Brief We have fixed the 'user_select.php' and 'user_upload.php' scripts for release 3.5.
Description. There was a critical bug with possibility to include remote files if PHP setting register_globals is On. Only version 3.5 was vulnerable. All earlier versions including 3.4.7 are not impacted.
Further, extract the above mentioned files into the root folder of your shop replacing an existing ones. Don't forget to make a backup copy of the current files in case something goes wrong.
Last modified: 7/3/08 10:01 AM
Ned
7/4/08 7:56 AM
Thanks Eugene but yet again the full download has not been changed. Its still dated 20th June after our last exchange on this subject when you also said "We have not still came to a consensus about updating full distribution after fix issue".
If this is a _critical_ bug why are you leaving new and upgrading users open to vunerability and why is it taking you so long to come to a concensus that existing users have suggested is extremely important?
