+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Flynax v4.0.1, security patch #1 (8 Jun, 2012)

  1. #11
    a problem with step 3:

    my original file has

    /* deny files extension regular expresion */
    $l_deny_files_regexp = "/\.(php|php3|php4|php5|phtml|pl|py|psp|js|jsp|cgi|u til|inc)$/";

    /* conditions list */
    $l_cond = array(
    'isEmail' => $GLOBALS['lang']['mail'],
    'isUrl' => $GLOBALS['lang']['url']
    );


    that will mean according to your instructions that i will have 2 of this?
    /* deny files extension regular expresion */
    $l_deny_files_regexp = "/\.(php|php3|php4|php5|phtml|pl|py|psp|js|jsp|cgi|u til|inc)$/";

    or i should have just 1?

    another problem. step 4

    i have already in file

    if ( $back_errors = $rlCommon -> checkDynamicForm( $account_data, $fields, 'f', true ) )
    {
    foreach ( $back_errors as $error )
    {
    $errors[] = $error;
    }

    if ( $rlCommon -> error_fields )
    {
    $error_fields = $rlCommon -> error_fields;
    $rlCommon -> error_fields = false;
    }
    }

    $rlHook -> load('apPhpAccountsValidate');

    who made the modification into my site shoulded delete $rlHook -> load('apPhpAccountsValidate'); but didn't? i have that and olso the new code wich should replace it

    should i submit a ticket to have my files checked?
    Last edited by Petrache Nicolae; June 9, 2012 at 12:09 PM.

  2. #12
    Junior Member
    Join Date
    Nov 2011
    Posts
    15
    I am using flynax version 3.2, Do I have to fix it as well?

  3. #13
    Master
    Join Date
    Apr 2012
    Location
    Germany
    Posts
    421
    Hi Jose,

    The thread title is: Flynax v4.0.1, security patch #1 (8 Jun, 2012).
    I think its only for v4.01.

    Best regards
    Steffen

  4. #14
    @all,
    Are you facing anything wrong with the Online plug-in after making changes? It doesn't count up the visitors as it should and yesterday it was also counting down by one. Today I had a lot of different and unique visitors due to a newspaper been sent out but no registration of visitors.

  5. #15
    Flynax developer John's Avatar
    Join Date
    Oct 2009
    Posts
    573
    Hi there,
    Petrache Nicolae
    You should not implement the patch if you already have the changes in the files.
    It means that someone from Flynax already implemented the patch for you.

    Quote Originally Posted by Jose Bonilla View Post
    I am using flynax version 3.2, Do I have to fix it as well?
    Here the patch for 3.2 version:
    http://www.flynax.com/forum/showthre...11-Jun-2012%29

    Morgan Bohman
    This patch doesn't affect to any plugins, submit a ticket for tech. support if you have any problems with plugins.

    John
    Last edited by John; June 11, 2012 at 06:57 AM.

  6. #16
    what are the consequences of not applying the patch? i am worried things may go wrong after the patch.

  7. #17
    Hello Ang Jo Jit,

    Quote Originally Posted by Ang Jo jit View Post
    what are the consequences of not applying the patch? i am worried things may go wrong after the patch.

    It can be a very sad consequences. All depends on the skills of the hackers.
    If you are in doubt you can create ticket with the request and we will implement this patch without any consequences for your site.
    Viktor,
    Flynax technical department,
    Best wishes.

  8. #18
    Done the patch and all is working fine. From reading some of the codes changed, I would imagine this is a security patch, hence the urgency.

+ Reply to Thread