CMS Made Simple 1.0.6 Released!
CMS Made Simple 1.0.6 Released!
Hey all,
1.0.6 is released and is a critical update. It's explained in the blog posting.
Please, please, please take the required precautions to patch this flaw.
http://blog.cmsmadesimple.org/2007/04/2 ... -released/
Thanks, and sorry for the brevity. Emergency releases are a bit stressful.
1.0.6 is released and is a critical update. It's explained in the blog posting.
Please, please, please take the required precautions to patch this flaw.
http://blog.cmsmadesimple.org/2007/04/2 ... -released/
Thanks, and sorry for the brevity. Emergency releases are a bit stressful.
Re: CMS Made Simple 1.0.6 Released!
Is it correct that there isnt an install/upgrade.php
but you only need to override all files?
but you only need to override all files?
Re: CMS Made Simple 1.0.6 Released!
Correct. If it's just the diff version, you just have to overwrite all the files with the new ones.
Re: CMS Made Simple 1.0.6 Released!
whew... i did the upgrade from 1.05 to 1.06 using the diff version and i was concerned that it didn't seem to update the database. glad you guys were already talking about it... lol
Re: CMS Made Simple 1.0.6 Released!
BTW, for the 0.13 users that might be out there still, I sent this to someone via email.
Search for:
$sql="SELECT c.css_text,c.css_id FROM ".$config['db_prefix']."css
c,".$config['db_prefix']."css_assoc ac WHERE ac.assoc_type='template'
AND ac.assoc_to_id = $templateid AND ac.assoc_css_id = c.css_id AND
c.media_type = '" . mysql_real_escape_string($mediatype, $db) . "'";
Change to:
$sql="SELECT c.css_text,c.css_id FROM ".$config['db_prefix']."css
c,".$config['db_prefix']."css_assoc ac WHERE ac.assoc_type='template'
AND ac.assoc_to_id = " . $db->qstr($templateid) . " AND
ac.assoc_css_id = c.css_id AND c.media_type = '" .
mysql_real_escape_string($mediatype, $db) . "'";
Then search for:
$sql="SELECT c.css_text,c.css_id FROM ".$config['db_prefix']."css
c,".$config['db_prefix']."css_assoc ac WHERE ac.assoc_type='template'
AND ac.assoc_to_id = $templateid AND ac.assoc_css_id = c.css_id AND
c.media_type = '" . pg_escape_string($mediatype) . "'";
Change to:
$sql="SELECT c.css_text,c.css_id FROM ".$config['db_prefix']."css
c,".$config['db_prefix']."css_assoc ac WHERE ac.assoc_type='template'
AND ac.assoc_to_id = " . $db->qstr($templateid) . " AND
ac.assoc_css_id = c.css_id AND c.media_type = '" .
pg_escape_string($mediatype) . "'";
Both of thses changes are in stylesheet.php
Re: CMS Made Simple 1.0.6 Released!
Thanks Ted. New user, great CMS, thanks for making it available. Upgraded to 1.0.6.
Regards
Ozbob
Regards
Ozbob
Re: CMS Made Simple 1.0.6 Released!
If I'm comparing current stylesheet.php and CMSms 0.13 stylesheet.php I see that current version is more adodb specific (yes, I'm try to learn ).Ted wrote: BTW, for the 0.13 users that might be out there still,
Do you have an overview how much current default CMSms is adodb specified (maybe in percent)?
Background of my question is following:
If I have a ful adodbized cmsms I can use all adodb supported databases ... if that's not the goal we should use PDO with version 2.0 instead cause adodb eats too much resources (only for supporting postgres, mysql and sqlite). In german we said - it's like to shot with a cannon to sparrows.
PDO comes with every default php5.2 install. And step to version 2.0 is too big - we need a migrating script for 1.0.x content, wether we use adodb or pdo.
Re: CMS Made Simple 1.0.6 Released!
CMSMS is pretty much 100% adodb. Stylesheet.php had some non-adodb stuff that was submitted as a patch, but that's pretty much the only thing... and honestly was the part that had the security hole fixed in 1.0.6.
Anyways, convinced about PDO being the right way to go, I went off and did some research. This research was then backed up by a little test suite that ThomasM from irc quickly created.
The difference isn't enough to justify the change. It's a matter of where the memory hit happens. In the case of adodb, you get a 350k memory hit up front by loading the library. PDO doesn't take that hit... but instead uses more memory in a result set instead. Basically, in our tests of larger datasets, the memory and speed differences were negigable.
Normally, I would say, great let's do it anyway... except for 2 issues...
1. 2.0 is seriously behind schedule already and rewriting every database call would be a killer.
2. At least at this point, most modules will work with little to no changes. Making this change globally would basically invalidate every bit of module code out there.
If the memory usage was seriously lower, then I would gone ahead with it. But I just can't justify it at this point. CMSMS 2.0 is sitting at about 4.1-4.2 megs per page view with no modules. With default modules, it's in the upper 5's. I think this is going to be as good as it gets without seriously cripping the software, which I won't do. The 8M limit is archaic anyway.
As for the upgrade, yes, it will be a separate script. It'll just be too big of a procedure to justify distributing it with all new installs.
Anyways, convinced about PDO being the right way to go, I went off and did some research. This research was then backed up by a little test suite that ThomasM from irc quickly created.
The difference isn't enough to justify the change. It's a matter of where the memory hit happens. In the case of adodb, you get a 350k memory hit up front by loading the library. PDO doesn't take that hit... but instead uses more memory in a result set instead. Basically, in our tests of larger datasets, the memory and speed differences were negigable.
Normally, I would say, great let's do it anyway... except for 2 issues...
1. 2.0 is seriously behind schedule already and rewriting every database call would be a killer.
2. At least at this point, most modules will work with little to no changes. Making this change globally would basically invalidate every bit of module code out there.
If the memory usage was seriously lower, then I would gone ahead with it. But I just can't justify it at this point. CMSMS 2.0 is sitting at about 4.1-4.2 megs per page view with no modules. With default modules, it's in the upper 5's. I think this is going to be as good as it gets without seriously cripping the software, which I won't do. The 8M limit is archaic anyway.
As for the upgrade, yes, it will be a separate script. It'll just be too big of a procedure to justify distributing it with all new installs.
Re: CMS Made Simple 1.0.6 Released!
Hi Ted,
thank you much for this detailed posting. Thanks too to ThomasM from irc .
If I read at adodb website I found that I can access all supported databases. I have only to change the type of database.
But now comes the big question for me - if it's so easy why does CMSms not support all adodb supported databases?
thank you much for this detailed posting. Thanks too to ThomasM from irc .
As I've said I'm trying to learn php understand database layer system.Ted wrote: CMSMS is pretty much 100% adodb.
If I read at adodb website I found that I can access all supported databases. I have only to change the type of database.
But now comes the big question for me - if it's so easy why does CMSms not support all adodb supported databases?
Re: [CMS Made Simple 1.0.6 Released!] LOST CONTACT
well i lost contact with my site after overwriting the files.Signex wrote: Is it correct that there isnt an install/upgrade.php
but you only need to override all files?
no matter is i try to get index.php or admin/index.php, i get the same (random?) page...
so anyone a hint as how to proceed?
thanks!
Floris
Re: CMS Made Simple 1.0.6 Released!
Make sure all files got properly overwritten, check the webserver logs for PHP errors and start a new topic in the Installation Help forum, providing more information.klankschap wrote: well i lost contact with my site after overwriting the files.
no matter is i try to get index.php or admin/index.php, i get the same (random?) page...
so anyone a hint as how to proceed?
thanks!
Floris
Regards,
D
Last edited by Anonymous on Sun Apr 29, 2007 1:27 pm, edited 1 time in total.
Re: CMS Made Simple 1.0.6 Released!
Hi.
Upgraded from 1.0.5 > 1.0.6 using the diff files. Site looks ok BUT without the menu in the front-end. In the admin interface the menu module is not visible (only templates, stylesheets ans theme manager under layout; see attachment 1). When I click on extensions>modules and mouse-over the layout, the menu manager link is visible. Clicking on it opens a page with an error (see attachment 2).
Ondra
[gelöscht durch Administrator]
Upgraded from 1.0.5 > 1.0.6 using the diff files. Site looks ok BUT without the menu in the front-end. In the admin interface the menu module is not visible (only templates, stylesheets ans theme manager under layout; see attachment 1). When I click on extensions>modules and mouse-over the layout, the menu manager link is visible. Clicking on it opens a page with an error (see attachment 2).
Ondra
[gelöscht durch Administrator]
Re: CMS Made Simple 1.0.6 Released!
Any ideas how to fix 1.02 stylesheet.php? I just tried to replace the file with the 1.06 file, but it breaks the front-end (no CSS). I can't upgrade the whole site since 1.04 and 1.05 had serious permissions issues with my host. I would just like to fix the SQL hole and that's it. For other sites and future ones I'll use 1.06 but I'd like to fix this single 1.02 installation. Any ideas? Thanks.
Re: CMS Made Simple 1.0.6 Released!
This post is the solution to the problem: http://forum.cmsmadesimple.org/index.php/topic,11727.0.htmlkotecky wrote: Hi.
Upgraded from 1.0.5 > 1.0.6 using the diff files. Site looks ok BUT without the menu in the front-end. In the admin interface the menu module is not visible (only templates, stylesheets ans theme manager under layout; see attachment 1). When I click on extensions>modules and mouse-over the layout, the menu manager link is visible. Clicking on it opens a page with an error (see attachment 2).
Ondra