posted on by

[Security Risk] Add this fix asap

Filed under Free Themes, Hacks, Themes
6

There is an XSS vulnerability in SWIFT, replace the search.php file with this search.php.

In case if you are using version less than 2.1.4, or If you don’t want to lose the customization you did find this in <?php echo $_GET['s']; ?> search.php  and replace it with (There are 2 occurences)

Even if you are not a swift user you should check your theme for the following vulnerability and fix it ASAP.
Search for something like this in your theme’s PHP files:

and replace with

Note: This vulnerability is taken care in version 3.1.7, so you dont have to do any modifications.

Thanks to Rene Schmidt for reporting this vulnerability.

Tagged with  
, ,

6 thoughts on “[Security Risk] Add this fix asap

  1. January 2, 2010 at 10:26 AM
    Tim Nicholson says:
    Thanks so much for this tip. I just fixed this in my custom theme. Also, those with custom themes should also replace any references to $_REQUEST['s']
    Reply
  2. October 20, 2009 at 6:02 PM
    Rosyidi says:
    Still Waiting for Swift Themes new Update...  :)
    Reply
  3. October 13, 2009 at 11:50 AM
    navjotjsingh says:
    Thanks for the report, just fixed.
    Reply
  4. October 13, 2009 at 7:42 AM
    Robomaster says:
    Okay, I'm having another problem - I inserted some BidVertiser code into the appropriate section in the "Swift Theme Options" page under "Adsense Ads." The ad is displayed fine, but the background behind the ad is a quite ugly blue that most certainly doesn't fit the background of my template. How can I change it to be the same background as the rest of the template?
    Reply
  5. October 12, 2009 at 5:16 PM
    willy says:
    thanks satish
    Reply
  6. October 12, 2009 at 12:59 PM
    When the genius is out for lunch » Beitrag » Rene Schmidt Freelancer says:
    [...] Theme has been updated. See SwiftThemes.com for more [...]
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>