Comments on: Recommended Update: WordPress 2.0.6

By: Fundraiser

Fundraiser — Thu, 18 Jan 2007 21:10:34 +0000

A few questions from a blog idiot

How do you keep the spammers from eating you alive? i\’ve seen blogs with nothing but spam postings.

How do you keep some left wing extremist from posting racist or defamatory rhetoric? and if you cant stop them, what are you legally liabel when they do?

can viruses be posted to blogs?

By: Mark

Mark — Sun, 07 Jan 2007 23:21:05 +0000

This security issue has been found in specifically on WordPress 2.0.5′s template.php allows a user with access to the templates.php to insert arbitrary HTML and/or Javascript which can be then executed by other administrators. The link title of recent accessed files is not sanitized which causes the HTML tags ending with “/” fail. Prior to 2.0.6 release, the temporary workaround is using open “IMG” tags which only works on Firefox and Internet Explorer