A minor security vulnerability has been found which leads to path disclosure.
To fix this:
In includes/paging.php
find
$this->page = $page;
$this->perpage = $perpage;
$this->num_rows_all = $num_rows_all;
if (!isset($this->page) || !intval($this->page)) {
$this->page = 1;
}
if (!$this->num_rows_all) {
and replace with
$this->page = intval($page);
$this->perpage = intval($perpage);
$this->num_rows_all = intval($num_rows_all);
if ($this->page <= 0) {
$this->page = 1;
}
if ($this->perpage <= 0) {
$this->perpage = 1;
}
if ($this->num_rows_all <= 0) {