Security Patch - Sep 2013 files

[TracyIsland]

In reference to ipb3_3_and_gallery_5_0-9-13-2013.zip

sorry to be so picky ... but you state in the instructions to upload the contents of the upload folder.

Does that include the Credits.txt file? Well, do we?

Oh, and who is this guy? Other Contributors:-
Giuseppe Casagrande? Sounds like a nom de plume? aka Lindy?

[Mikey B]

In reference to ipb3_3_and_gallery_5_0-9-13-2013.zip

sorry to be so picky ... but you state in the instructions to upload the contents of the upload folder.

Does that include the Credits.txt file? Well, do we?

Oh, and who is this guy? Other Contributors:-
Giuseppe Casagrande? Sounds like a nom de plume? aka Lindy?

Strictly speaking from a technical standpoint there's no need to upload the Credits.txt file, that wont affect the working of the patch itself.

As for Giuseppe, he's a former developer, and it's not a nom de plume. :)

[CnCNet]

Not required for an update, its simply a text file. Just the admin and public folder without the text file is fine.

[Rheddy]

You just upload the content in the 'upload' folder. LOLS

[steve00]

Can someone advise if the 2 files in flowplayer folder are supposed to be 0 bytes as the files they are replacing are not ?

[PPlanet]

What do I need to do if I'm running IPB 3.4.5 and IP.Gallery 4.2.1? (And yes, I don't want to upgrade Gallery, 4.2.1 works fine with 3.4.5 and I'm not a fan of gallery 5)

Shall I apply both patches?

[Mikey B]

Can someone advise if the 2 files in flowplayer folder are supposed to be 0 bytes as the files they are replacing are not ?

Yes those do need replacing.

[steve00]

Yes those do need replacing.

thank you, just wanted to confirm that they were supposed to be 0 bytes as the files they were replacing were not and wondered if somehow something got missed somewhere

[Adriano Faria]

Oh, and who is this guy? Other Contributors:-
Giuseppe Casagrande?

Terabyte: http://community.invisionpower.com/user/145950-terassyte/

[bfarber]

What do I need to do if I'm running IPB 3.4.5 and IP.Gallery 4.2.1? (And yes, I don't want to upgrade Gallery, 4.2.1 works fine with 3.4.5 and I'm not a fan of gallery 5)

Shall I apply both patches?

This isn't a strictly supported configuration, which is why a patch for that combo was not built.

You would do this:

Upload the 3.4.5 patch

Download the 3.3.x + Gallery 4.2.x patch and extract locally.

Upload JUST the admin/applications_addon/ folder (which only has one file, a Gallery file named media.php, in it) to restore the 4.2.x patched version.

[PPlanet]

Thank you, much appreciated. :)

[loccom]

i am at 3.4.3 and I cannot upgrade yet... will the patch still work?

[Rhett]

i am at 3.4.3 and I cannot upgrade yet... will the patch still work?

the patch will cause an error when posting, if you are running 3.4.3, there is no reason not to upgrade to 3.4.5 though, everything should be just fine, skins, apps, etc.

If that's still not an option, submit a ticket and we can provide a work around, however upgrading is recommended.

[Joy Rex]

I installed the patch on a 3.4.5 board (with no Gallery), and now it seems YouTube embeds are no longer working... anyone else experiencing this?

[Joy Rex]

Nevermind... it only affected a custom media tag I had for YouTube to display in HD. Disregard.

[bferne]

Is the warning message in AdminCP supposed to remain afar installing the patched files? I copied the files via FTP using the client's automatic ability to merge/overwrite directories the other day, but the warning still appears in AdminCP.

[steve00]

Is the warning message in AdminCP supposed to remain afar installing the patched files? I copied the files via FTP using the client's automatic ability to merge/overwrite directories the other day, but the warning still appears in AdminCP.

Yes, it will remain there for a week or so

[bferne]

Ok, thanks for letting me know. It doesn't make any sense whatsoever to keep the warning message up (there should be a mechanism to check for the updated files), but at least now I can pass the info to other admins.

[bfarber]

Ok, thanks for letting me know. It doesn't make any sense whatsoever to keep the warning message up (there should be a mechanism to check for the updated files), but at least now I can pass the info to other admins.

This has been a common complaint, and is something we will be looking into closer (some method to tag patch files with an announcement in order to get rid of it once your site is patched) for the next major release. :)

[bferne]

An automated patch system in the ACP would also be nice. Messing around with FTP is an easy way to damage a forum due to careless file or directory replacement. ;)

[bfarber]

An automated patch system in the ACP would also be nice. Messing around with FTP is an easy way to damage a forum due to careless file or directory replacement. ;)

While of course we agree, there are technical challenges to this. Most servers are set up in such a way that random files cannot just be replaced by PHP. This can be worked around by asking the admin for their FTP details in the ACP, but security would be very important in this area and even then there can still be challenges explaining certain things (like the path) to non-technical admins.

Nevertheless, it's something we have/are considering.