I received an email this morning about a serious security flaw in phpLD 2.x. The flaw allows webmasters to submit html tags in the description and name fields. The problem is easily fixed using php’s strip_tags() function. Here is the fix, courtesy of After 5 Web Design:

1. Open:
   submit.php
2. Find:
   $data[’LAST_CHECKED’] = gmdate(’Y-m-d H:i:s’);
   $data[’DATE_ADDED’] = gmdate(’Y-m-d H:i:s’);
   $data[’DATE_MODIFIED’] = gmdate(’Y-m-d H:i:s’);
3. Add:
   $data[’DESCRIPTION’] = strip_tags($data[’DESCRIPTION’]);
   $data[’TITLE’] = strip_tags($data[’TITLE’]);
   $data[’OWNER_NAME’] = strip_tags($data[’OWNER_NAME’]);

Simple. Now that this is out in the open, you should expect spammers to try and expolit it. So I suggest you patch this up as soon as possible. I know Tim from After 5 Web Design has notified the phpLD team, and a patch should be out soon.