• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 31 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 4:43 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jun 11, 2004 6:58 pm
Posts: 3332
Location: Fairless Hills, Pa USA
Today it was brought to my attention that there is a serious security flaw in FCKeditor.  Without giving too many details, let's just say that it's a pretty bad one and could possibly comprimise your system.

Please upgrade to 0.12.2 as soon as possible!

There is a diff package available for quick upgrades.  Or if you really want to be quick, replace the file modules/FCKeditorX/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php with this one:
http://svn.cmsmadesimple.org/svn/cmsmad ... nector.php

I've also released 0.13beta4 to combat this problem as well.

If you are running an older version and are unsure if you want to upgrade, please contact me via the forum and I'll help you get your system patched.

Thanks so much for your patience and get the word out!


To Translators:  Please copy this message to the language forums.  Thanks!

_________________
http://about.me/tedkulp


Last edited by Ted on Wed May 10, 2006 5:20 pm, edited 1 time in total.

Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 5:07 pm 
Can I update version 0.12 and 0.11.1 with an new version of FCKeditor?


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 5:17 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jun 11, 2004 6:58 pm
Posts: 3332
Location: Fairless Hills, Pa USA
You can copy over the file as described above for the 0.12 version.  For 0.11.1, it would be safer to make the change by hand.

Open up the file above in a text editor.

Add:
Code:
require_once(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))))) . '/include.php');
check_login();

right after the first set of comments.

It'll look like this:
Code:
<?php
/*
 * FCKeditor - The text editor for internet
 * Copyright (C) 2003-2005 Frederico Caldeira Knabben
 *
 * Licensed under the terms of the GNU Lesser General Public License:
 *       http://www.opensource.org/licenses/lgpl-license.php
 *
 * For further information visit:
 *       http://www.fckeditor.net/
 *
 * "Support Open Source software. What about a donation today?"
 *
 * File Name: connector.php
 *    This is the File Manager Connector for PHP.
 *
 * File Authors:
 *       Frederico Caldeira Knabben (fredck@fckeditor.net)
 */

require_once(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))))) . '/include.php');
check_login();

include('config.php') ;
include('util.php') ;
include('io.php') ;
include('basexml.php') ;
include('commands.php') ;

_________________
http://about.me/tedkulp


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 5:28 pm 
Thank you !!!!!  :)

It works great with this php code for older cms versions!!  ;D


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:13 pm 
do I have to run upgrade.php while upgrading from 12.1 to 12.2?


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:26 pm 
Ted wrote:
Please upgrade to 0.12.2 as soon as possible!


Or switch to TinyMCE  ;D ...

Quote:
To Translators:  Please copy this message to the language forums.


Done!


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:28 pm 
Mesmer wrote:
do I have to run upgrade.php while upgrading from 12.1 to 12.2?


No.


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:31 pm 
I just copied the files of 12.2 over my old 11.x installation.

Now it says 13 beta-4 on my site. Is that intended?

Regards...Jan


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:34 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jun 11, 2004 6:58 pm
Posts: 3332
Location: Fairless Hills, Pa USA
cyberman wrote:
Mesmer wrote:
do I have to run upgrade.php while upgrading from 12.1 to 12.2?


No.


Well, if you use the diff package, then no.  If you download the full thing and copy it over 0.12.1, then yes (or it'll say your site is down).

_________________
http://about.me/tedkulp


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:36 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jun 11, 2004 6:58 pm
Posts: 3332
Location: Fairless Hills, Pa USA
jade22113 wrote:
I just copied the files of 12.2 over my old 11.x installation.

Now it says 13 beta-4 on my site. Is that intended?

Regards...Jan


Umm.  No.  I hope I didn't package the file wrong.

_________________
http://about.me/tedkulp


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:39 pm 
Quote:


Umm.  No.  I hope I didn't package the file wrong.
Quote:


If you have time, please check and let me know if it was a mistake on my side...

Regards...Jan


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:45 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jun 11, 2004 6:58 pm
Posts: 3332
Location: Fairless Hills, Pa USA
No, I'm a total idiot.  I packaged up the trunk instead of the 0.12.2 that I made.  I was rushing around and it screwed me up.

The files are corrected.

Please look at your site, as it's now running 0.13beta4.  If it's giving you a problem, please contact me.  I'll help you revert back to 0.12.2 if necessary.  At least beta4 is pretty stable.  But it wasn't intended.

Sorry once again and thanks for bringing it to my attention.

_________________
http://about.me/tedkulp


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:48 pm 
No problem...Thanks for the info. Lookimg forward to 13 stable  ;)

Cheers...Jan


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 6:49 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jun 11, 2004 6:58 pm
Posts: 3332
Location: Fairless Hills, Pa USA
Well, on the bright side, you pretty much have it now.  :)

Thanks

_________________
http://about.me/tedkulp


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: 0.12.2 Released! Please READ!
PostPosted: Wed May 10, 2006 9:56 pm 
Ted wrote:
Today it was brought to my attention that there is a serious security flaw in FCKeditor.  Without giving too many details, let's just say that it's a pretty bad one and could possibly comprimise your system.


Can I find more information on this security flaw? I would like to fix it for TinyMCE, which also uses the same filebrowser as plugin and is probably also affected.


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 31 posts ]  Go to page 1, 2, 3  Next

All times are UTC


Who is online

Users browsing this forum: googlebot


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting