It never fails, once you make a release, a few bugs pop up. In the interim time before the next release rolls out, you can download the individual source files that contain the fixes.
Deleting a comment in Media Gallery fails with an SQL error.
Update the functions.inc file to resolve the issue.
private/plugins/mediagallery/functions.inc
This fix should only be applied to glFusion v1.1.3.
The option Email moderators on submission does not appear on the ablum create / edit screen.
Update the albumedit.php file to resolve the issue.
private/plugins/mediagallery/include/albumedit.php
This fix should only be applied to glFusion v1.1.3.
When creating an album in Media Gallery, the system may crash with an SQL error. There are several areas in the code where the group id was not being set properly. Update the following files to resolve the issue.
private/plugins/mediagallery/include/albumedit.php
public_html/admin/plugins/mediagallery/defaults.php
public_html/admin/plugins/mediagallery/member.php
These fixes should only be applied to glFusion v1.1.3.
Another exploit has been published for Geeklog <= 1.5.2 that performs a SQL injection attack in the usersettings.php to compromise a user's password hash and masquerade (automatically login) as that user (including Admin accounts). This exploit could be adapted to work on glFusion as well.
Although glFusion v1.1.3 is not vulnerable to the user masquerading exploit using the password hash in the long term cookie, it is still important to patch this vulnerability to ensure there are no other holes available to an attacker.
This fix should only be applied to glFusion v1.1.3.
When editing a block and trying to upload an image using the advanced editor, an error occurs stating the file uploader is disabled. Update block.php to resolve the issue.
This fix should only be applied to glFusion v1.1.3.
When performing a batch FTP import into Media Gallery, the system crashes with an SQL error. The group owner id is not properly setup in the code. Update albumedit.php to resolve the issue.
private/plugins/mediagallery/include/albumedit.php
This fix should only be applied to glFusion v1.1.3.
When the number of comments exceed the 'comment limit' setting (default is 100), the ability to page through the comments was broken. Selecting the next page would simply refresh the current page and not advanced to the next page. This updated article.php resolves the issue.
This fix should only be applied to glFusion v1.1.3.
An exploit has been published for Geeklog <= 1.5.2 that performs a SQL injection attack to compromise a user's password hash and masquerade (automatically login) as an admin user. This exploit could be adapted to work on glFusion as well. Although glFusion v1.1.3 is not vulnerable to the user masquerading exploit using the password hash in the long term cookie, it is still important to patch this vulnerability to ensure there are no other holes available to an attacker.
We have updated 3 key files in glFusion to help prevent SQL injection exploits:
private/system/lib-security.php
private/system/lib-sessions.php
private/system/lib-webservices.php
It is recommended that you update your site as soon as possible with these updates.
NOTE: This exploit takes advantage of the Remote Webservices featue of glFusion which is enabled by default. You can turn off webservices by going into the Online Configuration System - Miscellaneous - set Disable Webservices to true. This will prevent this specific exploit from succeeding.
These fixes should only be applied to glFusion v1.1.3.
Not all auto tags in Media Gallery properly support the Use media / album title as caption for autotags setting. Now the slideshow and fslideshow auto tags properly support this setting.
This patch also includes a new alink auto tag which allows a text link to albums.
To apply the fix, download the following source update and copy this new file over the existing file on your server.
private/plugins/mediagallery/functions.inc
This fix should only be applied to glFusion v1.1.3.
Media Gallery does not handle unauthorized access to protected media items very gracefully. If a user knows the direct URL, but does not have permissions to view, they will received the following error:
Fatal error: Call to a member function getOffset() on a non-object in /private/plugins/mediagallery/include/lib-media.php on line 1359
To apply the fix, download the following source update and copy this new file over the existing file on your server.
private/plugins/mediagallery/include/lib-media.php
This fix should only be applied to glFusion v1.1.3.
The Media Gallery Random Image Block is no longer random, it will only show the last uploaded image.
To apply the fix, download the following source update and copy this new file over the existing file on your server.
private/plugins/mediagallery/functions.inc
This fix should only be applied to glFusion v1.1.3.
When searching a date range, stories within that range are not returned in the results
To apply the fix, download the following source update and copy this new file over the existing file on your server.
private/system/classes/search.class.php
This fix should only be applied to glFusion v1.1.3.
In Site Tailor, the Clone Menu option does not work. The new menu is not saved.
To apply the fix, download the following source update and copy this new file over the existing file on your server.
public_html/admin/plugins/sitetailor/menu.php
This fix should only be applied to glFusion v1.1.3.