CMS Made Simple Forums

Thanks again, Jo. Please don't take my question/comments as a criticism. I understand the "situation" you all are in. I appreciate what you have done with CMSMadeSimple and I personally have learned a lot by using it to run our website.

Thank you. Could you outline how to filter those notifications?

I thought I was safe to suggest count would be a built-in: https://smarty-php.github.io/smarty/sta ... ier-count/

I have the following warning: Deprecated: Using unregistered function "count" in a template is deprecated and will be removed in a future release. Use Smarty::registerPlugin to explicitly register a custom modifier. in ... public_html/lib/smarty/sysplugins/smarty_internal_templatecompilerb...

I can confirm this bug is present in 2.2.20 which I just downloaded today 5/23/2024. Upgraded a fairly plain site from 2.2.19 to 2.2.20. Symptom: site does not load; only blank page is displayed. Exact same error as described above. With $config['debug'] = true; in config.php, it has become impossib...

Greetings Rolf. Yes, I am using 2.2.15. So when my host says they are going to upgrade it, I assume they meant they will upgrade just the phpmailer package. But that is scary if they upgrade it without regard for how it interacts with the rest of the CMSMS system...

Potentially a very dumb question. My host just emailed: Code injection vulnerability in PHPMailer /home/HOMEDIR/public_html/lib/phpmailer/class.phpmailer.php Is this code supplied with CMSMS? The host says they will "upgrade it for me" in 7 days if I don't do anything. Thank you for CMSMS!...

https://seclists.org/fulldisclosure/ and search for 2.2.15

Sorry, the person that pointed this out to me was actually pointing me to a different place than I thought. Maybe this will prove more helpful to the dev team. MS Made Simple - File upload bypass with .phar extension lead to RCE riccardo krauter (Mar 19) 1) Summary Affected software CMS Made Simple-...

You would know better than I. Total newb when it comes to things like that. I considered what you said prior to posting. I wondered if they meant this gave you RCE on the webhost's server, not to affect the website you already have admin access to, but to the server more broadly.

Someone just pointed this out to me: https://www.exploit-db.com/exploits/49345. Wondered if a fix is available. Vulnerability is present at "editusertag.php" at line #93 where the user input is in eval() PHP function. // Vulnerable eval() code if (eval('function testfunction'.rand().'() {'...

I have content structured like this: 7 Members 7.1 Login 7.2 Giving 7.3 Members Home If I put "Members" in the Find box in the upper right, it returns a number of valid possibilities, including Members (7) and Members Home (7.3) If I type "Login" in the Find box, it returns the o...

When I try to view the source code of frontendusers, cmsmadesimple.org reports Unable to find repository "frontendusers". svn checkout http://svn.cmsmadesimple.org/svn/frontendusers reports svn: E170013: Unable to connect to a repository at URL 'http://svn/cmsmadesimple.org/svn/frontenduse...

A. Thanks. B. This is mostly correct. There are a few refs to returnto in action.do_userchangesettings.php but that wasn't relevant to my case. C. I see returnto has no effect, even though I had used it. I modified the login template to have it redirect to where I want. D. I am not knowledgeable eno...

Running CMSMS 2.2.11. Having some problems with the new FEU. These questions will be a mix of technical "how to" questions and design questions. 1. This is my current login page: {if feu_smarty::get_current_userid()}{redirect_page page='parent-home'}{/if} <h1>Please log in to access more i...

This problem is solved. First, I backed up everything. Next, I uninstalled CustomContent (this was a VERY old module that I guess has been integrated into CMSMS core functionality with "Protected Content"). I just didn't notice all this time. Then I uninstalled FrontEndUsers, and reinstall...