Comments on: Movable Type Security Bug

By: Annna1987

Annna1987 — Fri, 26 Feb 2010 08:31:00 +0000

orDOhT In this book you can find some helpful tip that can be used daily. It open our eyes to presently happening and how to deal with them.

By: Zack

Zack — Sun, 16 Dec 2007 03:10:24 +0000

Lily: It was fixed in version 3.34.

By: Lily

Lily — Sat, 08 Dec 2007 05:32:03 +0000

Has this bug still not been dealt with ?

By: prepagate

prepagate — Wed, 20 Jun 2007 15:03:11 +0000

If you have a custom installation as me and still using 3.3 you should also add MTCommentAuthorLink sanitize=”1” to your templates.

By: JIRA: IT

JIRA: IT — Wed, 21 Feb 2007 16:37:39 +0000

[IT-26] Movable Type is out of date

null According to the front pages of Nature blogs, they’re still “powered by Movable Type 3.2″. If this is really the case, they need to be upgraded as soon as possible, as old versions of Movable Type have numerous security vulnerabilities that leave…

By: Zack

Zack — Mon, 08 Jan 2007 00:01:43 +0000

Jacques: You are probably correct.

Six Apart have fixed this bug in their latest beta.

By: Musings

Musings — Sat, 06 Jan 2007 06:54:10 +0000

Full Disclosure

A serious MovableType security vulnerability.

By: Jacques Distler

Jacques Distler — Fri, 05 Jan 2007 23:42:01 +0000

It looks like the sanitize function is completely disabled when you disable the nofollow plugin as it isn’t sanitizing my entry text either.

I don’t believe your entry text ever got sanitized. Presumably, you (the blog owner) can be trusted.