zip into resources/includes on your current installation.
For reference, the installation documentation of Pixaria has been updated with information on how to prevent malicious access to Pixaria's 'include' and 'libraries' scripts as this can easily be prevented by creating a text file called .htaccess with the following text in it:
Order Deny,Allow
Deny from all This file should then be uploaded to:
-/resources/incoming/
-/resources/library/
-/resources/includes/
-/resources/pixies/
-/resources/smarty/
To test whether this is working on your site, browse to these directories using your web browser like this:
http://www.mysite.com/pixaria/resources/includes/
You should get an error message and access denied warning.
del.icio.us Digg itMore E-mail Problems
Thursday, July 2, 2009
Minor Pixaria Update
Tuesday, June 30, 2009
Pixaria Hosting Offer
Tuesday, June 23, 2009
Pixaria 2.6.2 Now Available
Monday, June 22, 2009
How to get a vCard file onto an iPhone
Sunday, June 21, 2009
Counting Code
Thursday, June 4, 2009
Spanish Localisation Now Complete!
Thursday, May 21, 2009
Pixaria 2.6.1 Now Available
Monday, May 18, 2009
Pixaria Roadmap Update
Tuesday, May 12, 2009
Pixaria 2.6 Service Pack
Monday, May 11, 2009
In association with Amazon, here are some great book recommendations to help you get started using Pixaria Gallery and support continued development - all at the same time!
