Get started with PHP-Fusion

Update v7.02.07 released

12,311 views

BY Domi
June 18 2013 18:52:24

Category Downloads

Critical patch v7.02.07 released!

Since our last patch we've discovered several security vulnerabilities that were not adressed in that patch, which have had us working really hard to release a major patch with all critical vulnerabilities tight shut once and for all, and also some bug´s have been adjusted.
Since this patch adresses several critical security vulnerabilities, we strongly recommend every single user out there to upgrade to this patch.
The version number is v7.02.07 and below follows a list of what's been adressed.

v7.02.07

[-] CORE: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] CORE: Fixed a panel restriction bug
[-] CORE: Added a MIME check function so faulty extensions won´t be uploaded to the system
[-] FORUM: Fixed SQL injection
[-] FORUM: Fixed Reflected XSS vulnerability
[-] FORUM: Fixed a bug where signature state couldn't be changed after a post
[-] FORUM: Fixed a bug where after deleting a user due to insufficient clean up several areas of the forum would display wrong or incomplete information
[-] INCLUDES: Fixed RCE and CSRF vulnerabilites

[-] ADMIN: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] ADMIN: Fixed several SQL injections
[-] ADMIN: Fixed a bug which could lead to arbitrary file deletition
[-] ADMIN: Fixed several Reflected XSS vulnerabilities

[-] USERS: Fixed bug #1366 - HTTPS schema bug in user's site address
[-] USERS: Fixed bug #1360 - avatar images resizing bug

[-] FRONT: Fixed Reflected XSS vulnerability

[*] FILES: The minor file check tool we've made is an ongoing work, we have alot of files in the system that are orphan files. So we designed this one to start the general cleaning process.


Improved/changed features:

[*] ADMIN: Strengthened temporary backup file name while creating a backup up
[*] FORUM: Improved "Edit reason" animation responsiveness


ALso we would like to take the time and opportunity to note that the merger of the old Development site to Development here has gone very smoothly and as you no doubt can see, many developers have been very busy and hard at work, both with this patch and also with the work on v8 as well.
Thank you all who are working hard with the development of this fine CMS!
We will release a special news item regarding v8 the next couple of days, not in detail as of yet, but keeping you all posted about how far we've come, where we're going with it and how we will achieve it.
We're alive and kicking and we will be even more so!

Download upgrade here : PHP-Fusion 7.02.07-Update
Download full version here : PHP-Fusion 7.02.07

Discuss this (15 Comments)

Please Login to Post a Comment.

#1 on Jun 18 2013 at 20:44:21

Ralph68

Thanks very much for all your hard work and dedication to this project, I appreciate it! Good

#2 on Jun 18 2013 at 21:42:49

Richard Ainz

In reference to the post here please read my reply:

[*] FILES: The minor file check tool:

Those files found by the tool are supposed to be orphaned files from previous PHP-Fusion upgrades, no longer in use, and if you are not in the habit to clean out the directory (comparing with the release files) then you might accumulate quite an amount of orphaned files. These may be potential security risks.
This tool may suggest you remove files you want to KEEP if you have made modifications to your site!!

#3 on Jun 18 2013 at 21:51:58

Domi

It will not automaticly delete anything, It will only inform.

#4 on Jun 19 2013 at 05:26:02

hien

Celebrate

#5 on Jun 19 2013 at 10:24:51

jikaka

Good

#6 on Jun 19 2013 at 13:42:15

JoiNNN

Nice

#7 on Jun 19 2013 at 20:12:05

pwinkelm

After upgrading a site the theme switcher doesn't work anymore?
I see these errors:

fusion/maincore.php
mysql_num_rows(): supplied argument is not a valid MySQL result resource Regel: 251 19 juni 2013 19:59:44

fusion/maincore.php
mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource Regel: 256

What to do?

#8 on Jun 19 2013 at 20:13:50

pwinkelm

By the way, On another site all seems to be okay...

#9 on Jun 19 2013 at 20:14:36

Richard Ainz

Please make a thread about it... You cant expect us to give support among the comments???

#10 on Jun 19 2013 at 20:22:48

Wanabo

- locale/bbcodes/img.php has not been changed. No need to include in update!!!! Please remove.

#11 on Jun 19 2013 at 20:36:17

JoiNNN

Fixed Wanabo

#12 on Jul 01 2013 at 21:51:51

Archer

Grin

#13 on Jul 06 2013 at 13:58:39

HobbyMan

Great work, guys Smile
2 sites so far upgraded with no problems. I like the "orphan file" list - very helpful Good

#14 on Jul 11 2013 at 13:41:38

Domi

Thank you Phil!
I guess it could be more extensive aswell but i figured that i should only compare from V7.0 to current version. Just to not make it to messy for now.
I belive i will extend it for a V8 release in the update scripts so we have a solid upgrade pack and everyone runs "clean" versions from start.

#15 on Jul 16 2013 at 08:21:09

younis

Just quickly... Is there a recommended sequence to follow when performing an Update? Should you open up the Upgrade Admin page first? Upload the upgrade.php file first? Or just upload all files and then open up the Upgrade Admin?

About PHP-Fusion

PHP-Fusion is an all in one integrated and scalable platform that will fit any purpose when it comes to website productions, whether you are creating community portals or personal sites. Founded as an open source project under the GNU AGPL v3, PHP-Fusion is licensed to be open and free to use. Derivative codes must be shared unless we grant you a license to waive the AGPL agreement. This is what we believe gives the best possible protection for both PHP-Fusion and all the Developers that creates Addons for PHP-Fusion.

Latest News

Documentations

Contact Information

PHP-Fusion Inc
For contact please send an email to

Main Sponsors

A2 Hosting       JetBrains