[pmwiki-users] PmWiki 2.2.35 released: Security update
5ko at 5ko.fr
Fri Nov 11 09:26:28 CST 2011
Hello. PmWiki version 2.2.35 was published today, and is available at :
This release fixes a critical PHP injection vulnerability discovered today.
PmWiki versions 2.2.X, 2.1.X, 2.0.X and 2.0.beta33 and newer are vulnerable.
When you upgrade, please read carefully the Release notes for all PmWiki
versions since yours.
If you cannot upgrade, it is recommended to disable Searches at the earliest
opportunity (even if your wiki skin doesn't have a search form). Add to
config.php such a line:
if ($action == 'search') $action = 'browse';
If your old version wiki allows editing by not entirely trusted visitors, even
on limited pages like a WikiSandbox, you should also disable PageLists. Add to
config.php this line:
$EnablePageList = 0;
This version has an important change for international wikis: the XLPage()
function no longer loads encoding scripts such as xlpage-utf-8.php. When you
upgrade, you need to include those scripts from config.php, before calling
include_once("scripts/xlpage-utf-8.php"); # if your wiki uses UTF-8
All links can now have tooltip titles. Previously, only images and external
links could have tooltip titles, now this feature is enabled for internal
links. To set a tooltip title, add it in quotes after the link address:
[[Main.HomePage"This is a tooltip title"]]
[[Main.HomePage"This is a tooltip title"|Home]]
[[http://www.pmwiki.org"Home of PmWiki"]]
Attach:image.jpg"Tooltip title of the image"
The following new upload extensions were added: svg, xcf, ogg, flac, ogv, mp4,
webm, odg, epub. A couple of minor optimizations were added (MarkupExpressions
and rendering of page history) and the documentation was updated.
Change log : http://www.pmwiki.org/wiki/PmWiki/ChangeLog
Release notes : http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes
If you upgrade : http://www.pmwiki.org/wiki/PmWiki/Upgrades
More information about the pmwiki-users