PKP Bugzilla – Bug 5563
Plugin management functions not authenticated
Last modified: 2010-08-10 13:34:20 PDT
We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.
Perform audit of validation methods in plugin management handler.
Created attachment 3137 [details]
Patch against Harvester 2.3.0 and above
Created attachment 3138 [details]
Patch against OCS 2.3.0 and above
Created attachment 3139 [details]
Patch against OJS 2.3.0 and above
All changes pushed to official.
This bug should be considered a serious security risk. It affects the following releases:
It can be corrected by upgrading to OJS 2.3.2, OCS 2.3.3, and OHS (nee Harvester) 2.3.1, or by applying the patches attached to this entry using the GNU patch tool. See http://en.wikipedia.org/wiki/Patch_%28Unix%29 for details on the patch tool.