Security changes to EasyBlog 3.0.8593
By Jennifer Gress on Tuesday, 28 January 2014
Posted in Technical Issues
Replies 5
Likes 0
Views 711
Votes 0
hello,

i have a client that refuses to update past easyblog 3.0.8593 because the layout of the modules is completely different and he likes how it is at the version he is using.

i see that the two security related issues that used to be listed in the changelog were regarding full paths for some aspect of the subscribe and calendar of easyblog.

1. can i turn off any ability for people to subscribe to the blog and avoid security issues?

2. what can i turn off in order to protect the site/extension about the calendar? (i don't really understand the calendar part. where is a calendar?)

thanks in advance!
jenn
Thanks Jenn, I have patched the site for you and it should work fine now
Mark
·
Tuesday, 28 January 2014 11:26
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Jenn,

The issue is not really critical because it doesn't really compromise your site. It's more towards "full path disclosures" but it would still be harmful if an attacker has already gained access to your server as they know the path for your site. If you want, I could manually patch this for your customer's site. I would need the back end and the FTP access to the site for this to happen.

We normally don't do this but I understand the pain that your customer has to go through and your pain too!
Mark
·
Tuesday, 28 January 2014 02:37
·
0 Likes
·
0 Votes
·
0 Comments
·
mark,

you are so fantastic. this clients subscription has expired. but it looks like i have more domains available in my dashboard so i added the site to it. this is why i convince people to use stackideas products - the support...and of course great products. but even the greatest product ***** without good support and you guys are awesome.

i'll give a little pitch/announcement at our next JUG meeting for you guys.

added the ftp info below (that doesn't show anywhere to the public does it?). took a backup.

no rush, you can take care of other people first if you want to.

thank you!!
jenn
Jennifer Gress
·
Tuesday, 28 January 2014 03:08
·
0 Likes
·
0 Votes
·
0 Comments
·
mark, thank you soooooooo much!! my client, diego also says "thank you very much" and asked me to tell you. he is grateful.

i have on my list of announcements for february's JUG meeting to give easyblog/stackideas a plug.

thanks, mark. now onwards to do the rest of the updates. i really appreciate this!!!!!

xo
jenn
Jennifer Gress
·
Wednesday, 29 January 2014 05:02
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Jenn,

You are most welcome. Glad that your issue is solved.

Thanks!
Adelene
·
Wednesday, 29 January 2014 14:24
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post