forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 plugins => Topic started by: Joe Carver on October 28, 2009, 04:05:29 pm

Title: MiniCMS - Security Concerns
Post by: Joe Carver on October 28, 2009, 04:05:29 pm
Posted with the understanding that this is not a supported plugin.

MiniCMS (http://forum.coppermine-gallery.net/index.php/topic,15543.0.html) uses third party software, FCKeditor to operate. A version (2.3?) is included with the plugin.

FCKeditor has been updated since this plugin was packaged with version 2.3. It is now at revision 2.6.5 (stable).
Some of the releases have been security related.

     *****

I have tried the plugin  with the latest stable release of FCKeditor. It seems to work well, but I do not have enough experience with it to issue a final judgment.

1) Backup the plugin on your server - plugins/minicms/
2) Download, unzip and upload FCKeditor package to plugins/minicms/fckeditor - DO NOT upload the _sample folder
3) Upload file plugins/minicms/fckeditor/style.xml from your backup to plugins/minicms/fckeditor/ on your server

    *****
References - Links

FCKeditor 2.6.5, released on 21 September 2009
http://ckeditor.com/download

Bugtraq Listings - FCKeditor (http://search.securityfocus.com/swsearch?query=FCKeditor&sbm=%2F&submit=Search!&metaname=alldoc&sort=swishlastmodified)
Title: Re: MiniCMS - Security Concerns
Post by: Joachim Müller on October 29, 2009, 08:59:05 am
Could you come up with a revised package of the MiniCMS plugin that contains the editor component in the most recent version? Thanks in advance.
Title: Re: MiniCMS - Security Concerns
Post by: Joe Carver on October 29, 2009, 01:46:41 pm
Revised package completed. New revision is 1.81

Changes

- Update to FCKeditor 2.6.5
- Noted + marked in CHANGELOG and file headers - rev. 1.81
(note: existing package had varied rev. numbers in files)

Comment - It's a very useful, well written plugin!

Zip file is too large for attachment in this forum.
I have created a temporary link to the file.

[edit - link removed]
Download from here: (http://)  gallery.josephcarver.com/natural/cpg1.4.x_plugin_minicms_1.81.zip[/edit]

Please reply when you have successfully downloaded a copy (so the link can be removed) - thanks
Title: Re: MiniCMS - Security Concerns
Post by: Joachim Müller on October 31, 2009, 11:59:50 am
Thanks. I have attached the file to my posting.
Title: Re: MiniCMS - Security Concerns
Post by: Joe Carver on October 31, 2009, 12:56:09 pm
You are welcome.

I hope that the "experienced enthusiasts" of this plugin will see no degradation in performance.