A security vulnerability for Enthusiast 3 has been detected a few days back, and I’ve been notified just tonight about it. I do have a security fix up, and with that said — Enthusiast 3.1.5 is an important security upgrade, most especially if your server has
Before I get on with the upgrade instructions after the cut, I would like to take this time to say I apologize for the lack of updates and the sudden hiatus of Frontend Friday — I’ve moved houses and things have been rather crazy the past couple weeks. I haven’t forgotten this blog, I swear ;)
And now for the upgrade instructions. This is all in the upgrade zip, not to worry. :)
Important notice: the upgrade is not as simple as the previous upgrades, hence the additional instructions. Do not blindly overwrite your
- Overwrite the following files on your Enthusiast 3 main installation using the files found in the upgrade zip:
- Open the
config.phpfile found in this zip and fill in your database information. For each listing you own, you must overwrite your
config.phpfile for that listing with this new configuration file. Please don’t forget to change the listing ID variable to the correct listing ID!
- The following may be optional, depending on your setup, but highly recommended for forward compatibility and ensured security — you will need to update your code snippets to use the PHP constant
ENTH_PATHinstead of the PHP variable
$path, like so:
<?php include 'config.php'; $show_list = false; include ENTH_PATH . 'show_joined.php'; ?>
install.txtfile included in the upgrade zip will contain all the new code snippets if you need to take a look.
Please upgrade your Enthusiast installations as soon as possible. If you encounter issues with this upgrade, please feel free to post comments regarding the issues.
Remember: You must also overwrite the config file found in your collective. Basically, all configuration files except for the one inside your Enth3 administration panel will need to be updated.
Remember #2: By “code snippets”, I mean all code snippets, including the collective code snippets, and the fanlisting code snippets. In that regards, it means that the config file for your collective and each of your fanlistings will need to be updated. The process is similar to when you first set up your websites — take the config file with the commented listing ID line and put it in the collective web root, and then take the same config file, uncomment the listing ID line and plug in the correct ID, and put it in the listing web root. Rinse and repeat. :)