BLOG:CMS :: Support Forum

Radek Hulán · 14.07.2004 00:45

News:
* BLOG:CMS 3.1.4 NEW with several updates and an important security fix has been released.

It is highly recommended that you do upgrade to this release, because of security considerations, and, as a precaution, change your admin passwords afterwards.

To upgrade to BLOG:CMS 3.1.4:
* download appropriate files at http://blogcms.com/extra/download
* upload (copy over) ALL files, EXCEPT config.php file
* for any support questions please visit http://forum.blogcms.com/

Best regards,

Radek HULAN
-=BLOG:CMS Developer=-
http://blogcms.com/
http://hulan.info/

murj · 14.07.2004 04:13

I upgraded. Login admin area, try to add an item, but the 'submit' button is gone. When editing an item, the same thing there.

Radek Hulán · 14.07.2004 09:23

murj wrote:
I upgraded. Login admin area, try to add an item, but the 'submit' button is gone. When editing an item, the same thing there.

clear your browsers cache, there were changes done to JavaScript files..

murj · 14.07.2004 10:48

Radek Hulán wrote:
clear your browsers cache, there were changes done to JavaScript files..

That's it. Thanks.

bruno · 15.07.2004 07:52

upload (copy over) ALL files, EXCEPT config.php file

I just copied newer files and it keeps my modifications in the "main index" skin. Should be enough, no ? Or do I really need to overwrite ALL files ?

- I saw that you put the full number version in the admin area : thanks.
- I can't change the config.php's rights. What are the exacts securities problems ???

Thanks

Radek Hulán · 15.07.2004 09:21

well, it is enough, in fact, to copy over /nucleus/libs/ directory. Anyway, even if you copy over all files (except config.php), as instructed, you will NOT loose any of your custom skin mods, they are stored in a database, rather than PHP source files

As for the exact nature of security problem, it was related to people who are running BLOG:CMS and NucleusCMS with regiter_globals=on and allow_url_open=on settings. I let only Wouter (www.nucleuscms.org) know the exact nature of the problem, and will NOT discuss it here.

xahmol · 15.07.2004 14:22

I can't change the config.php's rights

Encountered the same problem, my hosting provider refuses to CMOD config.php below 644 (at least I didn't succeed in changing to 444, after each try it changes back to 644).
I can understand why you will not discuss about the exact nature of the security problems (searching on Google for sites running old BlogCMS or Nucleus releases and using this knowledge would be to easy then), but can you give confidence that config.php at 644 does not pose to big a security risk?

Radek Hulán · 15.07.2004 15:33

config.php at 644 is ok, leave it as it is, bigger security problem would be register_globals=on..

Radek Hulán · 15.07.2004 15:35

it is advisable, if your web-hosting is running with register_globals=on, to enter this into your .htaccess:

Code:

php_flag register_globals off

xahmol · 15.07.2004 17:29

Thanks, changed register_globals to off now. My hosting provider has it on on default (according to their forum because otherwise to many of their clients' scripts would break, but they have a very good tutorial online how to override this for your own domain).

BLOG:CMS :: Support Forum

#1 14.07.2004 00:45

BLOG:CMS Newsletter no. 3/2004

#2 14.07.2004 04:13

Re: BLOG:CMS Newsletter no. 3/2004

#3 14.07.2004 09:23

Re: BLOG:CMS Newsletter no. 3/2004

murj wrote:

#4 14.07.2004 10:48

Re: BLOG:CMS Newsletter no. 3/2004

Radek Hulán wrote:

#5 15.07.2004 07:52

Re: BLOG:CMS Newsletter no. 3/2004

#6 15.07.2004 09:21

Re: BLOG:CMS Newsletter no. 3/2004

#7 15.07.2004 14:22

Re: BLOG:CMS Newsletter no. 3/2004

#8 15.07.2004 15:33

Re: BLOG:CMS Newsletter no. 3/2004

#9 15.07.2004 15:35

Re: BLOG:CMS Newsletter no. 3/2004

Code:

#10 15.07.2004 17:29

Re: BLOG:CMS Newsletter no. 3/2004

Board footer