The Joomla! Forum ™





Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Thu Sep 28, 2006 5:21 am 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Aug 18, 2005 8:54 pm
Posts: 374
A cross-site scripting vulnerability has been identified and fixed in the FacileForms 1.4.7 Security Release. The vulnerability required either PHP's register globals to be enabled,  or the RG_EMULATION setting of Joomla/Mambo to on (1) which is unfortunately the default in current joomla and mambo installations. If both register globals as well as RG_EMULATION are off, the exploit was not possible.

It is advised to upgrade to 1.4.7 ASAP, and for your own safety also turn off register globals and RG_EMULATION. FacileForms 1.4.7 is available now in the download section on http://www.facileforms.biz, and there is a patch available for 1.4.6g as well.


Top
 Profile  
 
PostPosted: Thu Sep 28, 2006 1:28 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sat Feb 18, 2006 3:31 pm
Posts: 232
I have a client site that is still on Mambo using FacileForms v. 1.3.1. Does this also apply to Mambo installs? And if so, how do I upgrade? I went to the downloads area, but did not see any patches or instructions for upgrading.

Thanks! :)


Top
 Profile  
 
PostPosted: Thu Sep 28, 2006 2:44 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Aug 18, 2005 8:54 pm
Posts: 374
Upgrades are absolutely straight forward and painless, from any previous version of facileforms.

Read the details here.


Top
 Profile  
 
PostPosted: Thu Sep 28, 2006 4:37 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sat Feb 18, 2006 3:31 pm
Posts: 232
Thanks for that link! Sounds like it should be easy enough.

Is this new version what I should be using with this old Mambo install? I checked the MamboXchange (or whatever it is called) and it is still listing the same version I have installed as the latest, so I just want to be sure.

Thanks so much for this component!


Top
 Profile  
 
PostPosted: Thu Sep 28, 2006 4:56 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Aug 18, 2005 8:54 pm
Posts: 374
All FacileForms versions work on any mambo version from 4.5.1a up and any joomla from 1.0.0 up.

However unless you are a security guru who has manually patched that old mambo version agains all known vulnerabilities, I highly recommend to also upgrade it to the latest stable version. And dont forget to check any other 3rd party add-ons for security too; there is a very helpful sticky thead in this forum to check.


Top
 Profile  
 
PostPosted: Tue Oct 03, 2006 4:36 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Mon Jan 23, 2006 5:40 pm
Posts: 1
When I try to install the 1.4.7 patch for the 1.4.6g, I get the following errors.

Upload component - Upload Failed 
ERROR: Could not find an XML setup file in the package. 
[ Continue ... ] 
Upload component - Failed 
Installation file not found:
/home/testweb/www/media/install_4521e86a5e403/ 
[ Continue ... ] 

I have tried this on 3 separate Joomla sites with 1.4.6g currently installed and get the same error for each site. 

I am using Joomla 1.0.11.  register_globals is disabled.  RG emulation is set to 0.

Thanks for any help you can provide. 

[UPDATE] I have solved the problem by un-installing 1.4.6g and installing the complete version of 1.4.7. 


Last edited by jcreid on Tue Oct 03, 2006 4:55 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Tue Oct 03, 2006 6:52 am 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Aug 18, 2005 8:54 pm
Posts: 374
The patch for 1.4.6g is only one file (facileforms.php) in the zip file that you need to upload with ftp, cpanel filemanager or joomlaXplorer into the directory /components/com_facileforms, replacing the old file. It cannot be installed with the joomla component installer.

If you cant handle this, you should instead uninstall 1.4.6g old version and install 1.4.7 which can both be done by the joomla component installer.


Last edited by Anonymous on Tue Oct 03, 2006 6:53 am, edited 1 time in total.

Top
 Profile  
 
 Post subject: FacileForms
PostPosted: Tue Oct 09, 2007 11:50 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Oct 09, 2007 11:28 pm
Posts: 3
I use FacileForms on my site and notice all records are stored within facile forms. How do I access the following - e.g. a supplier fills in one form and a customer fills in another - the customer ticks a box which selects 10 suppliers who are listed within a selected category. Now I want the submit button to retrieve the 10 supplier email addresses and send the customer's form to each of the suppliers.
Simple enough, as every site I look at does this. How do I get the customer form to query the database and retrieve the results, as all this querying is being handled inside facile forms and not in joomla core?


Top
 Profile  
 
PostPosted: Sat Jan 29, 2011 7:27 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Nov 01, 2009 9:56 pm
Posts: 22
Location: Talmaciu, Sibiu, Romania
Hy there,Mr.Peter Koch,

I need to migrate a site from 1.0.x to 1.5.22 and this have in there this really nice component
Facile Forms but...
I did search over but not find nothing about this component.
Site is down.
May be is a chance to get an answer or second choice is to find other component.

_________________
OCC - http://www.occ.ro

Signature rules: Literal URLs only - viewtopic.php?f=8&t=65


Top
 Profile  
 
PostPosted: Tue Feb 07, 2012 12:51 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Feb 05, 2012 12:45 pm
Posts: 14
Hi,
I am having a problem, when I set up I get this error:
Code:
DB function failed with error number 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL=select name from jos_facileforms_pieces where id=


perhaps you could give me some guidance on how to fix this?

Thanks


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 



Who is online

Users browsing this forum: psbot [Picsearch] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group