0.12.2 Released! Please READ!
0.12.2 Released! Please READ!
Today it was brought to my attention that there is a serious security flaw in FCKeditor. Without giving too many details, let's just say that it's a pretty bad one and could possibly comprimise your system.
Please upgrade to 0.12.2 as soon as possible!
There is a diff package available for quick upgrades. Or if you really want to be quick, replace the file modules/FCKeditorX/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php with this one:
http://svn.cmsmadesimple.org/svn/cmsmad ... nector.php
I've also released 0.13beta4 to combat this problem as well.
If you are running an older version and are unsure if you want to upgrade, please contact me via the forum and I'll help you get your system patched.
Thanks so much for your patience and get the word out!
To Translators: Please copy this message to the language forums. Thanks!
Please upgrade to 0.12.2 as soon as possible!
There is a diff package available for quick upgrades. Or if you really want to be quick, replace the file modules/FCKeditorX/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php with this one:
http://svn.cmsmadesimple.org/svn/cmsmad ... nector.php
I've also released 0.13beta4 to combat this problem as well.
If you are running an older version and are unsure if you want to upgrade, please contact me via the forum and I'll help you get your system patched.
Thanks so much for your patience and get the word out!
To Translators: Please copy this message to the language forums. Thanks!
Last edited by Ted on Wed May 10, 2006 5:20 pm, edited 1 time in total.
Re: 0.12.2 Released! Please READ!
Can I update version 0.12 and 0.11.1 with an new version of FCKeditor?
Re: 0.12.2 Released! Please READ!
You can copy over the file as described above for the 0.12 version. For 0.11.1, it would be safer to make the change by hand.
Open up the file above in a text editor.
Add:
right after the first set of comments.
It'll look like this:
Open up the file above in a text editor.
Add:
Code: Select all
require_once(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))))) . '/include.php');
check_login();
It'll look like this:
Code: Select all
<?php
/*
* FCKeditor - The text editor for internet
* Copyright (C) 2003-2005 Frederico Caldeira Knabben
*
* Licensed under the terms of the GNU Lesser General Public License:
* http://www.opensource.org/licenses/lgpl-license.php
*
* For further information visit:
* http://www.fckeditor.net/
*
* "Support Open Source software. What about a donation today?"
*
* File Name: connector.php
* This is the File Manager Connector for PHP.
*
* File Authors:
* Frederico Caldeira Knabben (fredck@fckeditor.net)
*/
require_once(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))))) . '/include.php');
check_login();
include('config.php') ;
include('util.php') ;
include('io.php') ;
include('basexml.php') ;
include('commands.php') ;
Re: 0.12.2 Released! Please READ!
Thank you !!!!!
It works great with this php code for older cms versions!!
It works great with this php code for older cms versions!!
Re: 0.12.2 Released! Please READ!
do I have to run upgrade.php while upgrading from 12.1 to 12.2?
Re: 0.12.2 Released! Please READ!
Or switch to TinyMCE ...Ted wrote: Please upgrade to 0.12.2 as soon as possible!
Done!To Translators: Please copy this message to the language forums.
Re: 0.12.2 Released! Please READ!
No.Mesmer wrote: do I have to run upgrade.php while upgrading from 12.1 to 12.2?
Re: 0.12.2 Released! Please READ!
I just copied the files of 12.2 over my old 11.x installation.
Now it says 13 beta-4 on my site. Is that intended?
Regards...Jan
Now it says 13 beta-4 on my site. Is that intended?
Regards...Jan
Re: 0.12.2 Released! Please READ!
Well, if you use the diff package, then no. If you download the full thing and copy it over 0.12.1, then yes (or it'll say your site is down).cyberman wrote:No.Mesmer wrote: do I have to run upgrade.php while upgrading from 12.1 to 12.2?
Re: 0.12.2 Released! Please READ!
Umm. No. I hope I didn't package the file wrong.jade22113 wrote: I just copied the files of 12.2 over my old 11.x installation.
Now it says 13 beta-4 on my site. Is that intended?
Regards...Jan
Re: 0.12.2 Released! Please READ!
Umm. No. I hope I didn't package the file wrong.
If you have time, please check and let me know if it was a mistake on my side...
Regards...Jan
Re: 0.12.2 Released! Please READ!
No, I'm a total idiot. I packaged up the trunk instead of the 0.12.2 that I made. I was rushing around and it screwed me up.
The files are corrected.
Please look at your site, as it's now running 0.13beta4. If it's giving you a problem, please contact me. I'll help you revert back to 0.12.2 if necessary. At least beta4 is pretty stable. But it wasn't intended.
Sorry once again and thanks for bringing it to my attention.
The files are corrected.
Please look at your site, as it's now running 0.13beta4. If it's giving you a problem, please contact me. I'll help you revert back to 0.12.2 if necessary. At least beta4 is pretty stable. But it wasn't intended.
Sorry once again and thanks for bringing it to my attention.
Re: 0.12.2 Released! Please READ!
No problem...Thanks for the info. Lookimg forward to 13 stable
Cheers...Jan
Cheers...Jan
Re: 0.12.2 Released! Please READ!
Well, on the bright side, you pretty much have it now.
Thanks
Thanks
Re: 0.12.2 Released! Please READ!
Can I find more information on this security flaw? I would like to fix it for TinyMCE, which also uses the same filebrowser as plugin and is probably also affected.Ted wrote: Today it was brought to my attention that there is a serious security flaw in FCKeditor. Without giving too many details, let's just say that it's a pretty bad one and could possibly comprimise your system.