Discuss: MyBB 1.02 - Security Update [7/1/2006]
#21
just migrated both to 1.01 then to 1.02...admincp still shows 1.00 though hmmm....
#22
Please consider doing somekind of automation on updates.
I have consistently seen boards that aren't upgraded because it takes an effort and if you forget an upgrade or two - you'll never upgrade because of the effort it takes to apply the updates sequentially.

However much this is an issue of the administrator not doing his job, it will over time mean that mybb will look like it's very vulnurable because there is a certain percentage of boards that never gets patched.

Ideally (I know this isn't an easy job - but it should be done) there would be an 'upgrade to latest' button in the CP which would wget the relevant files and apply each of the patches as required (probably by a script in each patch file).
#23
Updated. Thanks for the hard work!Smile

Christian
[Need Smilies? Get Me Smileys!
#24
any idea why my version check still shows 1.00 even if I have done all the updates?
#25
matzon Wrote:Please consider doing somekind of automation on updates.
I have consistently seen boards that aren't upgraded because it takes an effort and if you forget an upgrade or two - you'll never upgrade because of the effort it takes to apply the updates sequentially.

However much this is an issue of the administrator not doing his job, it will over time mean that mybb will look like it's very vulnurable because there is a certain percentage of boards that never gets patched.

Ideally (I know this isn't an easy job - but it should be done) there would be an 'upgrade to latest' button in the CP which would wget the relevant files and apply each of the patches as required (probably by a script in each patch
The developers cant make an automated system like Windows Update for example as you will need to provide your FTP details in order for the updates to be uploaded/added automatically, unless your host allows anonomous users to upload, which I dought. This is pretty much very insecure and probably not a route the developers want to take!

Although I think having a link/button on the Version Check page saying, Download Updates Now (if there are updates avaible, which when the user clicks the updates start to downloadload, therefore all the user has to do is upload the patched files or update to his/her hosting account rather than having to come here first and thn download the patches.
#26
huh ? - ofcourse they can!!
just file_get_contents to get the file, unzip and run patch script - no account stuff needed at all!
#27
However all MyBB files would need to be writable and this poses a security risk for most users who use shared hosting.

We would also run into difficulties when files have been modified by users.
#28
If the files have the proper rights - the install script can just chmod as needed.
As for changes this could be fixed using checksums for checking modifications, and abort if any were made - as a precaution. People who modify their installation should never run the automatic update anyway and are probably aware of that.

but even if people have modified a file, this may or may not be solvable using diff files instead of complete files.

Currently when updates are as simple as they are this whole ordeal is really insignificant - but once updates gets more hairy like having to extract some files AND run some upgrade scripts it becomes less fun and more prone to errors and updates not being applied.
#29
http://community.mybboard.net/showthread.php?tid=5852 <-- The attachment has disappeared! :'(

I believe this attachment contains the changed files


Attached Files
.zip   mybb102_changed_files.zip (Size: 35.99 KB / Downloads: 333)
#30
installed in under 10 secs... if only all the updates were this easy


Forum Jump:


Users browsing this thread: 1 Guest(s)