Actions

Category-List-Beez-or-other-Template-Overrides

From Joomla! Documentation

Revision as of 10:56, 28 March 2009 by AmyStephen (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In Joomla! 1.5.10, a low-level security patch was made to the com_content Category List Layout file for a potential XSS vulnerability.

This is not considered a serious issue and fixing the problem did not trigger a release. However, the fix should have also been applied to a file in the BEEZ template but that change was unfortunately missed.

If you have a Category Layout Menu Item and you use the BEEZ Template overrides, you can apply this change to your layout file.

Also, for those who have created their own Template Overrides, you might also want to make certain you escape the filter input list, as this example demonstrates.

Steps to address this issue:

1. Do you have a Category List Menu Item? If not, this is not applicable to your Web site.

2. Do you use the BEEZ Template? Or, did you copy the BEEZ Template overrides for use with your Template? If not, this is not applicable to you. (If you have a purchased template, check with your Template provider.)

3. Copy the templates/beez/html/com_content/category/default_items.php file as a backup.

4. Edit the file and locate this value:

<?php echo $this->lists['filter']; ?>

5. Change it to this value:

<?php echo $this->escape($this->lists['filter']); ?>

If you have questions about this change, please ask those questions in the BEEZ Template Forum.