Re: [Dave] Apostrophe and WYSIWYG editing problem

Wed, 05 May 2010 03:57:36 -0700

Hi Dave

The update seemed to work fine. Thanks for the advice.

Re: [Dave] Apostrophe and WYSIWYG editing problem

Wed, 05 May 2010 00:50:47 -0700

Hi Dave

Thanks for the very speedy response. I will look in to updating now, however last time I updated a site using an older version of CMS builder I ran into some problems regarding the directories that were uploaded. I replaced all the old files under the csmAdmin directory with the new files, however I was told I shouldn't have only replaced a couple of folders/directories (I can't remember which ones). The upgrade instructions tell me to upload and replace the entire cmsAdmin folder, so I'm wondering if this is safe to do with the latest release before I go ahead?

Thanks again
Chris

Apostrophe and WYSIWYG editing problem

Wed, 05 May 2010 00:02:38 -0700

Hello

I am having a serious problem with a website I have developed. My client has recently updated a couple of pages, putting new next in one of the WYSIWYG text editor fields, however whenever this content is updated, a series of 5 backslashes appear next to any apostrophes.

In an attempt to fix this I cleared all text out and updated it, so it should have been a blank page. However it doesn't update, keeping the text and adding a new lot of backslashes. This has only started happening recently and I haven't touched any of the CMS builder files, so wondering what this may be?

The website URL where it's occuring is http://www.minimoko.com.au/ordering/

Thanks for your help

Upgrade issue

Sun, 04 Oct 2009 05:58:57 -0700

Hello

I am currently updating my version of CMS builder for several sites. I have followed all the instructions and have the new version working, however all my database pages don't seem to be getting displayed in the left link panel. The database information also isn't being found and therefore displays errors when the page loads. I have looked at the database and the tables are still there, they just aren't being found. They all have the same 'cms_' prefix which was written to the settings.dat.php file when I installed the new version.

I had uploaded the folder cmsAdmin completely overwriting the existing one, but was wondering if something in this old folder contained the names or paths to these database tables?

The site is an e-commerce site for a small business and therefore cannot be offline for too long, so I have restored the database before the upgrade and reverted to the previous version of CMS builder for now.

If you could tell me where I went wrong or how to fix the problem I would be most appreciative.

Re: [sagentic] Website hack

Sun, 04 Oct 2009 04:13:23 -0700

Hi Kenny, thanks for your quick reply.

To answer your questions:

1. The files that have been identified as being hacked are PHP files. For both sites the index.php file has been affected, and one of the sites has a couple of other PHP files in the root directory that have been edited.

2. I have tried to login to the CMS to obtain the version number, however my client has changed the password for this and the FTP for security reasons and hasn't supplied the new details yet. It was downloaded in February so whatever the latest version was then is what's installed.

3. The line of code put into the PHP was quite simple and calls - . All browsers have alerted that this site poses a security risk and therefore hasn't affected my computer or others as far as I'm aware. It does however mean that the sites are not accessible at present.

One of the sites is a completely Flash driven site, and all the CMS does is provide a front end for the client to enter the data. I then have written a script that converts the database info into XML so that it can be read by Flash. There is no code that actually feeds data into the PHP page for this site. The other site affected however displays database inforamtion using CMS builder functions.

These are both websites for small business and there is no reason why someone would specifically hack them. I think it's something that's automated that's found a loophole in both sites.

I have tested 3 other website I have created that use CMS builder and all have older versions of the CMS (which will soon be updated) and they are fine so far.

The things that the affected sites have in common are:

- Use CMS builder of course
- Have Flash elements in the index.php file
- Have been updated by myself and my client (who does basic site management only such as uploading via FTP and updating via CMS builder).

Thanks for your help and I hope this information can narrow down what the problem is.

Website hack

Sat, 03 Oct 2009 06:00:50 -0700

I have had a couple of sites that use CMS builder come under attack from hackers. It seems that malicious javascript has been added to my PHP files. I have been in contact with the two different hosts for these sites and they both claim it's most likely the CMS that is causing the vulnerability.

The CMS hadn't been updated in about 6 months and I'm wondering in that time if major security updates had been added. Both clients are actually now considering using another CMS package and I'm reluctant to use this program for future clients unless I'm certain CMS builder wasn't the problem or can ensure this won't happen in the future.