PivotX 2.3.11
23 June 2015
PivotX version 2.3.11 is now available (security release).
Upgrading to PivotX 2.3.11
PivotX 2.3.11 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply PivotX updates as new versions are released, or use Installatron's Clone feature to duplicate an existing PivotX install to test the 2.3.11 upgrade prior to applying it live. Get started managing your PivotX installations with Installatron
What's New in PivotX 2.3.11
Security:
- Bug- / security-fix in getPivotxURL().
- No longer restore PHP session via session-id passing in url as it is insecure. (Partly reverting rev 3179.)
- Properly escape user-controlled variables in the file explorer.
- Escaping some user controlled variables.
- Escape usage of PHP_SELF in form action.
Other bug fixes:
- Now calling htmlspecialchars with ENT_QUOTES.
- Using absolute paths everywhere in the head.
- Bug fix in check of allowed file extensions.
- Fixing some warnings / notices, for newer PHP versions.
- Moblog fixes - debugging and handling of mails with images from the default iphone mail app.