This morning we were notified of a problem within the authentication system of eXtplorer by Brendan Coles of itsecuritysolutions.org. Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 have found to be vulnerable to an authentication bypass bug.
This bug has been fixed in the latest release of eXtplorer (2.1.3), which you should download and install/upgrade immediately!
The eXtplorer project moves to http://extplorer.net! Wiki, Bug Tracker and source code can be found over there now.
With the latest release candidate, eXtplorer 2.1 now installs and runs on the new Joomla! 1.6. Even the flash upload works...
Be sure to update to the latest eXtplorer release.
The new eXtplorer version includes the following changes:
- updated to ExtJS 3.3.1
- fixed Flash Upload
- updated to SWFUPload 2.5 beta
- fixed deprecated warnings because of ereg functions
- fixed some FTP file operations (upload, copy, move, delete)
- fixed visibility of user form fields (form appeared empty)
- fixed editable file types detection (+ added .ini)
Get your copy now!
Thanks to Thomas Goirand of GPLHost eXtplorer has become available as a Debian package (starting with Debian Sid, see http://packages.debian.org/unstable/main/extplorer)! It's amazing to be part of such a legendary Linux distribution. In consequence it will be possible to add and update eXtplorer with the Debian package management tool deb.
We have done it: we moved eXtplorer from ExtJS 1.1 to ExtJS 2.2. This new version has a completely new component structure and required to touch nearly each file in extplorer. The result is great: eXtplorer now is faster and more reliable than before.
Please test the new release and report back! If you find errors and bugs please add them to the tracker, thank you!
This new version of eXtplorer fixes a security issue (file contents disclosure), which is present in all versions <= 2.0.0. An instant update is highly recommended. Just uninstall and reinstall the component.
A new feature has been added: WebDAV support. Information on how to set it up can be found on the Wiki (soon).
Besides that, some other minor bugs have been fixed.
Finally, after months of development in beta- and RC-phase, eXtplorer 2.0 has been released!
Make sure you download and test-drive it instantly. It installs on Joomla! 1.0.x, Joomla! 1.5.x and can also be run as a standalone app.
A new version of eXtplorer is available! eXtplorer 2.0 RC4 will be the last Release Candidate before going stable.
This version brings a new Syntax-Highlighting Editor called "EditArea", which brings a bunch of new features and speed-improvements compared to CodePress.
Please check it out!
A new version of eXtplorer has been released. No new features have been introduced, but a serious security hole has been fixed (XSS + File Disclosure).
An update is highly recommended for all users of eXtplorer.
After a long phase of testing and debugging, a new bug fix release of eXtplorer 2 is available.
Check out the new version and report your findings (bugs) back.
I'm proud to announce the availability of eXtplorer 2.0.0 RC1. The most annyoing bugs in the advanced php-based file explorer have been fixed and you can now use the script on production sites.
eXtplorer works standalone and on Joomla! 1.0 / 1.5 (natively).
eXtplorer 2.0.0 beta5 is out! This release of the web-based File Manager fixes a lot of bugs reported by testers. New Language Variables have been added and a Server-to-Server Transfer Functionality has been introduced, so you can directly download files to your server.
- fixed header-only problems on Mambo/Joomla! < 1.0.10
- added Server-to-Server transfer capabilities (using fopen, cURL or fsockopen)
- fixed [#6092] Some strings remained hardcoded
- fixed [ 1754755 ] Save button when uploading file not translated
- fixed the Frontend Browsing part (when being used as a Joomla! component)
- updated finnish and french language file
- updated ExtJS to 1.1 RC1, included Konqueror Patch
- fixed [ 1752904 ] error on admin dialog opening
- fixed [ 1752901 ] Combo on Login page doesn't work in IE6 and 7
- fixed [ 1752534 ] Non-static method ext_Lang::msg()
- removed dialog_status from onHide function for the dialog
- fixed bugs in the language files with undefined properties of non-existant var $_VERSION
- fixed bug with undefined var $acl