Tiki is a web-based Groupware and content management system and uses an environment with PHP, ADOdb and smarty. The program is also known under the catchy name TikiWiki. The developers have released a new version in the Sirius series with 18.104.22.168 as the version number. Among other things, this fixes a security flaw in the tiki-graph_formula.php component as the announcement below informs us:
A security flaw have been found in one file, you should consider upgrading immediately, get the new 22.214.171.124 version on Sourceforge. It is important that you upgrade, as there have been known incidents due to this vulnerability.
Version 126.96.36.199 – security release:
- tiki-graph_formula.php: [FIX] Potential security injection
- tiki-login.php: [FIX] quickfix for double-slash in URL problem after logging in (SSL used, some servers/configs). Things are much neater in 1.10 and it should not need fix there.
- tiki-view_tracker.php: [FIX]tracker: monitoring tracker in another language tw1370
- lib/graph-engine/: core.php, graph.bar.php: Adding support for hooks during data display.
- lib/polls/polllib_shared.php: [FIX] when poll is removed, link of poll to object should also be removed
- lib/Galaxia/src/ProcessManager/ActivityManager.php: [FIX] Activity manager fixed so it now shows activities for new workflow installations.
- lib/Galaxia/src/ProcessManager/ProcessManager.php: [FIX] Galaxia now cleanly and correctly deletes processes (pear db call was not provided argument); resolves several issues.
- lib/graph-engine/: core.php, gd.php, graph.bar.php, pdflib.php, ps.php: Adding image map generation in GD based graphics