On August 16th, 2011, ClassiPress 3.1.4 (our classified theme) was released. This is a very important security release to primarily fix the TimThumb image resizer exploit. You can also read more about this on our blog. Upgrading is highly recommended ASAP. Fixed 6 tickets total. A breakdown of tickets can be found below.
To download v3.1.4, visit AppThemes and login to your customer account. Existing customers can download the patch or the full version.
- updated TimThumb script to the latest version to fix security exploit hole
- escaped multiple variables and sql statements to further harden theme security
- changed home page to use home_url() instead of bloginfo(‘url’) as the href
- adjusted style to work better when no images option is enabled and also updated tooltip
- improved performance by replacing multiple direct queries with single WordPress API calls
single-ad_listing.php Modified tpl-add-new-confirm.php Modified tpl-edit-item.php Modified includes/sidebar-gmap.php Modified includes/gateways/process.php Modified includes/gateways/paypal/ipn.php Modified includes/gateways/paypal/paypal.php Modified includes/gateways/gateway.php Modified includes/theme-header.php Modified includes/sidebar-popular.php Modified includes/timthumb.php Modified includes/sidebar-comments.php Modified includes/theme-stats.php Modified includes/forms/step-functions.php Modified includes/theme-profile.php Modified includes/sidebar-contact.php Modified includes/admin/admin-addons.php Modified includes/admin/admin-options.php Modified includes/admin/admin-values.php Modified includes/admin/write-panel.php Modified includes/theme-functions.php Modified includes/theme-refine.php Modified classipress.po Modified sidebar-user.php Modified classipress.pot Modified changelog.txt Modified tpl-dashboard.php Modified style.css Modified