OpenDocMan v1.3.0 includes security fixes, bug fixes, and code cleanup. PHP extension pdo-mysql is now used for all database queries. All users are highly encouraged to upgrade. This update includes database modifications.
- Fix potential XSS exploit
- Fix potential SQL injection exploits
- Fix issue #186 – Don’t create file records until file upload is verified
- Fix issue #128 – Move from mysql_query() to PDO for SQL queries
- Removed the “secure url” admin setting since it was mis-leading and ineffective
- General code cleanup and refactoring. Removed un-used code. Removed un-used files.