MiniCMS - Security Concerns

[Joe Carver]

Posted with the understanding that this is not a supported plugin.

MiniCMS uses third party software, FCKeditor to operate. A version (2.3?) is included with the plugin.

FCKeditor has been updated since this plugin was packaged with version 2.3. It is now at revision 2.6.5 (stable).
Some of the releases have been security related.

    *****

I have tried the plugin  with the latest stable release of FCKeditor. It seems to work well, but I do not have enough experience with it to issue a final judgment.

1) Backup the plugin on your server - plugins/minicms/
2) Download, unzip and upload FCKeditor package to plugins/minicms/fckeditor - DO NOT upload the _sample folder
3) Upload file plugins/minicms/fckeditor/style.xml from your backup to plugins/minicms/fckeditor/ on your server

   *****
References - Links

FCKeditor 2.6.5, released on 21 September 2009
http://ckeditor.com/download

Bugtraq Listings - FCKeditor

[Joachim Müller]

Could you come up with a revised package of the MiniCMS plugin that contains the editor component in the most recent version? Thanks in advance.

[Joe Carver]

Revised package completed. New revision is 1.81

Changes

- Update to FCKeditor 2.6.5
- Noted + marked in CHANGELOG and file headers - rev. 1.81
(note: existing package had varied rev. numbers in files)

Comment - It's a very useful, well written plugin!

Zip file is too large for attachment in this forum.
I have created a temporary link to the file.

[edit - link removed]
Download from here: (http://)  gallery.josephcarver.com/natural/cpg1.4.x_plugin_minicms_1.81.zip[/edit]

Please reply when you have successfully downloaded a copy (so the link can be removed) - thanks

[Joachim Müller]

Thanks. I have attached the file to my posting.

[Joe Carver]

You are welcome.

I hope that the "experienced enthusiasts" of this plugin will see no degradation in performance.