Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - etienne

Pages: [1]
1
Installation problems / Problem avter migrating from 3.4.0.17 to 3.4.1
« on: March 26, 2016, 08:35:13 pm »
Hi everybody

I upgraded from 3.4.0.17 to 3.4.1 today with Softaculous. After that, I had only the header visible. There ws a JS error : "og.preferences is undefined" in the layout.js file. Moreover, when I activated the debug mode, this MYSQL error was displayed: "Unknown column 'get_read_state_from_server' in 'field list'".

I immediately restored my previous installation.

2
Feng Office 3 / Re: tmp
« on: March 03, 2016, 01:57:20 pm »
Hi,

Thanks for your quick answer.

I added one line to htaccess « deny from all ». It solved the problem, I hope it will not break anything else.

If not, it is pretty simple to fix and I invite your team to consider to do it as soon as possible as I consider it a major security issue that, moreover, is now publicly known.

Best regards

3
Feng Office 3 / tmp
« on: March 03, 2016, 04:41:00 am »
Hi,

Im a new user and manager of Feng. I configured emails accounts and I noticed that the folder tmp now contains several HTML files named after a pattern x_y_z_temp_mail_content.html that are containing the plain-text contents of the emails! These files, whose names are not especially complicated, are accessible and readable by everyone even not logged in. Isn't this a security breach and how to correct it ? If we use .htaccess solution, I guess the risk is to break the access to the files even for the logged in users.

Thanks

Pages: [1]