Page 1 of 1

FacileForms 1.4.6g and earlier

Posted: Thu Sep 28, 2006 5:21 am
by Peter Koch
A cross-site scripting vulnerability has been identified and fixed in the FacileForms 1.4.7 Security Release. The vulnerability required either PHP's register globals to be enabled,  or the RG_EMULATION setting of Joomla/Mambo to on (1) which is unfortunately the default in current joomla and mambo installations. If both register globals as well as RG_EMULATION are off, the exploit was not possible.

It is advised to upgrade to 1.4.7 ASAP, and for your own safety also turn off register globals and RG_EMULATION. FacileForms 1.4.7 is available now in the download section on http://www.facileforms.biz, and there is a patch available for 1.4.6g as well.

Re: FacileForms 1.4.6g and earlier

Posted: Thu Sep 28, 2006 1:28 pm
by rmd
I have a client site that is still on Mambo using FacileForms v. 1.3.1. Does this also apply to Mambo installs? And if so, how do I upgrade? I went to the downloads area, but did not see any patches or instructions for upgrading.

Thanks! :)

Re: FacileForms 1.4.6g and earlier

Posted: Thu Sep 28, 2006 2:44 pm
by Peter Koch
Upgrades are absolutely straight forward and painless, from any previous version of facileforms.

Read the details here.

Re: FacileForms 1.4.6g and earlier

Posted: Thu Sep 28, 2006 4:37 pm
by rmd
Thanks for that link! Sounds like it should be easy enough.

Is this new version what I should be using with this old Mambo install? I checked the MamboXchange (or whatever it is called) and it is still listing the same version I have installed as the latest, so I just want to be sure.

Thanks so much for this component!

Re: FacileForms 1.4.6g and earlier

Posted: Thu Sep 28, 2006 4:56 pm
by Peter Koch
All FacileForms versions work on any mambo version from 4.5.1a up and any joomla from 1.0.0 up.

However unless you are a security guru who has manually patched that old mambo version agains all known vulnerabilities, I highly recommend to also upgrade it to the latest stable version. And dont forget to check any other 3rd party add-ons for security too; there is a very helpful sticky thead in this forum to check.

Re: FacileForms 1.4.6g and earlier

Posted: Tue Oct 03, 2006 4:36 am
by jcreid
When I try to install the 1.4.7 patch for the 1.4.6g, I get the following errors.

Upload component - Upload Failed 
ERROR: Could not find an XML setup file in the package. 
[ Continue ... ] 
Upload component - Failed 
Installation file not found:
/home/testweb/www/media/install_4521e86a5e403/ 
[ Continue ... ] 

I have tried this on 3 separate Joomla sites with 1.4.6g currently installed and get the same error for each site. 

I am using Joomla 1.0.11.  register_globals is disabled.  RG emulation is set to 0.

Thanks for any help you can provide. 

[UPDATE] I have solved the problem by un-installing 1.4.6g and installing the complete version of 1.4.7. 

Re: FacileForms 1.4.6g and earlier

Posted: Tue Oct 03, 2006 6:52 am
by Peter Koch
The patch for 1.4.6g is only one file (facileforms.php) in the zip file that you need to upload with ftp, cpanel filemanager or joomlaXplorer into the directory /components/com_facileforms, replacing the old file. It cannot be installed with the joomla component installer.

If you cant handle this, you should instead uninstall 1.4.6g old version and install 1.4.7 which can both be done by the joomla component installer.

FacileForms

Posted: Tue Oct 09, 2007 11:50 pm
by nickdee
I use FacileForms on my site and notice all records are stored within facile forms. How do I access the following - e.g. a supplier fills in one form and a customer fills in another - the customer ticks a box which selects 10 suppliers who are listed within a selected category. Now I want the submit button to retrieve the 10 supplier email addresses and send the customer's form to each of the suppliers.
Simple enough, as every site I look at does this. How do I get the customer form to query the database and retrieve the results, as all this querying is being handled inside facile forms and not in joomla core?

Re: FacileForms 1.4.6g and earlier

Posted: Sat Jan 29, 2011 7:27 pm
by mihaiachim
Hy there,Mr.Peter Koch,

I need to migrate a site from 1.0.x to 1.5.22 and this have in there this really nice component
Facile Forms but...
I did search over but not find nothing about this component.
Site is down.
May be is a chance to get an answer or second choice is to find other component.

Re: FacileForms 1.4.6g and earlier

Posted: Tue Feb 07, 2012 12:51 pm
by stevegd
Hi,
I am having a problem, when I set up I get this error:

Code: Select all

DB function failed with error number 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL=select name from jos_facileforms_pieces where id=
perhaps you could give me some guidance on how to fix this?

Thanks