Posted on: 2003/12/23 2:17
Re: Xoops 18.104.22.168 XSS attack?
Somebody warned us earlier today.
As I said in another post, this is not an issue if you haven't set your "links" section to auto-approve.
The patch has already been done, but as we expect to make a release fixing a few other problems in a week or so, we decided not to release this one alone right now.
However you can already get the fixed files and copy them to /modules/mylinks/
(they should work with 2.0.1 - 22.214.171.124, and although I haven't tested them extensively I don't think there will be any problems with them):myheader.phpsubmit.phpvisit.php
[ EDITED ]
Sorry, I messed with the links in the original post. They should be ok now (or at least in a few minutes, myheader and visit should both be v1.8 when you get them).