"Kevin Walsh" <suppressed> writes: > Doug Alcorn suppressed wrote: >> I applied the patch and it half-way works. It >> prevents the interpreting of the variable in the main >> body; however, the page still has the interpreted >> variable in the page title. >> > You are probably using @@MV_PREV_PAGE@@ instead of [subject] in > parts of your missing.html. Either correct it to use [subject] or > upgrade to a version of Interchange that will trap attempts to exploit > the problems. I suggest doing both. > > @@MV_PREV_PAGE@@ was patched some time ago. A new version to cover > [subject] will be released soon. It was about to be released anyway. I don't doubt what you say, I'm just having a hard time figuring out what to do about it. I'm running Interchange 5.0.0-1 from Racke's personal debian archive. I did a grep MV_PREV_PAGE in my catalog's pages directory with no hits. What else can I change? __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.