0.12.2 Released! Please READ!

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

0.12.2 Released! Please READ!

Post by Ted »

Today it was brought to my attention that there is a serious security flaw in FCKeditor.  Without giving too many details, let's just say that it's a pretty bad one and could possibly comprimise your system.

Please upgrade to 0.12.2 as soon as possible!

There is a diff package available for quick upgrades.  Or if you really want to be quick, replace the file modules/FCKeditorX/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php with this one:
http://svn.cmsmadesimple.org/svn/cmsmad ... nector.php

I've also released 0.13beta4 to combat this problem as well.

If you are running an older version and are unsure if you want to upgrade, please contact me via the forum and I'll help you get your system patched.

Thanks so much for your patience and get the word out!


To Translators:  Please copy this message to the language forums.  Thanks!
Last edited by Ted on Wed May 10, 2006 5:20 pm, edited 1 time in total.
MichaelK

Re: 0.12.2 Released! Please READ!

Post by MichaelK »

Can I update version 0.12 and 0.11.1 with an new version of FCKeditor?
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

You can copy over the file as described above for the 0.12 version.  For 0.11.1, it would be safer to make the change by hand.

Open up the file above in a text editor.

Add:

Code: Select all

require_once(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))))) . '/include.php');
check_login();
right after the first set of comments.

It'll look like this:

Code: Select all

<?php 
/*
 * FCKeditor - The text editor for internet
 * Copyright (C) 2003-2005 Frederico Caldeira Knabben
 * 
 * Licensed under the terms of the GNU Lesser General Public License:
 * 		http://www.opensource.org/licenses/lgpl-license.php
 * 
 * For further information visit:
 * 		http://www.fckeditor.net/
 * 
 * "Support Open Source software. What about a donation today?"
 * 
 * File Name: connector.php
 * 	This is the File Manager Connector for PHP.
 * 
 * File Authors:
 * 		Frederico Caldeira Knabben (fredck@fckeditor.net)
 */

require_once(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))))) . '/include.php');
check_login();

include('config.php') ;
include('util.php') ;
include('io.php') ;
include('basexml.php') ;
include('commands.php') ;
MichaelK

Re: 0.12.2 Released! Please READ!

Post by MichaelK »

Thank you !!!!!  :)

It works great with this php code for older cms versions!!  ;D
Mesmer

Re: 0.12.2 Released! Please READ!

Post by Mesmer »

do I have to run upgrade.php while upgrading from 12.1 to 12.2?
cyberman

Re: 0.12.2 Released! Please READ!

Post by cyberman »

Ted wrote: Please upgrade to 0.12.2 as soon as possible!
Or switch to TinyMCE  ;D ...
To Translators:  Please copy this message to the language forums.
Done!
cyberman

Re: 0.12.2 Released! Please READ!

Post by cyberman »

Mesmer wrote: do I have to run upgrade.php while upgrading from 12.1 to 12.2?
No.
jade22113

Re: 0.12.2 Released! Please READ!

Post by jade22113 »

I just copied the files of 12.2 over my old 11.x installation.

Now it says 13 beta-4 on my site. Is that intended?

Regards...Jan
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

cyberman wrote:
Mesmer wrote: do I have to run upgrade.php while upgrading from 12.1 to 12.2?
No.
Well, if you use the diff package, then no.  If you download the full thing and copy it over 0.12.1, then yes (or it'll say your site is down).
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

jade22113 wrote: I just copied the files of 12.2 over my old 11.x installation.

Now it says 13 beta-4 on my site. Is that intended?

Regards...Jan
Umm.  No.  I hope I didn't package the file wrong.
jade22113

Re: 0.12.2 Released! Please READ!

Post by jade22113 »

Umm.  No.  I hope I didn't package the file wrong.
If you have time, please check and let me know if it was a mistake on my side...

Regards...Jan
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

No, I'm a total idiot.  I packaged up the trunk instead of the 0.12.2 that I made.  I was rushing around and it screwed me up.

The files are corrected.

Please look at your site, as it's now running 0.13beta4.  If it's giving you a problem, please contact me.  I'll help you revert back to 0.12.2 if necessary.  At least beta4 is pretty stable.  But it wasn't intended.

Sorry once again and thanks for bringing it to my attention.
jade22113

Re: 0.12.2 Released! Please READ!

Post by jade22113 »

No problem...Thanks for the info. Lookimg forward to 13 stable  ;)

Cheers...Jan
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: 0.12.2 Released! Please READ!

Post by Ted »

Well, on the bright side, you pretty much have it now.  :)

Thanks
stefan

Re: 0.12.2 Released! Please READ!

Post by stefan »

Ted wrote: Today it was brought to my attention that there is a serious security flaw in FCKeditor.  Without giving too many details, let's just say that it's a pretty bad one and could possibly comprimise your system.
Can I find more information on this security flaw? I would like to fix it for TinyMCE, which also uses the same filebrowser as plugin and is probably also affected.
Post Reply

Return to “Announcements”