Download
2013-01-10, 09:56:34
Mediation of cookie spoofing suggestions are as follows.
Make sure you are using a SALT in your install.
Check for data/other/authorization.xml
This should have been created during install, its possible there is an issue and that this is missing for some, please check your sites and let us know.
The safest bet is follow the wiki on securing your site, and use a custom salt in your config.
The code execution issue is only for authenticated users.
Alternativly you can modify the default salt used in 3.1.2
admin/inc/common.php #147
And change that to something unpredictable sha1('somerandomstring');
Or add a nice die('Critical File Missing');
Make sure you are using a SALT in your install.
Check for data/other/authorization.xml
This should have been created during install, its possible there is an issue and that this is missing for some, please check your sites and let us know.
The safest bet is follow the wiki on securing your site, and use a custom salt in your config.
The code execution issue is only for authenticated users.
Alternativly you can modify the default salt used in 3.1.2
admin/inc/common.php #147
PHP Code:
$SALT = sha1($SITEURL);
And change that to something unpredictable sha1('somerandomstring');
Or add a nice die('Critical File Missing');
