security vulnerablity in graphical text editor Welcome to the Downeaster Yachts Forum Forums

avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
security vulnerablity in graphical text editor
Avatar
Scott Carle
Admin
November 25, 2009 - 12:23 pm
Member Since: October 10, 2009
Forum Posts: 1480
sp_UserOfflineSmall Offline

I was working on an image upload issue last night when I found that the TinyMCE editor and Tiny browser uploader had a security vulnerability that someone tried to take advantage of about 5 days ago. Luckly the hacker was pretty inept. I am working on that right now with the software developers. I will get back to the uploading issue after dealing with this. For the moment I am going to remove the editor that is vulnerable to this exploit. It will mean that the nice formating options and spell checking etc.. all go away for a few days. Bear with me as I work on this.

The only thing you should notice is that the editor buttons at the top of the text box as you create a post is much more rudimentary than it was. I have removed the old editor until it can be secured so the website can't be hacked through it.
Scott

Print Friendly
Scott Carle DE38 Cutter s/v Valkyr
Avatar
Scott Carle
Admin
December 20, 2009 - 12:12 pm
Member Since: October 10, 2009
Forum Posts: 1480
sp_UserOfflineSmall Offline

I just spoke with the developers of the forum software and they have a new beta coming out with the fix for the security vulnerability in the editor and image upload features. According to them it will be out in a week or so. So given the season I expect it will be out by mid january 🙂 Just wanted to keep everyone updated on this and that we will be getting our nice graphical editor back soon.
scott

Print Friendly
Scott Carle DE38 Cutter s/v Valkyr
Avatar
Scott Carle
Admin
January 14, 2010 - 2:12 pm
Member Since: October 10, 2009
Forum Posts: 1480
sp_UserOfflineSmall Offline

The developers of the forum plugin for the website have released the new version that has fixed the security vulnerability that I found and reported to them. I have just upgraded to that new version and you should now be able to upload images and such again as well as have the nice WSIWYG editing interface for posts in the forum again. If you run into any issues let me know so I can address them.

Thanks,

Scott

Print Friendly
Scott Carle DE38 Cutter s/v Valkyr
Forum Timezone: America/New_York

Most Users Ever Online: 120

Currently Online:
43 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Members Birthdays
sp_BirthdayIcon
Today None
Upcoming None

Top Posters:

Jonathan Oasis: 174

bobmcd625: 165

CAE: 150

mgav451: 143

Rick: 94

svbodhran: 84

Member Stats:

Guest Posters: 7

Members: 366

Moderators: 1

Admins: 1

Forum Stats:

Groups: 3

Forums: 13

Topics: 745

Posts: 3834

Newest Members:

tonyflor, sailordad46, Spirare, BradHartliep, Duncan, MistyDawn

Moderators: Patrick Twohig: 134

Administrators: Scott Carle: 1480