There is an XSS vulnerability in SWIFT, replace the search.php file with this search.php.
In case if you are using version less than 2.1.4, or If you don’t want to lose the customization you did find this in <?php echo $_GET[‘s’]; ?> search.php and replace it with (There are 2 occurences)
[php]<?php the_search_query(); ?>[/php]
Even if you are not a swift user you should check your theme for the following vulnerability and fix it ASAP.
Search for something like this in your theme’s PHP files:
[php]Search results for "<?php echo $_GET[‘s’]; ?>"[/php]
and replace with
[php]Search results for "<?php the_search_query(); ?>"[/php]
Note: This vulnerability is taken care in version 3.1.7, so you dont have to do any modifications.
Thanks to Rene Schmidt for reporting this vulnerability.
Thanks so much for this tip. I just fixed this in my custom theme. Also, those with custom themes should also replace any references to $_REQUEST[‘s’]
Still Waiting for Swift Themes new Update… 🙂
Thanks for the report, just fixed.
Okay, I’m having another problem – I inserted some BidVertiser code into the appropriate section in the “Swift Theme Options” page under “Adsense Ads.”
The ad is displayed fine, but the background behind the ad is a quite ugly blue that most certainly doesn’t fit the background of my template. How can I change it to be the same background as the rest of the template?
thanks satish