What about security?
Add-on Install & Upgrade 1.4.3
- Thread starter Chris D
- Start date
giorgino
Well-known member
I don't know, sorry...
Server Error
copy(./library/WidgetFramework/Option.php) [function.copy]: failed to open stream: Permission denied
And I'm worried with the security outcome.
copy(./library/WidgetFramework/Option.php) [function.copy]: failed to open stream: Permission denied
- XenForo_Application::handlePhpError()
- copy() in AddOnInstaller/Model/AddOn.php at line 60
- AddOnInstaller_Model_AddOn->recursiveCopy() in AddOnInstaller/Model/AddOn.php at line 64
- AddOnInstaller_Model_AddOn->recursiveCopy() in AddOnInstaller/Model/AddOn.php at line 64
- AddOnInstaller_Model_AddOn->recursiveCopy() in AddOnInstaller/ControllerAdmin/AddOn.php at line 223
- AddOnInstaller_ControllerAdmin_AddOn->actionInstallUpgrade() in XenForo/FrontController.php at line 310
- XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 132
- XenForo_FrontController->run() in /home/phcorner/public_html/admin.php at line 13
And I'm worried with the security outcome.
TPerry
Well-known member
Chris, one thing I am noticing is that it is showing updates available for several packages. I go and update them and the alert disappears for most, but as soon as the CRON job runs they show back up. These were actually installed via the add-on using the resource manager remote install so they "should" be the latest versions.
TPerry
Well-known member
If you have Cpanel, it's easy to do.Oh, you have ssh access, me don't have
Just go to your File Manager and when you open it you should see the directory structure for the domain you chose to work on.
Once there there is a button up top for permissions. I don't think you can change ownership from CPanel tho'.
If you have Cpanel, it's easy to do.
Just go to your File Manager and when you open it you should see the directory structure for the domain you chose to work on.
Once there there is a button up top for permissions.
Yes, I know.
But I'm worried with the security outcome.
Yeah as explained in the add-on description... this will be where a developer hasn't changed the version number for their add-on.Chris, one thing I am noticing is that it is showing updates available for several packages. I go and update them and the alert disappears for most, but as soon as the CRON job runs they show back up. These were actually installed via the add-on using the resource manager remote install so they "should" be the latest versions.
If there is any difference whatsoever between the version number of the add-on that you've installed and the version number on the Resource Manager then it will think there is an update available.
My suggestion is to use the "Ignore This Update" button
You won't get reminded until there is another update.
TPerry
Well-known member
But the problem is they WERE installed via the resource manager. I did not manually download them and install via FTP or by the .ZIP file locally., so they should have the correct version number.Yeah as explained in the add-on description... this will be where a developer hasn't changed the version number for their add-on.
If there is any difference whatsoever between the version number of the add-on that you've installed and the version number on the Resource Manager then it will think there is an update available.
My suggestion is to use the "Ignore This Update" button
Just a very important point:
There are ways of doing this which are secure, and ways of doing this that aren't so secure.
My recommendation is that you fully understand and research the impact of any changes that you make to file permissions before making them. I won't accept any responsibility if you leave your server wide-open. If you don't understand how to make it safe, please do not make the changes at all.
I do not profess to understand which methods are or aren't secure. I'm not an expert with server configuration outside of Windows so either: Speak to someone who does, speak to your host or do not install the add-on
Or... do install the add-on. The update checker is handy. But install add-ons manually.
There are ways of doing this which are secure, and ways of doing this that aren't so secure.
My recommendation is that you fully understand and research the impact of any changes that you make to file permissions before making them. I won't accept any responsibility if you leave your server wide-open. If you don't understand how to make it safe, please do not make the changes at all.
I do not profess to understand which methods are or aren't secure. I'm not an expert with server configuration outside of Windows so either: Speak to someone who does, speak to your host or do not install the add-on
Or... do install the add-on. The update checker is handy. But install add-ons manually.
Compare the version number in the Resource Manager to the version number of the add-on you have installed.
If it's different, then the add-on developer hasn't updated the version number of the add-on.
The Dark Wizard
Well-known member
I added links to addons on here that do not have the file on the RM but instead are paid addons to see what it does and I get this error now when ever I click on update(Which won't go away so I have a button stuck there)
Trying to get property of non-object
XenForo_Application::handlePhpError() in AddOnInstaller/Model/AddOn.php at line 326
AddOnInstaller_Model_AddOn->checkForUpdate() in AddOnInstaller/ControllerAdmin/AddOn.php at line 345
AddOnInstaller_ControllerAdmin_AddOn->actionCheck() in XenForo/FrontController.php at line 312
XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 132
XenForo_FrontController->run() in /home/rpdom/public_html/admin.php at line 13
Trying to get property of non-object
XenForo_Application::handlePhpError() in AddOnInstaller/Model/AddOn.php at line 326
AddOnInstaller_Model_AddOn->checkForUpdate() in AddOnInstaller/ControllerAdmin/AddOn.php at line 345
AddOnInstaller_ControllerAdmin_AddOn->actionCheck() in XenForo/FrontController.php at line 312
XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 132
XenForo_FrontController->run() in /home/rpdom/public_html/admin.php at line 13
lms
Well-known member
Hi, Chris:
This link http://xenforo.com/community/resources/%C2%BFeres-humano-combatir-el-spam-spanish-install.1211/ is not recognized as resource manager valid URL.
This url is in Resource Manager in
http://xenforo.com/community/resources/¿eres-humano-combatir-el-spam-spanish-install.1211/
This is recognized as valid resource manager url: http://xenforo.com/community/resources/eres-humano-combatir-el-spam-spanish-install.1211/
How to fix this?
Salud2
This link http://xenforo.com/community/resources/%C2%BFeres-humano-combatir-el-spam-spanish-install.1211/ is not recognized as resource manager valid URL.
This url is in Resource Manager in
http://xenforo.com/community/resources/¿eres-humano-combatir-el-spam-spanish-install.1211/
This is recognized as valid resource manager url: http://xenforo.com/community/resources/eres-humano-combatir-el-spam-spanish-install.1211/
How to fix this?
Salud2
Arkshine
Active member
Chris, I've some trouble, where the addon doesn't seem to install. Tried for example with Xentag. I've the 1.5.2 installed and the latest is the 1.5.3. Your addon detects, I update, cache has been rebuilt, the notice disappears, but when I see the plugin list at home, Xentag is still set to 1.5.2. It seems it has not been installed. If I check update, notice is back. I have no errors. Did I miss something ?
TPerry
Well-known member
XenAtendo More is showing 1.01 (the latest on the site is 1.1.0c). It is only showing as 1.1.0 in the add-on installer.
LogInUserLocks is showing as 1.0.1. Latest on the site is showing as 1.0.01.
TacAnyAPI is showing as 1.0.2. Latest on site is showing as 1.0.2c (this one was installed by Option 2 in the add-on).
Exactly.
The thing is, the Add-on Installer isn't psychic
It can only go on the information it has available. This is what I mean:The add-on author has two places to enter the current "version string". The first is when they're creating the add-on and this is saved into the XML file. The second is when they add the resource to the Resource Manager or update the resource.
Let's take XenAtendo More as an example.
In the XML file, it is listed as version 1.01:
In the Resource Manager it is listed as 1.1.0c:
As far as my add-on is concerned the versions are different therefore there must be an update. But... clearly what's actually happened is the developer hasn't changed the version number in the XML file.
This happens sometimes and the Add-on Installer cannot do anything about it.
All you can do, is if it says there's an update available and there isn't (because the developer hasn't kept the version numbers in sync) then you should "Ignore the Update" which is available from the Update screen.
If you do that, you will not get notified of an update for that add-on until the version number in the Resource Manager changes again.
TPerry
Well-known member
And I thought he told me that he had fixed it - but maybe that was with another problem I was having. In the grand scale of things for me right now, it's not a major deal... right now I'm teaching myself how to set up a VPS (have only played with local Linux boxes and those with a graphical front end). So far, I've got the web server up and GeoIP working.
Now I'm battling with iptables.
<no head spinning smiley so this was as close as I could get>I kinda figured it might be pulling the data out of the .XML file at some point, and that the numbers were snafu'd somewhere in the mix. Thanks!
DaiAku
Active member
I'm new too so I understandA little new at this, if somebody can point me in the right direction to fix this error it would be much appreciated , thanks
. You need to change you server permissions. Ask you server admin - and make sure it is opened up safely. Some details are above in the thread.
Gopala Subramanium
Active member
Hi, My username is sgopala@gmail.com and it gives me this error "Login to XenForo.com has failed. Make sure you login with your XenForo username and password.". Please help. Thanks,
Similar threads
- Question
