Joomla security issue - call for help on testing - extension dev's read this
As some of you might be aware, we currently have one quite complex Joomla (but not limited to Joomla) security issue that needs to be fixed as soon as possible.
I created a patch that fixes the issue for core extensions (the same principle will have to be applied for 3d party extensions that use problematic functions), but due to it's nature it is likely that fix/patch will affect any 3rd party extension that interacts with core components on deeper levels (e.g. ordinary content plugins should be safe), adds URL parameters to those components, influence their routing etc.
Some cases of such components that might be affected:
- Joomfish
- any CCK that builds on com_content (Jseblod, Flexicontent..)
- SEO&SEF extensions
I'm asking you to help me test this patch (or even provide ideas for alternative solutions) - so
if you are a developer of any of those or you think your extension might also be affected, please send me your contact details together with a quick note about your extension.
For now I would like to avoid publicly posting about an issue so I will ask you for some degree of confidentiality - please avoid discussing this issue in public.
Drop me your contact via private message or on klas dot berlic at gmail dot com so I can send you details and a patch for you to test.
I created a patch that fixes the issue for core extensions (the same principle will have to be applied for 3d party extensions that use problematic functions), but due to it's nature it is likely that fix/patch will affect any 3rd party extension that interacts with core components on deeper levels (e.g. ordinary content plugins should be safe), adds URL parameters to those components, influence their routing etc.
Some cases of such components that might be affected:
- Joomfish
- any CCK that builds on com_content (Jseblod, Flexicontent..)
- SEO&SEF extensions
I'm asking you to help me test this patch (or even provide ideas for alternative solutions) - so
if you are a developer of any of those or you think your extension might also be affected, please send me your contact details together with a quick note about your extension.
For now I would like to avoid publicly posting about an issue so I will ask you for some degree of confidentiality - please avoid discussing this issue in public.
Drop me your contact via private message or on klas dot berlic at gmail dot com so I can send you details and a patch for you to test.
-
Comment by Alex Kempkens on January 14, 2010 at 3:50am -
HI Klas,
Could you sent me your patch to alex at joomfish,net please. I'll have a look.
Alex
-
Comment by Klas on January 14, 2010 at 4:08am -
done, if you don't get it please check your spam folders (at least gmail seem to think it is spam)
-
Comment by Rafael Diaz-Tushman on January 28, 2010 at 4:23pm -
Klas, could you send me your fix. Please use rdiaztushman at dioscouri.com
Cheers!
-
Comment by Klas on January 28, 2010 at 4:34pm
-
done. Improved version based on the suggestions received is in progress (details in the mail)
-
Comment by Sébastien Lapoux on March 28, 2010 at 9:23am -
Hi Klas,
Thanks to send us your patch.
Best Regards.
Comment
© 2012 Created by Amy Stephen.
You need to be a member of All Together, As A Whole to add comments!
Join All Together, As A Whole