Jump to content

Security Fix released for 2.1.x


Nabeel

Recommended Posts

  • Administrators

A small patch to fix a security flaw has been released; it applies to version 2.1.934 and below. It doesn't apply to any of the beta versions. Replace the admin/index.php and admin/action.php files. Thanks for Jacob Axford for finding and bringing the flaw to my attention.

The updated version is now 2.1.935.

Nabeel

  • Like 4
Link to comment
Share on other sites

Why isn't the new version backwards compatible with the old template format? It seems to be taking info from both the core>templates folder and the skin folder, as I am trying to get my VA back to the way it was before the update, but changing them to php files doesn't seem to be helping much. It has actually mae me quite ticked off, as alll my work has gone down the drain! This needs to be fixed asap. The code to change the tpl files to php is not working.

Link to comment
Share on other sites

Did you do a backup of the site before updating? It's worth doing every time, so if the update causes problems, then you can just use the backup. If you didn't do a backup yourself, your server may make automatic backups, or your web host may be able to restore the server from a backup, it's worth asking them.

Link to comment
Share on other sites

  • Moderators

A small patch to fix a security flaw has been released; it applies to version 2.1.934 and below. It doesn't apply to any of the beta versions. Replace the admin/index.php and admin/action.php files. Thanks for Jacob Axford for finding and bringing the flaw to my attention.

The updated version is now 2.1.935.

Nabeel

Nabeel, did you make a mistake with the update? This is the beta version.

This version has the .tpl to .php feature in it. Shouldn't it been the original version 2.1.934. with the tpl..ETC and updated only the admin/index.php and admin/action.php.

Why isn't the new version backwards compatible with the old template format? It seems to be taking info from both the core>templates folder and the skin folder, as I am trying to get my VA back to the way it was before the update, but changing them to php files doesn't seem to be helping much. It has actually mae me quite ticked off, as alll my work has gone down the drain! This needs to be fixed asap. The code to change the tpl files to php is not working.

Mr.Bean, that's why becasue Nabeel might mistakely updated the Beta Version, not the stable version. The .tpl to .php files are not yet ready. It's still being worked on.

Link to comment
Share on other sites

  • Administrators

Wait, sorry - I was supposed to get email updates on this thread, and just noticed they all went to spam :\

Checking the zip, it looks like that is wrong... crap. Sorry guys. I'm fixing this right now - I tagged it wrong.

I really apologize for this - I should have checked it more thoroughly. These last two weeks have been rather insane with work and stuff... my bad.

I'm fixing it right now

Link to comment
Share on other sites

  • Moderators

I really apologize for this - I should have checked it more thoroughly. These last two weeks have been rather insane with work and stuff... my bad.

I'm fixing it right now

No worries Nabeel, sometimes when we get busy and we get dozed off on our projects and make errors.

Cheers man! :D

Link to comment
Share on other sites

  • Administrators

Well, I've had to do what I needed to do anyway - the way git works, is that it does tags on a master branch - but I was using master as "3.0" - so the 2.1.935 got tagged to the latest beta, and my build scripts find the last tag, check that out and do a build. I didn't know tag's only went to the master branch, not the current branch (I had a branch called 'release' with the 2.1.x) - though I might be wrong on this. My head hurts. But anyway, this is the proper way to do it

So I've already swapped branches - master is reset to 2.1.935 (github has the latest copy now), and there's a new branch for beta called dev.

I'm fixing my build-scripts so the fixed zips/tars should be up really soon.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...