Serious XSS vulnerability (in v.0.94)

[Avram]

(REMOVED BY KLEMEN)

Nemanja, thanks for bringing this to my attention. I removed your post from here to avoid any misuse. This indeed seems to be an issue if the server is not configured to force mime headers properly, will have a look at it ASAP and post the results.

Regards,
Klemen

[Klemen]

This issue has been fixed. I strongly recommend anyone using Hesk 0.94 to update to 0.94.1. You can get it from here:
http://www.phpjunkyard.com/free-helpdesk-software.php

Update is quick and easy and you won't loose any current settings/tickets.

[Avram]

Thanks for quick reaction, will update ASAP

[Triblade]

But I do lose my custom header.txt for example.
Be carefull what you overwrite. (Luckely I saw it before overwriting)

[Klemen]

if you are upgrading from 0.94 you shouldn't lose the header.txt if you follow readme instructions

[DigiMon]

Thank you for the patch Klemen! The upgrade instructions in the readme file made it simple for me to upgrade without losing my customized Hesk. It literally took less than 5 minutes... awesome~!

[DigiMon]

Just FYI, I discovered a couple things that the upgrade did "break", but they were customizations to fields contained tickets that we talked about in the following posts (where you gave me the instructions):

viewtopic.php?p=5914&highlight=#5896

viewtopic.php?p=5914&highlight=#5909

Going to try to re-apply them shortly and see if they work again.

EDIT - applied the instructions again, works fine, you rock!

[Klemen]

Yeah, didn't include any other edits or anything with this release, just the patch. Fixes should still work, just line numbers can be different.

I will probably release a bigger update with new functionality in the next few months.