Pixelpost

Authentic Photoblog Flavour

« Follow Pixelpost on Twitter Where’s v2.0? »

Pixelpost 1.7.3 (security update) September 2, 2009

Posted by Dennis

Hello fellow Pixelpost users!

Only a few weeks after the latest release of Pixelpost I would like to announce the release of Pixelpost v1.7.3. It came to our attention there were a couple of places left in the code which could be used for an SQL injection or a XSS attack. So we’ve patched the code and threw in some additional bugfixes and other code as well.

If you have an older version, I’d highly recommend you to upgrade, if only for the security fixes alone.

So without further ado, here is the download link: pixelpost_v1.7.3.zip

For the technical minded, you can see the diff file for this version here: http://pastie.textmate.org/616485

Posted in Bugfix, Critical, News, Pixelpost, Releases

You can follow any responses to this entry through the RSS 2.0 feed. Trackback from your own site.

29 Responses to “Pixelpost 1.7.3 (security update)”

  1. yves September 3, 2009 @ 3:00 pm

    Hi,

    I’use 1.7.1 version but modified by myself to specific usage. It’s possible to find a patch ?

    Thanks (french user)

  2. Dennis September 3, 2009 @ 3:19 pm

    Hi Yves,

    Currently there is no patch available but I think we can make a diff. Let me see what I can do.

  3. Jay Williams September 3, 2009 @ 10:30 pm

    The patch will work with v1.7.1 and v1.7.2, without a problem.

  4. yves September 4, 2009 @ 1:42 am

    @Dennis : ok ! thanks in advance ! I just wan’t to patch security problems ;)

  5. photography September 6, 2009 @ 3:46 pm

    Hi guys,

    Please include a patch as some of us had their pixelpost customized over time and a start over is not an easy route to follow…

    Thanks! :)

  6. speopixel September 7, 2009 @ 9:11 pm

    @Jay Williams: Hi! There is a patch for uppgrading from 1.7.2 to 1.7.3? Or I am missing something? Thx!

  7. Markus Sowada (morgenland) 's status on Wednesday, 09-Sep-09 06:36:11 UTC - Identi.ca September 9, 2009 @ 1:36 am

    [...] http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ a few seconds ago from web [...]

  8. speopixel September 9, 2009 @ 6:21 am

    Thanks Markus, I sow that one, I was thinking about a patch only for the security issues. I’ve downloaded and upgraded my installation (1.7.2) to 1.7.3, (it works like described, it was OK) but then I had some crashes with my current template (Dark Matter Pro) so I had to downgrade-it back to 1.7.2. Thanks!

  9. yves September 15, 2009 @ 3:57 am

    Hi,

    No new about security patch ?

    Many thanks !

  10. netsrac September 23, 2009 @ 1:38 am

    Can you supply a patch-file again version 1.7.1? This would be helpful. The one posted here failed…

    Tahnks…Netsrac

  11. yves September 23, 2009 @ 2:50 pm

    Yes ! This would be helpful ! thanks.

  12. fp September 30, 2009 @ 12:35 pm

    Thanks for the upgrade, I just installed and my stats disappeard?

  13. fp September 30, 2009 @ 3:01 pm

    I used to go to /admin/index.php?view=image-stats for my stats, after this plugin was installed the URL is no longer accessible.

    I have Advanced stats (advanced_stat – version 1.0) – status: ON

  14. fp October 3, 2009 @ 1:39 pm

    Not sure what the issue was, I just reinstalled them all and it now appears.

  15. Adam October 8, 2009 @ 10:24 am

    I’ve just started playing with pixelpost 1.7.3. It’s really awesome!

    I have noticed one bug though which I would like to get fixed. When I post a photo for a future publish date, it doesn’t show up on the browse page until the expected time, but it does show on the home page and in the next/previous cycle.

    I’ve never used any previous version, so I’m not sure if this is a new issue.

    Also, If there is a better place to report bugs, please let me know. I couldn’t find anything.

  16. fp October 10, 2009 @ 6:22 pm

    Hey Adam, that’s how it has always been. Future posts will not appear into “archives” until they are posted live in the system.

  17. monika October 13, 2009 @ 6:57 am

    Hi, there!

    Is there any instruction, how to update PP on line, on working photoblog?

    Thanks in advance…

  18. Adam October 13, 2009 @ 2:58 pm

    So there is no way to avoid having the future posts show up in the regular rotation? I would love to be able to setup daily posts for the next week and have them not show anywhere on the site until their post date.

  19. Dennis October 13, 2009 @ 3:54 pm

    @Adam: Yes, but the explanation of fp is a bit short. While you’re logged in as an admin on the site you will see the future posts. As soon as you log out of the admin panel you won’t see them until they get published on the site.

    @Monica: upgrading is generally done by replacing all the files, overwriting the core files. If you have made modifications to the core files, I suggest you look at the diff file from the post.

  20. Adam October 14, 2009 @ 11:58 am

    Ah, that makes sense. Thanks for clarifying!

  21. Roy Donasco November 15, 2009 @ 3:32 am

    Bug fix on looping admin page login.

    Line 149 of /admin/index.php, change “===” to “==”.

    Regards,
    Roy

  22. Turnbill November 30, 2009 @ 6:42 am

    Hey Dennis,

    I’m using PP 1.7.1 and have been hit by the SQL Injection exploit. Unfortunately, I deleted the targeted image before finding your post warning not to do that. Would upgrading to 1.7.3 fix the injection hack or is it already too late since the offending code has been inserted into my DB?

    Thanks,

    Bill

  23. Dan December 10, 2009 @ 12:18 pm

    There still seems to be a security issue with v1.7.3.My host shut down my site for a while yesterday after being hit with a bulk mailer script (spam). If this happens to you, look for this file /admin/ups.php and delete it.

  24. Dan December 10, 2009 @ 12:19 pm

    There still seems to be a security issue with v1.7.3. My host shut down my site for a while yesterday after being hit with a bulk mailer script (spam). If this happens to you, look for this file /admin/ups.php and delete it.

  25. soumission December 31, 2009 @ 5:56 am

    I think you should publish on the topic more often

  26. Abu-nada January 17, 2010 @ 5:12 am

    thanks for update

  27. ninfabito February 15, 2010 @ 4:21 am

    Can anyone out there let me know how to contact a tech support person for Pixelpost or Photoposts.org. I’m unable to log into my account and am unable to get any auto generated password resets as the site says it would.

    Thanks. nzbphotos[at]gmail.com

  28. Bağlama Büyüsü July 15, 2010 @ 4:09 am

    Can anyone out there let me know how to contact a tech support person for Pixelpost or Photoposts.org. I’m unable to log into my account and am unable to get any auto generated password resets as the site says it would.

  29. GeoS July 16, 2010 @ 1:35 am

    The easiest way is to write at forum or PM to one of developers.

Leave a Reply