Wichtigste Neuerungen
- Wichtiges Sicherheitsupdate.
- Aktualisierte TCPDF API.
Changelog
- bugfix: hide internal include file path on require error
- bugfix: file inclusion vulnerability in SetParam_Plugin_Language because of missing get parameter sanatizing.
- bugfix: fixed mysql injection vulnerability.
- bugfix: escape_string with real_escape_string.
- bugfix: realescape string password and systemname.
- bugfix: fixed several vulnerabilities (noticed by High-Tech Bridge SA HTB22701 - HTB22703).
- bugfix: add slashes to subarrays inside _POST, too.
- added: new Template var Listing_Empty in write_allArticles().
- added: slashed article fields for php functions within template to avoid parsing errors! $#PHP !empty('{$TITLESLASHED}') # if TITLE contains ' unslashed will fail!
- bugfix: notLike match as corrected, since it has been used twice inside match4.
- update: tcpdf class to 5.9.
- bugfix: mediabrowser popup.
- bugfix: reduced fading time for loading effects.