Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2011-07-21 23:04:03
- frickinmuck
- Member
- Registered: 2008-05-01
- Posts: 118
Some of the TXP sites I've done
—
Last edited by frickinmuck (2013-08-23 20:05:54)
The AI does not hate you, nor does it love you, but you are made out of atoms which it can use for something else.
Offline
Re: Some of the TXP sites I've done
Nice work :)
I have to give you heads up tho. You should update Textpattern version used on all those sites as soon as possible. All sites listed are effected by major security issues that have been since then fixed in later security updates.
Edit. Textpattern publicly announces the version installed, that’s how I know, if you were wondering how I know what the sites are effected by
Last edited by Gocom (2011-07-21 23:26:41)
Offline
Re: Some of the TXP sites I've done
Gocom wrote:
Edit. Textpattern publicly announces the version installed, that’s how I know, if you were wondering how I know what the sites are effected by
Is that a good thing? If there is a known security hole – then surely this would make it easy for the bad people to find?
Also – where does it announce the version?
Offline
Re: Some of the TXP sites I've done
tye wrote:
where does it announce the version?
If you upload the entire Txp folder then it includes two files: HISTORY.txt and README.txt. Both publicly accessible. Both leak the version installed through the fact they show the latest version at the top of the file. No idea why these files aren’t changed for some other file extension (e.g. .php) or aren’t forbidden to be downloaded by the default .htaccess to keep the unwary less susceptible.
Simplest way to avoid this is just to not upload those files, or go delete them now! Security through obscurity, maybe, but it’s good practice to make it trickier than necessary: keeps the amateurs out :-)
(btw, Gocom is cleverer than me and can probably find out via another method)
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: Some of the TXP sites I've done
Thanks Bloke – I thought I was missing out on some all bells and whistles popup window when viewing txp sites.
BTW – I haven’t had 2mins to look at the threaded comments yet, I been smashed with work all week – sorry
Offline
Re: Some of the TXP sites I've done
tye wrote:
Also – where does it announce the version?
Bloke wrote:
(btw, Gocom
is cleverer than me andcan probably find out via another method)
File consistency, Atom/RSS feeds include the version number and updater files.
Last edited by Gocom (2011-07-22 01:43:20)
Offline
Re: Some of the TXP sites I've done
This thread inspired me to regenerate a working link for my ancient version number plugin. Use at your own risk, although just for the record, I have never had an issue.
Offline