4.2.2 Patch

[ozzy47]

Any and all patched are available at vB.com in your customer area.

[patracy]

Well all I've found is the patch for 4.2.2 for the CMS exploit. I was just wondering if anyone had a patch for 4.2.1 PL1 instead of going through 4.2.2. Guess I'm going to have to just move to 4.2.2 instead.

[ozzy47]

Yeah I would upgrade to 4.2.pl2 for sure. There is known security vulnerabilities in anything older.

[HM666]

Quote:

Originally Posted by cellarius

Not if you were smart about it. Using tools like Template Modification System (TMS), creating good documentation along the way. Upgrading could be a real pain during the early vB4 releases, I agree - but you really should not run those anyway, bugwise. But if you have file edits that make overwriting the original files of the same version a real pain, then you're most likely doing it wrong. Given the plugin system there is not much need for file edits, but if you do them, keep them properly documented and use diff tools.

Which is a stupid suggestion, really.

Agreed. I've never really understood someone who goes and heavily codes into the hard PHP files unless absolutely necessary. I've had MANY heavily modified forums and NEVER had to touch the core files ever. Even when installing mods. Oh and I stayed away from mods like the auto template system mod mentioned by cellarius its super buggy and why have another query or install another mod and open yourself further for potential risks for things that you can manually yourself if you just read the directions from what ever mod you are installing?

[cellarius]

Quote:

Originally Posted by HM666

auto template system mod mentioned by cellarius its super buggy

It is most definitely not.

Quote:

and why have another query

There's no additional query added.

Quote:

or install another mod and open yourself further for potential risks

If a person has access to your AdminCP, then TMS is most likely the last thing he will use to exploit your site

I'm pretty sure you have not quite understood how TMS works...

[HM666]

Quote:

Originally Posted by cellarius

It is most definitely not.

There's no additional query added.

If a person has access to your AdminCP, then TMS is most likely the last thing he will use to exploit your site

I'm pretty sure you have not quite understood how TMS works...

First, when you install ANY mod or hack outside of vBulletin you are opening yourself for a potential risk. This has been stated in several places on this site as well as vBulletin.com. Having files other than vBulletin files opens your risk giving hackers a possible way to gain access into your site/server. Some hacks have better safeguards in place than others. Some people who create mods do not always know what they are doing, some do. I've never used the TMS mod personally on one of my sites and never will because I do not need to have a secondary mod do something that I can do myself. I see no use in it personally. I've had client's who have come to me in the past with the TMS mod installed with some pretty major problems and complaints that they could not upgrade vBulletin or do other things because of that mod. And when I went through a trouble shooting process I found that it WAS that mod causing the problem.

I do not allow other people in my own AdminCP. There is no use for that for me. So saying that someone cannot gain access while going into your AdminCP does not apply. Also you run a risk of allowing someone in your AdminCP, but I doubt if the TMS is going to stop them from hacking the site.

If the TMS mod is your mod and you are getting your feathers ruffled because I said it was buggy then I'm sorry but in my experience it has been buggy in the past. It may not be so now, but it has been before.

[cellarius]

No, it's not my mod - its by Andreas, who without doubt is one of the best vB coders. From what you write, it is very obvious that you neither have any idea what TMS does, nor why it is superior to how vB4 handles template changes. I do not want to sell anything to you - it was you dropping into this thread while adimittedly having little idea what you were warning people off about.