[Security Risk] Add this fix asap

There is an XSS vulnerability in SWIFT, replace the search.php file with this search.php.

In case if you are using version less than 2.1.4, or If you don’t want to lose the customization you did find this in <?php echo $_GET[‘s’]; ?> search.php  and replace it with (There are 2 occurences)

[php]<?php the_search_query(); ?>[/php]

Even if you are not a swift user you should check your theme for the following vulnerability and fix it ASAP.
Search for something like this in your theme’s PHP files:

[php]Search results for "<?php echo $_GET[‘s’]; ?>"[/php]

and replace with

[php]Search results for "<?php the_search_query(); ?>"[/php]

Note: This vulnerability is taken care in version 3.1.7, so you dont have to do any modifications.

Thanks to Rene Schmidt for reporting this vulnerability.

6 Replies to “[Security Risk] Add this fix asap”

  1. Okay, I’m having another problem – I inserted some BidVertiser code into the appropriate section in the “Swift Theme Options” page under “Adsense Ads.”

    The ad is displayed fine, but the background behind the ad is a quite ugly blue that most certainly doesn’t fit the background of my template. How can I change it to be the same background as the rest of the template?

  2. Pingback: When the genius is out for lunch » Beitrag » Rene Schmidt Freelancer

Leave a Reply

Your email address will not be published. Required fields are marked *