Hello Community,
[A German translation is available.]
I have to confirm the security warning of Gert Ebersbach regarding Plugins, Addons and Templates from 3-magi.net, that some of my latest plugins (beta versions) allow to access the plugin adminstration without authentication, when used in CMSimple (all versions) and CMSimple_XH < 1.5.4.
Of course, I will make updates available as soon as possible, which will fix this issue. I've hade emailed Gert asking for details on how to best deal with the issue, but he didn't answer to me directly. Obviously, he does not want that I write plugins for CMSimple. So all my future releases will work solely in CMSimple_XH. Even if all my existing plugins explicitely state that they require CMSimple_XH (and the minimum version), I will do my best to check for unsupported versions and variants of CMSimple, and let the plugin act appropriately.
I recommend to immediately uninstall my plugins from systems which do not fulfill the plugin requirements as stated in the manual (aka. help files). There will be neither bugfix releases nor security patches from me, which allow you to run the plugins under unsupported systems.
Another option is to upgrade to a supported version of CMSimple_XH.
Sorry for the inconvenience,
Christoph
http://3-magi.net/
Plugins, Addons and Templates from 3-magi.net
Plugins, Addons and Templates from 3-magi.net
Last edited by cmb on Mon Jun 30, 2014 3:39 pm, edited 1 time in total.
Reason: added link to German translation
Reason: added link to German translation
Christoph M. Becker – Plugins for CMSimple_XH
Re: Plugins, Addons and Templates from 3-magi.net
great to see you are on top of it matey 
the trust is always with XH coders to bring cmsimple to where it is now
can i just confirm something, did gert's forum show this, without advising XH developers ?
the trust is always with XH coders to bring cmsimple to where it is now
can i just confirm something, did gert's forum show this, without advising XH developers ?
Re: Plugins, Addons and Templates from 3-magi.net
There are plugins
Plugins nr 3 could check, on which system they are and adjust some internal processes so that they function correctly with the system.
A marker would be helpful, as neither XH nor Gert's version look like going to disappear in the near future, and a name change of CMSimple_XH seems most unlikely. Rather, it looks like the present situation may continue for some time to come
What about
- that are supposed to work on both XH and CMSimple 4.x
- that are supposed to work only on XH
- that are supposed to work only on CMSImple4.x
Plugins nr 3 could check, on which system they are and adjust some internal processes so that they function correctly with the system.
A marker would be helpful, as neither XH nor Gert's version look like going to disappear in the near future, and a name change of CMSimple_XH seems most unlikely. Rather, it looks like the present situation may continue for some time to come
What about
Code: Select all
$cms = defined('CMSIMPLE_VERSION')
? 'CMSimple 4.x detected'
: 'CMSimple_XH detected'; Re: Plugins, Addons and Templates from 3-magi.net
At least, Gert didn't advise me.mikey wrote:can i just confirm something, did gert's forum show this, without advising XH developers ?
Even if one of the names would change to something completely different, that wouldn't solve the issue per se. So a marker would indeed be helpful. I'm not even against introducing another marker to CMSimple_XH (even though there are already CMSIMPLE_XH_VERSION et. al.). Of course, a plugin could check itself for e.g. defined(CMSIMPLE_VERSION), but is there any guarantee that this won't change? And besides, that would not solve the issue for classic CMSimple and CMSimple classic, which still is in use.svasti wrote:A marker would be helpful, as neither XH nor Gert's version look like going to disappear in the near future, and a name change of CMSimple_XH seems most unlikely.
Regarding plugin nr 2, I think it is best to do the following check:
Code: Select all
defined(CMSIMPLE_XH_VERSION) && strpos(CMSIMPLE_XH_VERSION, 'CMSimple_XH') === 0Christoph M. Becker – Plugins for CMSimple_XH
Re: Plugins, Addons and Templates from 3-magi.net
I just looked at Gert's code, which has:
I understand that he has CMSIMPLE_XH_VERSION, because he starts out with XH 1.5.3, but then he should rather stay with the original:
Now XH has
So it should be possible for a plugin to determine if XH is used.
Code: Select all
// version-informations
define('CMSIMPLE_XH_VERSION', 'CMSimple 4.4.3'); //for compatibility CMSimple_XH
define('CMSIMPLE_XH_BUILD', 2014060801); //for compatibility CMSimple_XH
define('CMSIMPLE_XH_DATE', '2014-06-08'); //for compatibility CMSimple_XH
define('CMSIMPLE_VERSION', 'CMSimple 4.4.3');
Code: Select all
define('CMSIMPLE_XH_VERSION', 'CMSimple_XH 1.5.3');
define('CMSIMPLE_XH_BUILD', 2012031901);
define('CMSIMPLE_XH_DATE', '2012-03-19');
Now XH has
Code: Select all
define('CMSIMPLE_XH_VERSION', 'CMSimple_XH 1.6.2');
define('CMSIMPLE_XH_BUILD', '2014052201');
define('CMSIMPLE_XH_DATE', '2014-05-22');
Re: Plugins, Addons and Templates from 3-magi.net
+ 1svasti wrote:I understand that he has CMSIMPLE_XH_VERSION, because he starts out with XH 1.5.3, but then he should rather stay with the original:Code: Select all
define('CMSIMPLE_XH_VERSION', 'CMSimple_XH 1.5.3'); define('CMSIMPLE_XH_BUILD', 2012031901); define('CMSIMPLE_XH_DATE', '2012-03-19');
Christoph M. Becker – Plugins for CMSimple_XH