Downeaster Yachts.com - Topic: security vulnerablity in graphical text editor

Scott Carle on security vulnerablity in graphical text editor

Thu, 14 Jan 2010 14:12:01 -0500

The developers of the forum plugin for the website have released the new version that has fixed the security vulnerability that I found and reported to them. I have just upgraded to that new version and you should now be able to upload images and such again as well as have the nice WSIWYG editing interface for posts in the forum again. If you run into any issues let me know so I can address them.

Thanks,

Scott

Scott Carle on security vulnerablity in graphical text editor

Sun, 20 Dec 2009 12:12:46 -0500

I just spoke with the developers of the forum software and they have a new beta coming out with the fix for the security vulnerability in the editor and image upload features. According to them it will be out in a week or so. So given the season I expect it will be out by mid january 🙂 Just wanted to keep everyone updated on this and that we will be getting our nice graphical editor back soon.
scott

Scott Carle on security vulnerablity in graphical text editor

Wed, 25 Nov 2009 12:23:43 -0500

I was working on an image upload issue last night when I found that the TinyMCE editor and Tiny browser uploader had a security vulnerability that someone tried to take advantage of about 5 days ago. Luckly the hacker was pretty inept. I am working on that right now with the software developers. I will get back to the uploading issue after dealing with this. For the moment I am going to remove the editor that is vulnerable to this exploit. It will mean that the nice formating options and spell checking etc.. all go away for a few days. Bear with me as I work on this.

The only thing you should notice is that the editor buttons at the top of the text box as you create a post is much more rudimentary than it was. I have removed the old editor until it can be secured so the website can't be hacked through it.
Scott