Made to Order Software Corporation - issue

Security Issue in many mail systems

Alexis Wilke — Wed, 06 Jul 2011 20:04:42 +0000

It always amazes me when one finds a security issue that looks like something that should never have happened in the first place.

This one was found earlier this year by Wietse Venema who first discovered the issue in Postfix.

He fixed the Postfix server quickly, however, he went further. He actually tested many other servers sending commands that bypass that very security measure and to his surprised he found out that Postfix wasn't the only system affected by the problem.

For those interested, all the details of the problem can be found on the Postfix website as CVE-2011-411.

Simplemenu Upgrade Path

Alexis Wilke — Sat, 11 Jun 2011 20:23:51 +0000

Version 7.x

Version 7.x-1.x-dev is a starting point... It is not complete, although it shows you a functional Management menu as a dropdown. More to come as time allows... See issue [#791664] for more info.

Version 6.x

Version 6.x-1.13 fixes the vertical menu problem which had to do with CSS caching getting lost.

Version 6.x-1.10 to 6.x-1.12 fixes the non-called theme() function versus the other sub-modules that have callbacks through the theme() calls. However, we really need to have callbacks instead. Added horizontal and vertical themes. Attempts to fix to the vertical menu problem

Upgrade to PHP 5.3.3 or older because of security issue

Alexis Wilke — Fri, 10 Jun 2011 00:26:19 +0000

If you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:

sudo apt-get install php5-suhosin

This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.

What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from source!

MobileKey addition to ThemeKey

Alexis Wilke — Mon, 16 May 2011 18:59:11 +0000

The main idea of MobileKey is to give you the capability to switch your website theme to a mobile specific theme when the user access your site from one's mobile phone. A mobile theme will make it easier to access your website on a mobile device.

For go to the ThemeKey settings page:

Administer » Site configuration » ThemeKey

The MobileKey adds one selection to the list of attributes to match. The new selection is called:

mobile:device

This works everywhere on your website (it is a global option, not specific to any kind of pages.) The system checks different parameters to

Drupal Aggregator

Alexis Wilke — Tue, 05 Apr 2011 17:25:46 +0000

The default Aggregator Drupal module does not work very well. There are several problems with the Drupal Core module, one of which we have not fixed in our version (i.e. the flatness of the item table.)

There is a list of the known issues and our comments and whether we fixed the problem:

Problem	Solution in m2osw's version of Aggregator
Missing XML marker	The <?xml ... ?> marker is missing from some RSS feeds, add it as required
Spurious ...

How to bypass Drupal strong security?

Alexis Wilke — Fri, 18 Feb 2011 00:45:31 +0000

Interestingly enough, today I received a Security Advisory from Drupal saying that users received an email from a hacker asking them to install a Trojan module on their Drupal system.

I find it quite interesting since, if Drupal wasn't secure, the hackers would not have to ask you to make it unsecure, would they?

However, this shows how many CMS systems introduce a security issue problem to your web server installation since it is required to let your web server execute any one PHP file...

All the files installed on your web server and that are directly accessible from the outside (i.e. ...

"Ruthing" of your Avatar

Doug Barbieri — Wed, 04 Aug 2010 23:37:07 +0000

Hi all,

With the release of Linden Lab's Viewer 2, an issue has cropped up for users of SLiteChat. Presently, SLiteChat does not attempt to rez your avatar in-world. With pre-2.0 viewers, this was never an issue (the AV just appears as a ghosty-blob). However, Viewer 2.0 handles in-world rendering a little differently than pre-viewer 2 and other viewers like Snowglobe and Emerald. This results in a fully dressed AV that has the default "Ruth" body (i.e. if you have a male avatar, it will appear as female, hovering in the air, to users of Viewer 2 who try to look at you).

Simplemenu Inactive Parents

Alexis Wilke — Sat, 31 Jul 2010 20:34:36 +0000

Description

A simple menu is composed of parent menus and children menus. A child has no drop-down menu and a parent does.

By default all the menu items are active, meaning that they all are links one can click on to reach the corresponding destination.

This simplemenu extension allows for turning the link off by replacing the anchor reference in a named anchor. The HTML tag being the same, the simplemenu looks the same, but the item cannot be clicked.

At this time, there is no option to make some of the parent items clickable and others not.

Setup

There is no settings for this module.

jsMath Security Issue

Alexis Wilke — Sun, 18 Jul 2010 08:18:28 +0000

Security Issue

A security issue was found in all versions of jsMath before 2.x-dev for Drupal 6.x of Jul 29, 2010.

You may still securely use older versions of jsMath on private websites and websites were you are the only user (as in, the only one who can log in.)

The Drupal Security Advisory issue is here: http://drupal.org/node/854402

jsMath Installation

Alexis Wilke — Sat, 17 Jul 2010 23:17:50 +0000

Requirements

In order to use the jsMath for displaying mathematics with TeX Drupal 6.x module you need:

The actual jsmath Drupal module
The jsMath library