PostedOctober 19, 2006
I received an email this morning about a serious security flaw in phpLD 2.x. The flaw allows webmasters to submit html tags in the description and name fields. The problem is easily fixed using php’s strip_tags() function. Here is the fix, courtesy of After 5 Web Design:
Simple. Now that this is out in the open, you should expect spammers to try and expolit it. So I suggest you patch this up as soon as possible. I know Tim from After 5 Web Design has notified the phpLD team, and a patch should be out soon.