Updated 21/10/2007: Having returned from a 2 days absence I've been informed of a problem in polls_archive.php. This has now been fixed.Updated 19/10/2007: Admin activated registrtion reported broken. This has been fixed, please update your register.php from the latest update package or cvs.Updated 18/10/2007: A few users have reported problems with non email activated registration. A problem has been isolated in register.php and has now been fixed. I also forgot to include the updated polls_archive.php file. Both fixes have been added to the update package. Sorry for any inconvenience. As a part of our continued commitment to v6.01 we are pleased to have v6.01.12 available. This release fixes a number of long standing issues. We have integrated a new captcha code (from v7) which should stop non-human registrations. Secondly, we've added the double md5 hashed user passwords feature, again from v7. Finally, there are a number of security updates. v6.01.12 should make PHPFusion more secure than ever. For details on what's new click read more.
Existing v6.01.11 users can download the file '6.01.12 Update for v6.01.11 and simply upload the included files and click upgrade under System Admin. if you are running an earlier version of 6.01.x you will first need to apply the previous updates first. The full sourceforge package has also been updated.
New Features:
Added double md5 hashing to user passwords for better security.
Integrated new captcha include from v7.
Tweaked cleanurl function to protect against UNION exploits. (thanks to lelebart for providing fix)
Security fixes:
messages.php - Fixed msg_read sql query security.
photogallery.php - Fixed vulnerabilities in $prev, $next and $photo_thumb variables.
print.php - Fixed article category access check.
search.php - Fixed vulnerability in stext POST variable.
submit.php - Fixed sql injection in article submission.
update_profile_include.php - Fixed possible sql injection in username and email checks.
