mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

upcoming advisory, prepare

Browse Source
This commit is contained in:
Garvin Hicking 2010-08-26 16:03:16 +00:00
parent ad937920a2
commit 596a3da8a7
2 changed files with 6 additions and 0 deletions

2
docs/NEWS

@ -71,6 +71,8 @@ Version 1.6 ()
Version 1.5.4 (August 26th, 2010) Version 1.5.4 (August 26th, 2010)
------------------------------------------------------------------------ ------------------------------------------------------------------------
* Fix XSS in backend, thanks to High-Tech Bridge SA #HTB22595
* Fix PHP 5.3.2 parse error in a file, thanks to fyremoon * Fix PHP 5.3.2 parse error in a file, thanks to fyremoon
* Fix SQL query statement for deleting a category, which on some * Fix SQL query statement for deleting a category, which on some

4
include/functions_config.inc.php

@ -846,6 +846,10 @@ function serendipity_iframe_create($mode, &$entry) {
return true; return true;
} }
if (!serendipity_checkFormToken()) {
return false;
}
$_SESSION['save_entry'] = $entry; $_SESSION['save_entry'] = $entry;
$_SESSION['save_entry_POST'] = $serendipity['POST']; $_SESSION['save_entry_POST'] = $serendipity['POST'];