September 25th, 2006
Security Fix and Performance Enhancements
The Exponent Content Management Development Team has released a patch in response to to the vulnerability posted in the following security bulletin.
Patches have been released for 96.3. They can be downloaded from the links listed below.
Also bundled below for download is a patch that contains a performance enhancement that skips a lot of unnecessary permisson checks for users who are not logged in.
Patches are not being release for 96.5 since it is still, technically, in beta. The fix and performance enhancements will be included in the upcoming GA release.
Users running 96.5 wanting to patch the security bug immediately can do so by following the instructions listed below.
Links to the Exponent Content Management 96.3 Security & Performance Patches.
Instructions for Installing Patches on 96.3
1. Download the patch(es).
2. Go to your Exponent CMS site and login in as an admin user.
3. Go to the Administration Control Panel.
4. Click the Upload Extension link.
5. Upload the Patch
Instructions for Installing on 96.5
1. Edit the subsystems/template.php
2. Find the exponent_template_getModuleViewFile() function.
3.. Find the following lines...
function exponent_template_getModuleViewFile($module,$view,$recurse = true) {
$langdir = (LANG == 'en' ? '' : LANG . '/');
and add the following line so it looks like this
function exponent_template_getModuleViewFile($module,$view,$recurse = true) {
$langdir = (LANG == 'en' ? '' : LANG . '/');
if (stristr($view, "/")) $view = DEFAULT_VIEW;
4. Save & Exit the file.
Thanks,
The Exponent Content Management System Dev Team
Related CMS news: