Just to make it abundantly clear : from now on, all security-related reports should be logged on Hackerone. The other form will be deactivated.
could it be that the file is too large? I admit that 100K is small
I upload the image on : https://github.com/ImpressCMS/impresscms/issues/807 (I can't upload the file here..)
ImpressCMS definitely has multiple editors at its disposal. They can be configured in the 'General Settings' page, more info in the wiki here.
We currently have CKEditor, TinyMCE and an old-skool simple text editor available. At the moment, new editors need to be installed manually on your site, but a PR on Github is waiting for ImpressCMS 2.0 to manage the editors just like the modules and the translations, using Composer.
I can confirm the issues that you have found. I already filed a bug report for the editor administration page, in fact.
When you talk about a database error, do you mean the one on the user page, or is it another one?
Composer version 1.10.17 2020-10-30 22:31:58
PHP 7.4.11 (cli) (built: Sep 29 2020 13:18:06) ( ZTS Visual C++ 2017 x64 )
After successful installation I can't access different functionality,different editors?(I am not sure if impressCMS have a editor). I also receive a database error message.
For functionality that I can't access (see images)
no editors ? :
yes, we are using the h1 platform, and as of a few minutes ago, we are a public project at https://hackerone.com/impresscms
Feel free to post any security related issues there so we can monitor them more easily.
Final question : Are you using h1 platform? Can I get invite (I plan to test this now after successful installation)
you are correct, and I figured we would have broken the threshold to become a public project by now. It's something we don't have much power over, we need to have bug reports by invited hackers on Hackerone, and until now only a few reports have been coming in (and have been handled of course )
When it comes to security issues, please notify us on the security issues form. That way we can make sure the issue gets fixed before it is published online.
I'll update the SECURITY.md on github as well, thanks for letting me know!
Hi ! I want to report an issue however on the SECURITY.md on Github mentions to report it on Hackerone but it seems to be private.
Should I post the bug on Github instead?
Given the change, I don't think that's likely. We adapted the login page template to give another variable as redirect address, nothing more.
Could it have caused passwords to be expired? I had to reset mine to get logged in.
I spoke too soon earlier, because the fix I proposed did not work in every case (thanks @Mekdrop for investigating). The new fix is ok and is in the newly-released ImpressCMS 1.4.1 beta. Give it a spint and let me know if it works as expected!
Hi, when you logged into the sites using a chromium-based browser (Chrome, new Edge, Brave, Opera, ...) , the redirection to a logged-in page wasn't working as it should have, and you got presented a nice, clean, but utterly white page
I fixed issue #100 a few minutes ago, and backported the fix directly on this site to improve your login experience.
I am aware that many of the links to the downloads are broken. I'm in the process of fixing them all, and updating the information to the latest version. I'll keep you posted on the progress
I overwrote the jQuery with the old version, that fixed it.
According to the latest package.json for Bootstrap 4.4.1, the jQuery version needs to be at least 1.9.1 and less than 3
I think we introduced a new bug by updating to ImpressCMS 1.4 - the newer version of jQuery is not compatible with the version of Bootstrap used in the theme. The result is the navigation menu does not work for mobile devices, or even when you desktop browser emulates a mobile device.
Not that I was aware of. We upgraded to 1.4 afrond the time that the issues started appearing. The standard should now be ckeditor, no DHTML is in use atm.
Was there a change in groups and using the Rich text editors in the forum? If the DHTML editor was the standard, then the HTML settings would not have mattered.
Looks like it is fixed now. And my temporary issue with the forum that stopped me from posting has gone as well.