+ Reply to Thread
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Flynax v4.0.1, security patch #1 (8 Jun, 2012)

  1. #1
    Flynax developer John's Avatar
    Join Date
    Oct 2009
    Posts
    606

    Flynax v4.0.1, security patch #1 (8 Jun, 2012)

    Hello,
    We would like to inform you that there was a small blemish detected in the script.
    Here the simple instruction which will help you to fix the problem yourself easy, let's start:

    BTW, if you see that the changes already done then someone from Flynax tech. dep. already implemented the fix for your website.

    1. Make sure you save file copy before making changes in.

    2. download the <b>.htaccess.zip</b> file and unzip it on your computer to some directory, zip archive contains
    .htaccess file which should be copied to your server to the following directories:
    - /files/
    - /files/images/
    - /tmp/upload/

    3. changes in file
    - open the following file for edit: /libs/system.lib.php
    - find the code:
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - save changes

    4. changes in file
    - open the following file for edit: /admin/controllers/accounts.inc.php
    - find the code (line ~ 534):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - save changes

    5. changes in file
    - open the following file for edit: /admin/controllers/listings.inc.php
    - find the code (line ~ 1004):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - save changes

    6. changes in file
    - open the following file for edit: /includes/classes/rlActions.class.php
    - find the code (line ~ 601):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - find the code (line ~ 608):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - find the code (line ~ 617):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - save changes

    7. changes in file
    - open the following file for edit: /includes/classes/rlCommon.class.php
    - find the code (line ~ 246):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - find the code (line ~ 504):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - find the code (line ~ 525):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - save changes

    8. changes in file
    - open the following file for edit: /includes/classes/reefless.class.php
    - find the code (line ~ 362):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - find the code (line ~ 370):
    Code:
    Only registered members can view the code.
    - and replace it with this code
    Code:
    Only registered members can view the code.
    - save changes

    That's all, yes looks hard but you should just go through this instruction step by step and you will do it!
    Feel free to submit a ticket to our technical department if you have any problems with this fix.

    John
    Attached Files Attached Files
    Last edited by John; June 9, 2012 at 07:20 AM.

  2. #2
    Done, but there are a mistake in your description above in the line
    PHP Code:
    Only registered members can view the code
    It should be
    PHP Code:
    Only registered members can view the code
    And to be sure of what you're doing, use the tag /* old syntax*/ so you can go back if something goes wrong. I use Dreamweaver but you could also use Notepad+++

  3. #3
    Master
    Join Date
    Apr 2012
    Location
    Germany
    Posts
    421
    Hello John,

    the follow part in /admin/controllers/listings.inc.php is present twice (line ~ 725) and (line ~ 1004).

    PHP Code:
    Only registered members can view the code
    What is to be replaced? Line ~ 725 or Line ~ 1004 ?
    Thank you John!

    Best regards
    Steffen
    Last edited by Steffen Buschkemper; June 8, 2012 at 05:45 PM.

  4. #4

    Unhappy the follow part in /admin/controllers/listings.inc.php is present twice (line ~ 725)

    Quote Originally Posted by Steffen Buschkemper View Post
    Hello John,

    the follow part in /admin/controllers/listings.inc.php is present twice (line ~ 725) and (line ~ 1004).

    PHP Code:
    Only registered members can view the code
    What is to be replaced? Line ~ 725 or Line ~ 1004 ?
    Thank you John!

    Best regards
    Steffen

    What is to be replaced? Line ~ 725 or Line ~ 1004 ?

    Thank you John!

  5. #5
    waiting....and waiting....

  6. #6
    me too.. and Mike had done some changes to my .htaccess. How should I integrate the codes?

  7. #7
    Senior Member
    Join Date
    Dec 2011
    Posts
    159
    Quote Originally Posted by Ang Jo jit View Post
    me too.. and Mike had done some changes to my .htaccess. How should I integrate the codes?
    Make sure u read point 2 and not to overwrite your existing htacces in your main public folder. You are to only upload to that three directories stated above.

  8. #8
    Quote Originally Posted by Aimiliano Maral View Post
    What is to be replaced? Line ~ 725 or Line ~ 1004 ?

    Thank you John!
    I changed the one at near ~1004 and for me it is working. However, when we don't get a more comprehensive description why the changes are needed, we can not make our own assumptions, better wait for the Team. I guess that you check listings in the form instead of categories but I don't have a clue when.

  9. #9
    Flynax developer John's Avatar
    Join Date
    Oct 2009
    Posts
    606
    Quote Originally Posted by Steffen Buschkemper View Post
    Hello John,

    the follow part in /admin/controllers/listings.inc.php is present twice (line ~ 725) and (line ~ 1004).

    PHP Code:
    Only registered members can view the code
    What is to be replaced? Line ~ 725 or Line ~ 1004 ?
    Thank you John!

    Best regards
    Steffen
    Hello Steffan,
    It is 1004 line, not 725.

    John

  10. #10
    Flynax developer John's Avatar
    Join Date
    Oct 2009
    Posts
    606
    Quote Originally Posted by Ang Jo jit View Post
    me too.. and Mike had done some changes to my .htaccess. How should I integrate the codes?
    Hello Ang,
    You should NOT change root .htacess file, upload attached .htaccess file to the directories listed in the instruction.

    John

+ Reply to Thread