Security Updates for PHPFox v2.1.0, v3.4.1, v3.5.1

Posted May 27, 2013 by Raymond Benc

This is a security update for PHPFox v2.1.0, v3.4.1, v3.5.1. Before attempting an upgrade of any kind make sure you backup your website. This includes your sites database.

This update provides a security patch for the aforementioned versions. The new builds for each version will be…
*v2.1.0build4
*v3.4.1build3
*v3.5.1build4

If you are running any build from one of the specified versions you can simply upgrade your site by downloading the latest version of that package and then uploading all the contents found within the “upload/” folder to your sites root directory. Make sure it overwrites the default files. We have provided a list of modified files, which you can find at the end of this blog.

You can access the new files by visiting our clients area:
http://www.phpfox.com/account/
Once you login, click on one of your licenses and download the correct package for the version you have installed.

If you are not running one of the specified versions you can upgrade using the conventional upgrade routine. More information here:
http://www.phpfox.com/kb/article/136/upgrading-the…

Those on v3.5.1buildX

If you are running an earlier build of v3.5.1 this update will include all the security fixes/improvements as well as the following bug fixes…
http://www.phpfox.com/tracker/view/13483/
http://www.phpfox.com/tracker/view/13515/
http://www.phpfox.com/tracker/view/13528/
http://www.phpfox.com/tracker/view/13529/
http://www.phpfox.com/tracker/view/13486/
http://www.phpfox.com/tracker/view/13499/
http://www.phpfox.com/tracker/view/13540/
http://www.phpfox.com/tracker/view/13549/
http://www.phpfox.com/tracker/view/13587/

Securing your Site

To find out what is new and how to you secure your site check out this article:
http://www.phpfox.com/kb/article/531/phpfox-securi…

It is crucial that you enable the HTML Purifier feature we have provided if your site allows HTML. This will be default in v3.6.0.

Modified Files

You can find the list of modified files here:
http://www.phpfox.com/tracker/changes/1/

Manually Patching your Site

Please note we do not advice to manually patch your site, however for those who have heavily modified sites this might be the only option.

If you are running one of the versions mentioned in this blog you can alternatively manually patch your site by first downloading the latest build of the version you have installed from our clients area:
http://www.phpfox.com/account/

Unzip and open the “upload/include/library/” folder. Look for and upload the folder “htmlpurifier” to the directory “include/library/” on your server. Double check that this
folder ends up in the correct directory.

Next, on your computer navigate to the folder “upload/include/setting/“. You will find 2 files.
1) htmlpurifier.sett.php.new
2) security.sett.php.new
Upload both files to the folder “include/setting/” on your server.

Now you can visit the list of modified files here:
http://www.phpfox.com/tracker/changes/1/
Using this list as a reference make sure to upload each file from the local build you downloaded earlier from our clients area to your server and make sure it replaces the file on the server.

That should complete the install of this patch.