Pixaria Software
Security Vulnerability Fixed
Posted on Sunday, April 15, 2007Users have reported a security vulnerability in Pixaria which can be exploited if PHP's register_globals variable is turned on.
My current advice is for everyone to upgrade to the newly released version 1.4.3 or if that's not possible, to install this patched file: class.Smarty.php.zip into resources/includes on your current installation.
For reference, the installation documentation of Pixaria has been updated with information on how to prevent malicious access to Pixaria's 'include' and 'libraries' scripts as this can easily be prevented by creating a text file called .htaccess with the following text in it:
Order Deny,Allow
Deny from all This file should then be uploaded to:
-/resources/incoming/
-/resources/library/
-/resources/includes/
-/resources/pixies/
-/resources/smarty/
To test whether this is working on your site, browse to these directories using your web browser like this:
http://www.mysite.com/pixaria/resources/includes/
You should get an error message and access denied warning.
del.icio.us Digg itComments for this article
blog comments powered by DisqusRecent Entries
dConstruct 2010 - Brighton
Wednesday, September 1, 2010
Pixaria Gallery 2.9.3 Released
Thursday, August 26, 2010
Pixaria Gallery 2.9.2 Released
Wednesday, August 18, 2010
More Image Colour Tagging
Thursday, August 12, 2010
Image Colour Tagging
Tuesday, August 10, 2010
Pixaria Gallery 2.9.1 Released
Tuesday, July 27, 2010
Pixaria Forum Updates
Tuesday, July 6, 2010
Pixaria Gallery 2.8.8 Released
Sunday, July 4, 2010
Upgrades and Support FAQ
Thursday, July 1, 2010
Pixaria Support Extensions Now Available
Wednesday, June 30, 2010
