Make a Lasting Impression

Join the Mailing List

Who's Online

11 user(s) are online (2 user(s) are browsing News and Articles)

Members: 0
Guests: 11

more...
ImpressCMS proudly uses SourceForge
ImpressCMS on Ohloh.net
News and Articles > The ImpressCMS Project Announcement > ImpressCMS 1.3.6 Final Released

ImpressCMS 1.3.6 Final Released

Published by Skenow on 2014/1/31 (2483 reads)
ImpressCMS 1.3.6 Final Released

The ImpressCMS 1.3.6 final release is now available to download. This release, the latest in the ImpressCMS 1.3 branch, provides support for PHP 5.5 and PDO, integrates previously released patches, and added protection for 3 vulnerabilities.

Download 1.3.6 Final

The new release is available for download on the ImpressCMS 1.3 product page.

Most Significant Changes

Security Improvements

In this release, we have also addressed 3 vulnerabilities just reported by Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security Ltd.

3 vulnerabilities exist in ImpressCMS 1.3.5:

- Deletion of arbitrary files in the system
- Cross site scripting (XSS) in 2 files

The XSS can only be exploited with Protector off.
This is from the reporter - 
I have nothing but praise for you, as you've been the most helpful, understanding and responsive! There are some PHP CMS which have remote code execution flaws, and the developers told me straight up that they are not interest in fixing it... Be certain that if somebody asks my opinion for the best PHP CMS from a security perspective, I will say ImpressCMS.

PDO (PHP Data Object) and PHP 5.5

PHP is deprecating the mysql extension in PHP 5.5. Beginning with this release of ImpressCMS, the default option for managing the database connections will be PDO. The MySQL functions are still in place, so your existing sites and modules will still use it. If PDO is available on your server, we recommend switching to PDO. You can do this by editing your mainfile.php and changing the db type from 'mysql' to 'pdo.mysql'

PHP 5.5 is also running on many servers - this version of ImpressCMS has been verified to install and run on PHP 5.5. There is some additional work coming that will make ImpressCMS run without warnings and notices in PHP 5.5 strict.

Smarty Patch - Email Protection

The Smarty patch released independently has been integrated into this release. The email protection feature has been moved to a location independent of the Smarty files for better upgrade paths.

About ImpressCMS

The goal of the ImpressCMS Project is to stimulate and promote the open source nature of the CMS in both the core and its modules and establish itself as the premiere CMS by expanding the system to meet the needs of their users now and well into the future.

ImpressCMS is -

Open Source
Open Development
Open Philosophy
Open Community

Want to get involved?

If you're looking to join the ImpressCMS project, then get on board! All you need to do is head on over and complete the ImpressCMS Team form.

We'd love to connect with you ...

Ohloh project
Facebook
Twitter
LinkedIn group
Delicious
Flickr
YouTube

Contact: The ImpressCMS Project, Steve Kenow Spokesperson <press@impresscms.org>


Navigate through the articles
Previous article ImpressCMS 1.3.6.1 is now available for download Best Wishes for 2014 Next article
The comments are owned by the poster. We aren't responsible for their content.
Poster Thread
lotus
Posted: 2014/3/11 18:09  Updated: 2014/3/11 18:09
Home away from home
Joined: 2009/11/16
From: Germany
Posts: 171
 PDO... how to?!
Hi Guys,
after patching a site I got the message: "The mysql extension is being deprecated as of PHP 5.5.0 (PHP MySQL Extenstion). Switch to PDO, instead".

soooo.... how to change it? I tried to find an option like "use pdo: yes/no" ... but I can't find something. Maybe it would be clever to add a "how to" link in the deprecated message.

just my to cents ;)

please help, if you can!
Chris
skenow
Posted: 2014/3/12 21:43  Updated: 2014/3/12 21:43
Home away from home
Joined: 2007/12/4
From:
Posts: 4106
 Re: PDO... how to?!
At this point, there is no option we can set to switch to PDO, except when you are doing a new install. For an existing site -

1 - Make sure PDO is available on your server
2 - Edit your mainfile.php and change
define('XOOPS_DB_TYPE', 'mysql');
to
define('XOOPS_DB_TYPE', 'pdo.mysql');

around line 62

that's all.

Adding more information about how to make the change is a good idea - we'll get that in future releases. In the mean time, the wiki is a place we can document this better.
lotus
Posted: 2014/3/13 22:59  Updated: 2014/3/13 22:59
Home away from home
Joined: 2009/11/16
From: Germany
Posts: 171
 Re: PDO... how to?!
Thanks!