Actions

Difference between revisions of "1.6.4 security alert for layout override files"

From Joomla! Documentation

(Created page with "In version 1.6.4 a security fix was made to a number of layout files, specifically those for category lists for articles, weblinks, newsfeeds and contacts and the featured contac...")
 
(Add in version)
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
 +
{{version|1.6}}
 
In version 1.6.4 a security fix was made to a number of layout files, specifically those for category lists for articles, weblinks, newsfeeds and contacts and the featured contact list.  If you are using layout overrides for these you should ensure that you make the same changes are made in your template (if the same issue is present). Overrides are found in the html folder of your template. You may also wish to check layout files for extensions for the same issue since the core layouts are sometimes used as models.
 
In version 1.6.4 a security fix was made to a number of layout files, specifically those for category lists for articles, weblinks, newsfeeds and contacts and the featured contact list.  If you are using layout overrides for these you should ensure that you make the same changes are made in your template (if the same issue is present). Overrides are found in the html folder of your template. You may also wish to check layout files for extensions for the same issue since the core layouts are sometimes used as models.
  
The change made is to replace JfilterOutput:ampReplace  with htmlspecialchars. The following files should be changed:
+
The change made is to replace JfilterOutput::ampReplace  with htmlspecialchars. The following files should be changed:
  
 
*components/com_contact/views/category/tmpl/default_items.php
 
*components/com_contact/views/category/tmpl/default_items.php
Line 11: Line 12:
 
This change should also be made to the override found in the beez5 template
 
This change should also be made to the override found in the beez5 template
  
*templates/beez5/com_content/categoy/default_articles.php
+
*templates/beez5/com_content/category/default_articles.php
  
  
  
 
[[Category:Version 1.6.4 FAQ]]
 
[[Category:Version 1.6.4 FAQ]]

Latest revision as of 14:43, 21 April 2013

In version 1.6.4 a security fix was made to a number of layout files, specifically those for category lists for articles, weblinks, newsfeeds and contacts and the featured contact list. If you are using layout overrides for these you should ensure that you make the same changes are made in your template (if the same issue is present). Overrides are found in the html folder of your template. You may also wish to check layout files for extensions for the same issue since the core layouts are sometimes used as models.

The change made is to replace JfilterOutput::ampReplace with htmlspecialchars. The following files should be changed:

  • components/com_contact/views/category/tmpl/default_items.php
  • components/com_contact/views/featured/tmpl/default_items.php
  • components/com_content/views/category/tmpl/default_articles.php
  • components/com_newsfeeds/views/category/tmpl/default_items.php
  • components/com_weblinks/views/category/tmpl/default_items.php

This change should also be made to the override found in the beez5 template

  • templates/beez5/com_content/category/default_articles.php