CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

CMS Made Simple 1.0.8 Released!

https://forum.cmsmadesimple.org/viewtopic.php?t=12839

Page 1 of 1

CMS Made Simple 1.0.8 Released!

Posted: Tue Jun 19, 2007 1:47 am
by sjg
Sorry to have to report this, but a new security issue was brought to our attention today. Ted had it fixed in just a few minutes, and released version 1.0.8.

This vulnerability could result in unauthorized access to your CMS, so we strongly recommend that you update any CMS Made Simple installations you have on the open internet.

Thanks to [dren] and Rift for bringing the problem to our attention.

Re: CMS Made Simple 1.0.8 Released!

Posted: Tue Jun 19, 2007 1:49 am
by delfstrom
Well, at least I'm getting refining my technique at upgrading all my CMSMS sites as quickly as possible!

Re: CMS Made Simple 1.0.8 Released!

Posted: Tue Jun 19, 2007 3:10 am
by [dren]
Glad to see it fixed so promptly! :)

Re: CMS Made Simple 1.0.8 Released!

Posted: Tue Jun 19, 2007 4:06 pm
by tsw
if anyone is interested I wrote this to help me

Code: Select all

#!/bin/perl
use strict;
use warnings;
use Data::Dumper;

#--------------------------------------------------------------------------------
# Script for copying diff packages to all installations (does not run db
# upgrade if needed)
#--------------------------------------------------------------------------------

die("READ THROUGH THE CODE BEFORE RUNNING!!!");

my $apply_to_version = "1.0.7";

print "finding existing installations \n";

my $base = "/var/www";
my $diff_loc = "/tmp/diff/*";

my @results =  `find $base -name version.php | xargs grep '\$CMS_VERSION = '`;

foreach(@results) {
    my ($location, $version) = split/:/;

    $location =~ s/version.php//;
    chomp($location);
    if($version =~ /(\d+\.\d+\.?\d*)/) {
        $version = $1;
    }

    ##only for 1.0.6
    if($version ne $apply_to_version) {
        print "skipping invalid version $version at $location \n";
        next;
    }

    my $command = "ls -lah ".$location."index.php";
    my $result = `$command`;

    my @fields = split(/ /, $result);

    my $owner = $fields[3];
    my $group = $fields[4];

    # setting rights of diff
    `chown -R $owner:$group $diff_loc`;

    #copy to installation
    #`cp -r -a $diff_loc $location`;

    print "upgraded installation at $location \n";
}

print "done\n";
not perfect in any way

use at your own risk!

read (and understand) the code before you run it!

and so on :)

Re: CMS Made Simple 1.0.8 Released!

Posted: Tue Jun 19, 2007 10:39 pm
by stopsatgreen
This is an URGENT problem: Since 1.07, anyone who is not an Admin can't see the Published/Draft dropdown in News articles, so can't publish stories. This has been mentioned elsewhere and filed as a bug.

Re: CMS Made Simple 1.0.8 Released!

Posted: Wed Jun 20, 2007 5:33 am
by cyberman
Hmm, not directly - only admin can activate news entries.

But this should help

http://forum.cmsmadesimple.org/index.ph ... l#msg63683

Re: CMS Made Simple 1.0.8 Released!

Posted: Wed Jun 20, 2007 8:33 am
by Mesmer
is the downloadserver offline? Non of downloads work.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited