On August 16th, 2011, ClassiPress 3.1.4 (our classified theme) was released. This is a very important security release to primarily fix the TimThumb image resizer exploit. You can also read more about this on our blog. Upgrading is highly recommended ASAP. Fixed 6 tickets total. A breakdown of tickets can be found below.
Upgrade Information
To download v3.1.4, visit AppThemes and login to your customer account. Existing customers can download the patch or the full version.
Fixes
- updated TimThumb script to the latest version to fix security exploit hole
- escaped multiple variables and sql statements to further harden theme security
Changes
- changed home page to use home_url() instead of bloginfo(‘url’) as the href
- adjusted style to work better when no images option is enabled and also updated tooltip
- improved performance by replacing multiple direct queries with single WordPress API calls
Files Modified
single-ad_listing.php Modified tpl-add-new-confirm.php Modified tpl-edit-item.php Modified includes/sidebar-gmap.php Modified includes/gateways/process.php Modified includes/gateways/paypal/ipn.php Modified includes/gateways/paypal/paypal.php Modified includes/gateways/gateway.php Modified includes/theme-header.php Modified includes/sidebar-popular.php Modified includes/timthumb.php Modified includes/sidebar-comments.php Modified includes/theme-stats.php Modified includes/forms/step-functions.php Modified includes/theme-profile.php Modified includes/sidebar-contact.php Modified includes/admin/admin-addons.php Modified includes/admin/admin-options.php Modified includes/admin/admin-values.php Modified includes/admin/write-panel.php Modified includes/theme-functions.php Modified includes/theme-refine.php Modified classipress.po Modified sidebar-user.php Modified classipress.pot Modified changelog.txt Modified tpl-dashboard.php Modified style.css Modified |
