From LifeType Wiki
Release notes for Lifetype 1.2.10
Lifetype 1.2.10 is another security release in the 1.2 series. The most important part of this release is the fix that disallows uploads that have blacklisted extensions in the middle of the filename, ex. test.php.txt, or test.php;txt, as Apache and IIS allow those files (respectively) to be executed as php code(!).
We've also fixed support for PHP5 (the infamous static bug) as well as continuing to support PHP4 (hopefully that'll go away soon...)
There are other features and bug fixes that were added along the way.
See the complete changelog for full details.
These are the links to the full Lifetype 1.2.10 packages:
If upgrading from Lifetype 1.2.9, there are packages available which only include new or modified files and will allow you to upgrade from Lifetype 1.2.9 only. These packages can not be used to upgrade from 1.1.x or any other 1.2.x release:
Not much to say here for this release, just go ahead and download it, since it contains the previously mentioned important security fix, and also one XSS that slipped by in the last release.
NOTE: If you are still running php4, make sure to check out this bug report to avoid a menutabs error in the administration section.
Title fixes: better SEO support and the page number is now included when on subsequent pages
New smarty plugins for easier coding: break and continue
Audio file upload support was broken recently, and was fixed in this release.
The complete list of issues fixed in this release, extracted from the project's bug tracking system
Passive XSS in link adding section
Possible to upload php file in IIS
Possible to upload php file in Apache
Newer versions of PHP causes static vs. non-static issues
Change pageTitle for SEO reasons
Break and Continue for SMARTY
Problem with the <title> when using the pager
Divide by zero is possible in _calcProb of bayesiantokens.class
Full path disclosure
Cannot insert audio
The "EVENT_POST_RESOURCE_DELETE" is missing