It’s not exactly great moments in software engineering or anything, but in case anybody else was running into the same problem, I put the changed — I won’t go so far as to say “improved”, since I’ve barely tested it yet — version up on Github.
For now, the changes are only in the “dev” branch, while “master”
contains Hecker’s original:
Anyone else still using Blosxom and the Feedback plugin is encouraged to play with it and test it out. The most important change is probably this one, which may or may not fix a parameter-sanitization vulnerability. I have no evidence to suggest that Feedback actually had the vulnerability; the problem was discovered in Bugzilla, which also uses the Perl CGI module, which led to the addition of a security warning.
The (potential) issue that this solves is discussed in the article
“New Class of Vulnerability in Perl Web Applications” by Gervase
Markham, and the change to
CGI.pm is mentioned in the comments.
Some other changes made to Feedback include adding support for SMTP Auth, and the ability to specify a port for SMTP mail submission. These are useful if you need to use a standalone mailhost that requires authentication and use of port 587, which is increasingly common in shared-hosting environments.
0 Comments, 0 Trackbacks