[development] jQuery 1.2 is released

Earnie Boyd earnie at users.sourceforge.net
Fri Sep 14 00:26:54 UTC 2007

Quoting Earl Miles <merlin at logrus.com>:

> By allowing uploaded files to be run as code, any minor bug in the 
> server or site software, anywhere, that could allow the uploading of 
> arbitrary files could then ovewrite code that is run; this could then 
> allow a much larger hack that could totally take over the site.

Uhm, the only one able to write to the files/jquery directory would be 
Administrative types that want to install a jQuery plugin.  Allowing 
others to do that would be ludicrous.  If this is such a big security 
issue then the image modules better be careful!!  This includes the 
avatar in the profile modules.

Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/

More information about the development mailing list