Jump to content

Security Patch - Sep 2013 files


TracyIsland

Recommended Posts

In reference to ipb3_3_and_gallery_5_0-9-13-2013.zip

sorry to be so picky ... but you state in the instructions to upload the contents of the upload folder.

Does that include the Credits.txt file? Well, do we?

Oh, and who is this guy? Other Contributors:-
Giuseppe Casagrande? Sounds like a nom de plume? aka Lindy?

Strictly speaking from a technical standpoint there's no need to upload the Credits.txt file, that wont affect the working of the patch itself.

As for Giuseppe, he's a former developer, and it's not a nom de plume. :)

Link to comment
Share on other sites

What do I need to do if I'm running IPB 3.4.5 and IP.Gallery 4.2.1? (And yes, I don't want to upgrade Gallery, 4.2.1 works fine with 3.4.5 and I'm not a fan of gallery 5)

Shall I apply both patches?

This isn't a strictly supported configuration, which is why a patch for that combo was not built.

You would do this:

Upload the 3.4.5 patch

Download the 3.3.x + Gallery 4.2.x patch and extract locally.

Upload JUST the admin/applications_addon/ folder (which only has one file, a Gallery file named media.php, in it) to restore the 4.2.x patched version.

Link to comment
Share on other sites

i am at 3.4.3 and I cannot upgrade yet... will the patch still work?

the patch will cause an error when posting, if you are running 3.4.3, there is no reason not to upgrade to 3.4.5 though, everything should be just fine, skins, apps, etc.

If that's still not an option, submit a ticket and we can provide a work around, however upgrading is recommended.

Link to comment
Share on other sites

Is the warning message in AdminCP supposed to remain afar installing the patched files? I copied the files via FTP using the client's automatic ability to merge/overwrite directories the other day, but the warning still appears in AdminCP.

Yes, it will remain there for a week or so

Link to comment
Share on other sites

Ok, thanks for letting me know. It doesn't make any sense whatsoever to keep the warning message up (there should be a mechanism to check for the updated files), but at least now I can pass the info to other admins.

This has been a common complaint, and is something we will be looking into closer (some method to tag patch files with an announcement in order to get rid of it once your site is patched) for the next major release. :)

Link to comment
Share on other sites

An automated patch system in the ACP would also be nice. Messing around with FTP is an easy way to damage a forum due to careless file or directory replacement. ;)

While of course we agree, there are technical challenges to this. Most servers are set up in such a way that random files cannot just be replaced by PHP. This can be worked around by asking the admin for their FTP details in the ACP, but security would be very important in this area and even then there can still be challenges explaining certain things (like the path) to non-technical admins.

Nevertheless, it's something we have/are considering.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...