BLOG:CMS :: Support Forum

Support Forum for BLOG:CMS

You are not logged in.

#1 14.07.2004 00:45

Radek Hulán
Site Admin
From: Prague, Czech Republic
Registered: 17.03.2004
Posts: 2509
Website

BLOG:CMS Newsletter no. 3/2004

News:
* BLOG:CMS 3.1.4 NEW with several updates and an important security fix has been released.

It is highly recommended that you do upgrade to this release, because of security considerations, and, as a precaution, change your admin passwords afterwards.

To upgrade to BLOG:CMS 3.1.4:
* download appropriate files at http://blogcms.com/extra/download
* upload (copy over) ALL files, EXCEPT config.php file
* for any support questions please visit http://forum.blogcms.com/

Best regards,

Radek HULAN
-=BLOG:CMS Developer=-
http://blogcms.com/
http://hulan.info/


--= BLOG:CMS developer =--

Offline

 

#2 14.07.2004 04:13

murj
BLOG:CMS Junior
From: China
Registered: 19.06.2004
Posts: 12
Website

Re: BLOG:CMS Newsletter no. 3/2004

I upgraded. Login admin area, try to add an item, but the 'submit' button is gone.  When editing an item, the same thing there.

Offline

 

#3 14.07.2004 09:23

Radek Hulán
Site Admin
From: Prague, Czech Republic
Registered: 17.03.2004
Posts: 2509
Website

Re: BLOG:CMS Newsletter no. 3/2004

murj wrote:

I upgraded. Login admin area, try to add an item, but the 'submit' button is gone.  When editing an item, the same thing there.

clear your browsers cache, there were changes done to JavaScript files..


--= BLOG:CMS developer =--

Offline

 

#4 14.07.2004 10:48

murj
BLOG:CMS Junior
From: China
Registered: 19.06.2004
Posts: 12
Website

Re: BLOG:CMS Newsletter no. 3/2004

Radek Hulán wrote:

clear your browsers cache, there were changes done to JavaScript files..

That's it. Thanks.

Offline

 

#5 15.07.2004 07:52

bruno
BLOG:CMS Junior
From: Lyon
Registered: 24.06.2004
Posts: 14
Website

Re: BLOG:CMS Newsletter no. 3/2004

upload (copy over) ALL files, EXCEPT config.php file

I just copied newer files and it keeps my modifications in the "main index" skin. Should be enough, no ? Or do I really need to overwrite ALL files ?

- I saw that you put the full number version in the admin area : thanks.
- I can't change the config.php's rights. What are the exacts securities problems ???

Thanks

Offline

 

#6 15.07.2004 09:21

Radek Hulán
Site Admin
From: Prague, Czech Republic
Registered: 17.03.2004
Posts: 2509
Website

Re: BLOG:CMS Newsletter no. 3/2004

well, it is enough, in fact, to copy over /nucleus/libs/ directory. Anyway, even if you copy over all files (except config.php), as instructed, you will NOT loose any of your custom skin mods, they are stored in a database, rather than PHP source files smile

As for the exact nature of security problem, it was related to people who are running BLOG:CMS and NucleusCMS with regiter_globals=on and allow_url_open=on settings. I let only Wouter (www.nucleuscms.org) know the exact nature of the problem, and will NOT discuss it here.


--= BLOG:CMS developer =--

Offline

 

#7 15.07.2004 14:22

xahmol
BLOG:CMS Senior
Registered: 13.06.2004
Posts: 70

Re: BLOG:CMS Newsletter no. 3/2004

I can't change the config.php's rights

Encountered the same problem, my hosting provider refuses to CMOD config.php below 644 (at least I didn't succeed in changing to 444, after each try it changes back to 644).
I can understand why you will not discuss about the exact nature of the security problems (searching on Google for sites running old BlogCMS or Nucleus releases and using this knowledge would be to easy then), but can you give confidence that config.php at 644 does not pose to big a security risk?

Offline

 

#8 15.07.2004 15:33

Radek Hulán
Site Admin
From: Prague, Czech Republic
Registered: 17.03.2004
Posts: 2509
Website

Re: BLOG:CMS Newsletter no. 3/2004

config.php at 644 is ok, leave it as it is, bigger security problem would be register_globals=on..


--= BLOG:CMS developer =--

Offline

 

#9 15.07.2004 15:35

Radek Hulán
Site Admin
From: Prague, Czech Republic
Registered: 17.03.2004
Posts: 2509
Website

Re: BLOG:CMS Newsletter no. 3/2004

it is advisable, if your web-hosting is running with register_globals=on, to enter this into your .htaccess:

Code:

php_flag register_globals off

--= BLOG:CMS developer =--

Offline

 

#10 15.07.2004 17:29

xahmol
BLOG:CMS Senior
Registered: 13.06.2004
Posts: 70

Re: BLOG:CMS Newsletter no. 3/2004

Thanks, changed register_globals to off now. My hosting provider has it on on default (according to their forum because otherwise to many of their clients' scripts would break, but they have a very good tutorial online how to override this for your own domain).

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson

TOPlist