2.1.936 - Security Patch

Hi all,

I’ve updated the download to 2.1.936 - basically to null the file where I believe the exploit is coming from. I looked through the other files, and I think they look OK.

Please update as soon as possible - really the only updated file was core/lib/php-ofc-library/ofc_upload_image.php. Instead of deleting it, I patched it, so then it will get patched on an upload.

Sorry for all the trouble guys! Please be sure to look through your server and account very carefully - if you see something suspicious, delete it, or rename it to add a .txt extension so it can’t be found, until you can verify if the file is safe or not.

Thanks!

Hi Nabeel,

I’m a little confused, the latest changelog.htm file says Version 2.1.938 :

Build 938 ( Version 2.1.938 )

Patched the php-ofc-library to remove an exploit

Build 937 (Version 2.1.937)

Navigation data included for routes, more accurate maps for schedules, ACARS and PIREPS

Financial backend overhauled, all data is in real-time, and more accurate

Expenses are saved, so your expenses will stick and stay different, month-to-month

Aircraft can now be tied to a minimum rank to fly them

All charts/graphs replaced with new OFC (Open Flash Charts)

Google Maps replaced with v3 API (no more key needed!

Added reCaptcha support into the registration.

New format for skinning - whole page layout

Ability to change a pilot’s ID

Send mass-email to specific groups

Maintenance cron-script, for faster/more efficient background processing

Added ‘profile badge’ page with links to your signature in various formats

And numerous bug fixes

Templates Changed:

core_htmlhead.tpl - Javascript all cleaned up, path to Google Maps API changed for v3

acarsmap.tpl - Completely changed with map customizations (I would just start from scratch)

route_map.tpl - Rewritten to accomodate v3 API (I would just start from scratch)

profile_myroutesmap.tpl - Removed, replaced with flown_routes_map.tpl, used for RouteMap

pirep_new.tpl - Added field for route, and aircraft restriction for rank

schedule_results.tpl - Aircraft restriction for rank

registration_mainform.tpl - Replaced old captcha with reCaptcha

registration_customfields.tpl - Bug fixed with textarea field type

finance_summarysheet.tpl - Updated for new finances

finance_header.tpl - Updated for new finances

finances_balancesheet.tpl - Updates for new finances

contact_form.tpl - Implemented reCaptcha

In my admin page i can see this:

“‘S’mofo butter layin’ me to da’ BONE! Jackin’ me up… tight me!”

Copyright © 2007 - 2013 phpVMS, nsslive.net

License & About | Version 2.1.936

What is the last version?

He said it’s 936

Yes, i know, but in the file “changelog.htm” I can see differents versions…

So, what is a 2.1.938 version? is a future version?

I would say it is an error in the changelog, it is automated I and must have gotten off a little. 936 is the latest release version.

thanks for the clarification simpilot.

how do i install it?

Do i leave the install folder and do the process?

Hi,

I got from github and the filename is nshahzad-phpVMS-v2.1.935-7-g89e65bb.zip

so I assume it is version 2.1.935 ?

Is there a newer version with the security patch?

Can you please provide a direct link to where to download the latest patched version?

Thanks.

I have the same experience with the chart error.

I updated the " core/lib/php-ofc-library/ofc_upload_image.ph

But that didn’t help.. i still see the error:

Open Flash Chart

JSON Parse Error [syntax Error]

Error at character 0, line 1:

0: <br />

I would like to try download the file “nshahzad-phpVMS-v2.1.935-7-g89e65bb.zip” does anyone have the link to that?

Can anyone confirm what the latest stable version of phpvms is please ?

Then, what is the latest beta version of phpvms please ?

I have 935, 936 and 938 all showing in different admin panels on my localhost and live servers in several different installs and none of the OFC charts are working with a returned JSON error like stated above …

I would most appreciated if someone could tell me what version can give me the activity feed and the OFC Charts patched and working …

Thanks in advance,

Adam

The latest official “Release” is 935 which can be found here -> https://github.com/n…phpVMS/releases

The version got bumped to 936 when the OFC patch was added (https://github.com/n…2cfa00467c64129) but it has not been set as a “Release” package. It is the active version that can be downloaded here -> https://github.com/nshahzad/phpVMS <- which also includes some other changes that may or may not be fully tested.

Someone else came up with a version 938 as well but I do not know where this came from but I think it was a mistake in the change log that is updated automatically. It is discussed earlier in this thread.

There is also the development version available here -> https://github.com/n…phpVMS/tree/dev

There is also some forked versions that you can follow here -> https://github.com/nshahzad/phpVMS/network

Hello, Thanks Simpilot,

My Development on local host has the folliwing;

License & About | Version v2.1.934-202-g9a77c3d

As this version looks to be the latest with the activity feed working.

It did mention somewhere that it was v938 but I can’t reference it anywhere at the moment and the more I go looking the more I get confused … lol

Its a shame with such a community of this size that we couldn’t all work together for a few weeks and release an updated stable version.

Thanks again and I shall ponder around testing all versions and try and make sense of it ..

Cheers

Its a shame with such a community of this size that we couldn’t all work together for a few weeks and release an updated stable version.

The core members of the project number less than three at this point I would say… You can submit any updates that you author in the form of a pull request on the github account.

Ya this is a great system