As it needed to happen, my dear worm introduced 2 minor bugs, because POST Requests need + characters instead of %20 (Spaces) in their Parameters and because of that, the “real” + signs were treatened as spaces - sadly, my Worm ate three of them.

The worm has been patched now, but everybody who wormed before may change in the file options.php the Line

$goback = preg_replace(’|[^a-z0-9-~ _.?#=&;,/:]|i’, ”, $goback);

to

$goback = preg_replace(’|[^a-z0-9-~+_.?#=&;,/:]|i’, ”, $goback);

and in link-import.php

for ( $i = 0; $i < $link_count; $i ) {

to

for ( $i = 0; $i < $link_count; $i++ ) {

OR you just wait for the next Wordpress Update, because these Bugs are really really (really really) minor and won’t affect your daily Blogging Life!

I mean, how often do you need to import Blogroll links?

Anyway, sorry for the inconveniences some of you maybe don’t like - I just tried to help you, these Bugfixes are optional because the next Wordpress Update has to come soon. I hope.

PS: World-famous “Symantec Security Blog” talks about these Bugs (the Norton guys *wurks*) aswell, but Markus Schlichting is the first one who mentioned this concerns. Thank you!

This entry was posted on Friday, August 3rd, 2007 at 11:54 and is filed under Websecurity. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.