Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Critical Security update

Critical Security update
FireSt0rm has today alerted me to an exploit in PHPFusion 5.01's javascript sanitising code which can be bypassed using ascii characters. This can be fixed by updating your fusion_core.php from the latest service pack. You are strongly advised to apply this update. You can update manually by adding the following lines to fusion_core.php:

Line 321: $message = preg_replace_callback("/&#([0-9]{1,3});/", create_function('$matches', 'return chr($matches[1]);'), $message);
Line 340: $message = preg_replace_callback("/&#([0-9]{1,3});/", create_function('$matches', 'return chr($matches[1]);'), $message);

The Sourceforge files have been updated.
Download PHPFusion 5.01 Service Pack (123Kb).

Falk March 05 2005 20,347