[SECURITY] playSMS 1.0-beta1

This version fix the CSRF exploit reported here:

Along with the fix there are also several bug fixes and enhancements.

Download playSMS version 1.0-beta1 here:

Here are the complete change log for 1.0-beta1:

  • MAJOR: add core_call_hook(), utilizing debug_backtrace() to replace the way functions call hooking plugin’s functions
  • MAJOR: user_incoming and all_incoming now only shows SMS with matched keyword, or handled SMS
  • MAJOR: fix #155 SECURITY HOLE, CSRF exploit
  • remove default timezone and language from database, tblUser
  • add an option to allow/disallow regular user access to sms_command
  • add dlr-storage=internal and mo-recode=true, and a few other changes in contrib/kannel/kannel.conf
  • add ta=SX webservices handler for retrieving sandbox messages
  • add DB DSN options
  • add new language Russian ru_RU (dvoryanchikov)
  • update catalan language ca_ES (aseques)
  • update inluded php-db to version 1.7.14
  • update to try to limit browser zoom, viewer should not be able to zoom/scale
  • use sendsms() and remove sendsms_bc() while sending SMS, the goal was to remove duplicated entries when user send to group and numbers that actually already included in group
  • fix #100 1 contact in multiple group, also major changes on the backend
  • fix #119 missing phonebook edit
  • fix #127 queuelog entries should be removable
  • fix #128 add webservices method ta=set_token to update webservices token
  • fix #129 remove smsc=default, kannel gateway, users might miss this when debugging
  • fix #137 add new admin menu, sandbox, since now all incoming sms and user incoming sms only shown handled SMS
  • fix #146 security fix: prevent use of special characters such as ; or / (dvoryanchikov)
  • fix #147 fixes in localization (dvoryanchikov)
  • fix #148 fix duplication of search results at send_sms page (dvoryanchikov)
  • fix #151 email field length in user_pref too short, and possibly in other places as well

Discuss this here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s