Hi,
the vulnerabilities on secunia.com have been fixed long time ago (see
their recommendation to upgrade).
The patch you supplied is actually not enough to prohibit users from
entering script code. I fixed following additional cases:
- Enter a user name, full name or email address conaining JavaScript
- Doing a search by entering JavaScript in an attribute search field
- Entering JavaScript in a quick filter text box.
The fixes are contained in SVN revision 1792.
Regards,
Stefan Ritt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
