FacileForms 1.4.6g and earlier

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Peter Koch
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Thu Aug 18, 2005 8:54 pm

FacileForms 1.4.6g and earlier

Postby Peter Koch » Thu Sep 28, 2006 5:21 am

A cross-site scripting vulnerability has been identified and fixed in the FacileForms 1.4.7 Security Release. The vulnerability required either PHP's register globals to be enabled,  or the RG_EMULATION setting of Joomla/Mambo to on (1) which is unfortunately the default in current joomla and mambo installations. If both register globals as well as RG_EMULATION are off, the exploit was not possible.

It is advised to upgrade to 1.4.7 ASAP, and for your own safety also turn off register globals and RG_EMULATION. FacileForms 1.4.7 is available now in the download section on http://www.facileforms.biz, and there is a patch available for 1.4.6g as well.

rmd
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 233
Joined: Sat Feb 18, 2006 3:31 pm

Re: FacileForms 1.4.6g and earlier

Postby rmd » Thu Sep 28, 2006 1:28 pm

I have a client site that is still on Mambo using FacileForms v. 1.3.1. Does this also apply to Mambo installs? And if so, how do I upgrade? I went to the downloads area, but did not see any patches or instructions for upgrading.

Thanks! :)

Peter Koch
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Thu Aug 18, 2005 8:54 pm

Re: FacileForms 1.4.6g and earlier

Postby Peter Koch » Thu Sep 28, 2006 2:44 pm

Upgrades are absolutely straight forward and painless, from any previous version of facileforms.

Read the details here.

rmd
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 233
Joined: Sat Feb 18, 2006 3:31 pm

Re: FacileForms 1.4.6g and earlier

Postby rmd » Thu Sep 28, 2006 4:37 pm

Thanks for that link! Sounds like it should be easy enough.

Is this new version what I should be using with this old Mambo install? I checked the MamboXchange (or whatever it is called) and it is still listing the same version I have installed as the latest, so I just want to be sure.

Thanks so much for this component!

Peter Koch
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Thu Aug 18, 2005 8:54 pm

Re: FacileForms 1.4.6g and earlier

Postby Peter Koch » Thu Sep 28, 2006 4:56 pm

All FacileForms versions work on any mambo version from 4.5.1a up and any joomla from 1.0.0 up.

However unless you are a security guru who has manually patched that old mambo version agains all known vulnerabilities, I highly recommend to also upgrade it to the latest stable version. And dont forget to check any other 3rd party add-ons for security too; there is a very helpful sticky thead in this forum to check.

jcreid
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Jan 23, 2006 5:40 pm

Re: FacileForms 1.4.6g and earlier

Postby jcreid » Tue Oct 03, 2006 4:36 am

When I try to install the 1.4.7 patch for the 1.4.6g, I get the following errors.

Upload component - Upload Failed 
ERROR: Could not find an XML setup file in the package. 
[ Continue ... ] 
Upload component - Failed 
Installation file not found:
/home/testweb/www/media/install_4521e86a5e403/ 
[ Continue ... ] 

I have tried this on 3 separate Joomla sites with 1.4.6g currently installed and get the same error for each site. 

I am using Joomla 1.0.11.  register_globals is disabled.  RG emulation is set to 0.

Thanks for any help you can provide. 

[UPDATE] I have solved the problem by un-installing 1.4.6g and installing the complete version of 1.4.7. 
Last edited by jcreid on Tue Oct 03, 2006 4:55 am, edited 1 time in total.

Peter Koch
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Thu Aug 18, 2005 8:54 pm

Re: FacileForms 1.4.6g and earlier

Postby Peter Koch » Tue Oct 03, 2006 6:52 am

The patch for 1.4.6g is only one file (facileforms.php) in the zip file that you need to upload with ftp, cpanel filemanager or joomlaXplorer into the directory /components/com_facileforms, replacing the old file. It cannot be installed with the joomla component installer.

If you cant handle this, you should instead uninstall 1.4.6g old version and install 1.4.7 which can both be done by the joomla component installer.
Last edited by Anonymous on Tue Oct 03, 2006 6:53 am, edited 1 time in total.

nickdee
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Oct 09, 2007 11:28 pm

FacileForms

Postby nickdee » Tue Oct 09, 2007 11:50 pm

I use FacileForms on my site and notice all records are stored within facile forms. How do I access the following - e.g. a supplier fills in one form and a customer fills in another - the customer ticks a box which selects 10 suppliers who are listed within a selected category. Now I want the submit button to retrieve the 10 supplier email addresses and send the customer's form to each of the suppliers.
Simple enough, as every site I look at does this. How do I get the customer form to query the database and retrieve the results, as all this querying is being handled inside facile forms and not in joomla core?

User avatar
mihaiachim
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Sun Nov 01, 2009 9:56 pm
Location: Talmaciu, Sibiu, Romania
Contact:

Re: FacileForms 1.4.6g and earlier

Postby mihaiachim » Sat Jan 29, 2011 7:27 pm

Hy there,Mr.Peter Koch,

I need to migrate a site from 1.0.x to 1.5.22 and this have in there this really nice component
Facile Forms but...
I did search over but not find nothing about this component.
Site is down.
May be is a chance to get an answer or second choice is to find other component.
OCC - http://www.occ.ro

Signature rules: Literal URLs only - viewtopic.php?f=8&t=65

stevegd
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Sun Feb 05, 2012 12:45 pm
Contact:

Re: FacileForms 1.4.6g and earlier

Postby stevegd » Tue Feb 07, 2012 12:51 pm

Hi,
I am having a problem, when I set up I get this error:

Code: Select all

DB function failed with error number 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL=select name from jos_facileforms_pieces where id=


perhaps you could give me some guidance on how to fix this?

Thanks


Return to “3rd Party/Non Joomla! Security Issues”

Who is online

Users browsing this forum: No registered users and 2 guests