× Warning! This forum is in archival status. New contributions may not work.
Campsite Security Fix for 3.2 and above
  • Patch released 30.04.10

    We have received a report about a security vulnerability in Campsite. The affected versions are 3.2 and higher. Instructions for fixing it are available below.

    If you have any questions about the security fix please do not hesitate to contact us at contact@sourcefabric.org.

    Here are the instructions for fixing the security hole:

    You will find two files attached to this post:
    - campsite_security_fix-20100430.patch
    - campsite_security_fix_files-20100430.tar.gz

    You can either:
    1. Unpack the campsite_security_fix_files-20100430.tar.gz
    2. This will give you ArticleAttachment.php and attachments.php
    files.
    3. Overwrite the following files with the new ones:

    classes/ArticleAttachment.php and
    javascript/tinymce/plugins/campsiteattachment/attachments.ph p


    OR

    Use the campsite_security_fix-20100430.patch:

    1) Change to your Campsite document root (e.g. /var/www/campsite/)
    $ cd /var/www/campsite

    2) Apply the patch
    $ patch -p1 < /path/to/campsite_security_fix.patch

    For more details, please see http://www.campware.org/en/camp/campsite_news/832/
  • 1 Comment sorted by
  • Users of Campsite 3.2.x should first upgrade to 3.3.5 (the latest version) and then apply the patch from there. Instructions on upgrading are in the Campsite manual under "Upgrades" here. I know this is extra work, but this vulnerability is very serious and needs to be fixed immediately.
    Douglas Arellanes
    Director of Innovation
    Sourcefabric, o.p.s.

    Find a way or make one.