Pixelpost

Authentic Photoblog Flavour

« Follow Pixelpost on Twitter Where’s v2.0? »

Pixelpost 1.7.3 (security update) September 2, 2009

Posted by Dennis

Hello fellow Pixelpost users!

Only a few weeks after the latest release of Pixelpost I would like to announce the release of Pixelpost v1.7.3. It came to our attention there were a couple of places left in the code which could be used for an SQL injection or a XSS attack. So we’ve patched the code and threw in some additional bugfixes and other code as well.

If you have an older version, I’d highly recommend you to upgrade, if only for the security fixes alone.

So without further ado, here is the download link: pixelpost_v1.7.3.zip

For the technical minded, you can see the diff file for this version here: http://pastie.textmate.org/616485

Posted in Bugfix, Critical, News, Pixelpost, Releases

You can follow any responses to this entry through the RSS 2.0 feed. Trackback from your own site.

48 Responses to “Pixelpost 1.7.3 (security update)”

  1. yves September 3, 2009 @ 3:00 pm

    Hi,

    I’use 1.7.1 version but modified by myself to specific usage. It’s possible to find a patch ?

    Thanks (french user)

  2. Dennis September 3, 2009 @ 3:19 pm

    Hi Yves,

    Currently there is no patch available but I think we can make a diff. Let me see what I can do.

  3. Jay Williams September 3, 2009 @ 10:30 pm

    The patch will work with v1.7.1 and v1.7.2, without a problem.

  4. yves September 4, 2009 @ 1:42 am

    @Dennis : ok ! thanks in advance ! I just wan’t to patch security problems ;)

  5. photography September 6, 2009 @ 3:46 pm

    Hi guys,

    Please include a patch as some of us had their pixelpost customized over time and a start over is not an easy route to follow…

    Thanks! :)

  6. speopixel September 7, 2009 @ 9:11 pm

    @Jay Williams: Hi! There is a patch for uppgrading from 1.7.2 to 1.7.3? Or I am missing something? Thx!

  7. Markus Sowada (morgenland) 's status on Wednesday, 09-Sep-09 06:36:11 UTC - Identi.ca September 9, 2009 @ 1:36 am

    [...] http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ a few seconds ago from web [...]

  8. speopixel September 9, 2009 @ 6:21 am

    Thanks Markus, I sow that one, I was thinking about a patch only for the security issues. I’ve downloaded and upgraded my installation (1.7.2) to 1.7.3, (it works like described, it was OK) but then I had some crashes with my current template (Dark Matter Pro) so I had to downgrade-it back to 1.7.2. Thanks!

  9. yves September 15, 2009 @ 3:57 am

    Hi,

    No new about security patch ?

    Many thanks !

  10. netsrac September 23, 2009 @ 1:38 am

    Can you supply a patch-file again version 1.7.1? This would be helpful. The one posted here failed…

    Tahnks…Netsrac

  11. yves September 23, 2009 @ 2:50 pm

    Yes ! This would be helpful ! thanks.

  12. fp September 30, 2009 @ 12:35 pm

    Thanks for the upgrade, I just installed and my stats disappeard?

  13. fp September 30, 2009 @ 3:01 pm

    I used to go to /admin/index.php?view=image-stats for my stats, after this plugin was installed the URL is no longer accessible.

    I have Advanced stats (advanced_stat – version 1.0) – status: ON

  14. fp October 3, 2009 @ 1:39 pm

    Not sure what the issue was, I just reinstalled them all and it now appears.

  15. Adam October 8, 2009 @ 10:24 am

    I’ve just started playing with pixelpost 1.7.3. It’s really awesome!

    I have noticed one bug though which I would like to get fixed. When I post a photo for a future publish date, it doesn’t show up on the browse page until the expected time, but it does show on the home page and in the next/previous cycle.

    I’ve never used any previous version, so I’m not sure if this is a new issue.

    Also, If there is a better place to report bugs, please let me know. I couldn’t find anything.

  16. fp October 10, 2009 @ 6:22 pm

    Hey Adam, that’s how it has always been. Future posts will not appear into “archives” until they are posted live in the system.

  17. monika October 13, 2009 @ 6:57 am

    Hi, there!

    Is there any instruction, how to update PP on line, on working photoblog?

    Thanks in advance…

  18. Adam October 13, 2009 @ 2:58 pm

    So there is no way to avoid having the future posts show up in the regular rotation? I would love to be able to setup daily posts for the next week and have them not show anywhere on the site until their post date.

  19. Dennis October 13, 2009 @ 3:54 pm

    @Adam: Yes, but the explanation of fp is a bit short. While you’re logged in as an admin on the site you will see the future posts. As soon as you log out of the admin panel you won’t see them until they get published on the site.

    @Monica: upgrading is generally done by replacing all the files, overwriting the core files. If you have made modifications to the core files, I suggest you look at the diff file from the post.

  20. Adam October 14, 2009 @ 11:58 am

    Ah, that makes sense. Thanks for clarifying!

  21. Roy Donasco November 15, 2009 @ 3:32 am

    Bug fix on looping admin page login.

    Line 149 of /admin/index.php, change “===” to “==”.

    Regards,
    Roy

  22. Turnbill November 30, 2009 @ 6:42 am

    Hey Dennis,

    I’m using PP 1.7.1 and have been hit by the SQL Injection exploit. Unfortunately, I deleted the targeted image before finding your post warning not to do that. Would upgrading to 1.7.3 fix the injection hack or is it already too late since the offending code has been inserted into my DB?

    Thanks,

    Bill

  23. Dan December 10, 2009 @ 12:18 pm

    There still seems to be a security issue with v1.7.3.My host shut down my site for a while yesterday after being hit with a bulk mailer script (spam). If this happens to you, look for this file /admin/ups.php and delete it.

  24. Dan December 10, 2009 @ 12:19 pm

    There still seems to be a security issue with v1.7.3. My host shut down my site for a while yesterday after being hit with a bulk mailer script (spam). If this happens to you, look for this file /admin/ups.php and delete it.

  25. soumission December 31, 2009 @ 5:56 am

    I think you should publish on the topic more often

  26. Marcus Deruiter January 2, 2010 @ 1:59 pm

    Show your support, buy tonight’s card. Some of weakest cards have turned out to be some of the best and most exciting. IMO all the fights tonight are great match-ups style wise and it could be a very exciting card.

  27. Tyson F. Gautreaux January 13, 2010 @ 6:45 pm

    I was searching for digital photography tutorials when I found your site. Excellent post. Thank You.

  28. island vacations January 16, 2010 @ 2:04 am

    I’m occupying with this subject and I guess I will benefit from this content. thank you very much

  29. Abu-nada January 17, 2010 @ 5:12 am

    thanks for update

  30. privat Kredit January 18, 2010 @ 5:57 pm

    Please, can you tell me about it some more, I am actually a fan of the diary …

  31. Gonzalo Bild January 20, 2010 @ 11:56 pm

    Online marketing is not just for the effective product, producing a website or for letting customers buy items online. Online marketing can likewise include how a business owner can employ a work team. The measure of people who are studying computers, web design, and learning to host websites proves just how successful online marketing can make the employer, the employees, and the independent contractors. And with a sufficient Internet savvy team, your business earnings can increase too. :)

  32. swann security camera January 21, 2010 @ 12:01 am

    Good review from you, i got myself lost in here if i hadn’t find your blog, thanks for your information

  33. Mathew K. January 26, 2010 @ 8:01 pm

    I admit, I have not been on this blog in a long time… all the same it was another joy to see It is such important subject and avoided by so many, even expert. I thank you to succor making people more informed of possible problems.

  34. Macindeor Maccalman January 28, 2010 @ 4:39 am

    Wow! what an idea ! What a concept ! Beautiful .. Amazing …

  35. Anonymous January 29, 2010 @ 5:58 pm

    Thanks for the Information.

  36. privat Kredit February 6, 2010 @ 6:37 pm

    Do not usually post on blogs, but I would like to post it really forced me to not be so! very nice post.

  37. how to increase computer speed February 12, 2010 @ 1:41 pm

    Hey, I attempted to email you about this article that i’ve a few inquires, but can’t seem to reach you. Please email me when have a minute. Thanks.

  38. ninfabito February 15, 2010 @ 4:21 am

    Can anyone out there let me know how to contact a tech support person for Pixelpost or Photoposts.org. I’m unable to log into my account and am unable to get any auto generated password resets as the site says it would.

    Thanks. nzbphotos[at]gmail.com

  39. Kreditzins February 21, 2010 @ 9:02 am

    About Pixelpost?!

  40. Henry Kyger February 23, 2010 @ 1:07 pm

    Many thanks for the article. I will have a link back to this information from our fresh blog. Thanks again.

  41. facebook pokerchips February 26, 2010 @ 4:16 am

    haha a couple of of the responses bloggers distribute are so silly, once in a while i contemplate if they in reality read the article and content before leaving your 2 cents or whether they only just read over the title of the blog post and generate the very first thought that drifts into their minds. in any case, it is nice to read through sensible commentary every now and then compared to the same exact, outdated post vomit that i more often than not see on the net

  42. club penguin February 27, 2010 @ 12:24 am

    Great site. Will return :)

  43. new movies coming soon February 28, 2010 @ 3:16 pm

    Nice information, many thanks to the author. It is incomprehensible to me now, but in general, the usefulness and significance is overwhelming. Thanks again and good luck!

  44. Robert March 6, 2010 @ 2:17 am

    Excellent Opportunity to Study

    1) Many people still think of online education as a way to take an extra class to supplement their brick-and- mortar education. However, online education, or distance learning, is becoming an increasingly popular way to complete an entire degree. More people are turning to distance learning to complete associates, bachelors and masters degrees……

    http://www.sangambayard-c-m.com

  45. Robert March 8, 2010 @ 6:18 am

    Excellent Opportunity to Study
    2) Creativity is a blessing from nature but we can develop it by careful planning through education. This is all the more important in a country like USA where we accept even the mediocre to contribute their best and create something new.
    Hence, it is necessary that parents and teachers provide healthy conditions at home and the school. This would enable children to express themselves and contribute something new for the society, which may be termed as creativity……….

    http://www.sangambayard-c-m.com

  46. Hypno March 8, 2010 @ 10:29 am

    i really never thinking for that point. just also i’m a real newbie about that.

  47. Genevie Strassner March 9, 2010 @ 2:49 pm

    @john i am not sure thats true

  48. Joy I. Silverman March 10, 2010 @ 4:29 am

    I purchased a cctv camera system from walmart. What a mistake. Lousy quality products. I guess you get what you pay for. I found CCTV Boss via google and whilst they were not the cheapest to buy from, they sure knew their products and the service was great.

Leave a Reply