close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

vulnerability update

Thread begun 9/19/2011 6:11 pm by contact318852 | Last modified 9/21/2011 8:19 am by neilo | 2149 views | 7 replies |

contact318852

vulnerability update

Hi,

Id like clarification on the security update issued today for Site sculptor.

is the configuration file supposed to be copied to each site folder that only uses cms?

How do we update the actual extension in dreamweaver? will there be an update issued shortly for the extension itself?

cheers

Sign in to reply to this post

JPowell

configuration.php

I have a followup question. The file, configuration.php, seems to be a new version of the configuration for the file browser for HTML editor. But, if I overwrite using your new file, all of the "require_once" links are now wrong, and the folder settings on where I want files to upload are all overwritten and now wrong. Not sure if this "fix" was thought through correctly. I'll wait to hear more before applying update.

Sign in to reply to this post

Jason ByrnesWebAssist

The initial instructions for the site sculptor fix had an error, we apologize for any inconvenience.

For each of your site sculptor sites, the updated configuration.php file should be copied to the following folder:
HTMLEditor/editor/plugins/kfm/configuration.php


to fix the issue in the extension for any new sites you create, copy the updated configuration.php to the following location under the users configuration folder (for help locating the configuration folder, see the Common Installation issues PDF:
common_installation_issues.pdf):

Shared\WebAssist\SiteSculptor\cms\files\HTMLEditor\editor\plugins\kfm\configuration.php


contact318852: If you had a webassist/kfm/configuration.php file in your site sculptor site, it would mean the power CMS installation in your site was either from the Power CMS 2.1.1 Solution pack or from Power CMS Builder which are not effected by this vulnerability.

Sign in to reply to this post

neilo

Hi Jason,

Just to clarify your last post, - so Power CMS 2.1.1 Solution pack doesn't need the fix? The email notification about the vulnarability fixes says:

  . . . update all sites in which you are using PowerCMS 2.x.  



So that would be all sites using 2.x. EXCEPT PowerCMS 2.1.1?

Thanks

Sign in to reply to this post

Jason ByrnesWebAssist

that is correct neilo, I clarified this in the readme file available in the download center by adding the following note:

NOTE: This fix is only needed for PowerCMS 2.1.0 and below. To determine if the fix is needed, look for the following file:
HTMLEditor/editor/plugins/kfm/configuration.php

If it does not exist, you are using version 2.1.1 and do not need to apply this fix.

Sign in to reply to this post

neilo

Thanks Jason,

I did not see that readme when I downloaded the fix. The info in the email was contrary to that, so I wasn't looking for the fix fix!

Edit: Too confused now.

Sign in to reply to this post

Jason ByrnesWebAssist

are you reading the notes next to the link? or are you reading the actual read me file contained in the downloaded zip? the note I referenced is in the readme.htm file that is the downloaded zip file.

Sign in to reply to this post

neilo

Now I am reading the re-downloaded readme.htm file (I was looking at the notes before). I can see the 2.1.0 or less info, I missed it first time when I rushed into updating.

All is now clear, thanks.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...