FCKEditor Upload Exploit Fix
The upload feature of the FCKEditor can allow a malicious user to upload arbitrary files to the images/library/ directory of your website. The editor does filter the file type so only media type files can be uploaded (no PHP). Even though the directory where files can be uploaded is limited and the file types are limited, you do not want unsolicited files to be uploaded.
The fix is straight forward, place the new upload.php into the public_html/fckeditor/editor/filemanager/connectors/php/ directory.
public_html/fckeditor/editor/filemanager/connectors/php/upload.php
Story Submission
In some cases, when a user is previewing their story prior to submission, glFusion may display an earlier submitted story in the preview section. The correct story is saved, this only affects the preview. This is caused by the instance caching of the previewed story. Replace the private/system/lib-story.php with this updated version.
FileMgmt
The broken file report does not work, no report is submitted. Replace brokenfile.php with the fixed version.
public_html/filemgmt/brokenfile.php
Site Tailor
If you create a sub-menu and do not enter a URL, Site Tailor puts http:// in the field automatically, causing an invalid URL. This fix now checks to see if the field is empty, if it is, Site Tailor will not put the http://.
public_html/admin/plugins/sitetailor/index.php
Upgrading
When trying to upgrade a site, the following error appears:
The path ”/home/yourwebspace/public_html/db-config.php” does not appear to be correct. Please go back and try again.
This generally appears on sites that were installed using Fantastico and you are now trying to upgrade to glFusion v1.0. The fix is simple, copy the new index.php file into the public_html/admin/install/ directory:
public_html/admin/install/index.php
FileMgmt Plugin
The number of pages is not calculated properly when viewing a single category. The sort order is not properly passed in the URL when selecting next / prev page.