Hello,
Are there any big security issues with FCK. My Sites are going down daily. I had version 2.2
Yesterday I discovered the problem with the upload, where you can directly upload a file like filename.php.xxyy and apache is going to parse this as php. As I dont have the time to update 30 FCK editors, I just fixed that part with the new code so that only 1 file extension is allowed, so new filename woould be filename_php.xxyy
But today other sites went down. Are there any other security issues in that version or below????
Thx
Tue, 12/18/2007 - 12:13
#1
Re: Security holes ?? Sites going down
You should definitely upgrade FCKeditor as version 2.2 has been release two years ago and some few security related issues have been fixed in the mean time.
Even if you decide to not upgrade immediately, you should at least replace the "editor/filemanager" folder, which contains the File Manager. Being the File Manager a server application, it is the only part of the code that could bring security concerns.
For version 2.5, there are no known security holes.
Frederico Knabben
CKEditor Project Lead and CKSource Owner
--
Follow us on: Twitter | Facebook | Google+ | LinkedIn
Re: Security holes ?? Sites going down