WHMCS security update

rds100

@HalfEatenPie LOL This was Microsoft's support, right?

fileMEDIA

WHMCS changed in 5.2 their db class to a new file (old dbconnect.php). So the solusvm plugin can´t get details from the db. I think we shouldn´t upgrade to 5.2 yet! I´m testing 5.1.4 now..

Patrick

Nothing wrong with 5.1.4 according to WHMCS:

https://twitter.com/whmcs/status/311583417609355266

Having similar issues regarding transactions & register domain just redirects back to search when adding it to cart.

V5.2 doesn't even let me login as it says incorrect password...

Hassan

Can someone let me know when it's stable?

OttoYiu

Tried to upgrade my v4.5.3 and got the 'Down For Maintenance'. Reverted back to old code base...

Ash_Hawkridge

Thank god we have a complete backup of the WHMCS directory and database, looks like we're going to have to go back to 5.1.3 and start again.

I would strongly advise all hosts to leave the latest version well alone. If me and @Patrick both got locked out, there's clearly something wrong.

fileMEDIA

@GetKVM_Ash Or go with the whmcs upgrade service. I using them for all bigger updates, but i waiting for modules update (solusvm,..) now.

VPSCheap_net

same problem like above with 5.2, cant login with any admin account

ipxadam

With this release had to make patches to our custom modules. WHMCS support said "Please call init.php, rather than dbconnect.php. WHMCS v5.2 and onward will no longer use dbconnect.php file."

fileMEDIA

I think you can create a dbconnect.php file and do:

<? require('init.php'); ?>

soluslabs

@phxadam said: With this release had to make patches to our custom modules. WHMCS support said "Please call init.php, rather than dbconnect.php. WHMCS v5.2 and onward will no longer use dbconnect.php file."

Can you confirm this works?

Patrick

@GetKVM_Ash said: Thank god we have a complete backup of the WHMCS directory and database, looks like we're going to have to go back to 5.1.3 and start again.

I would strongly advise all hosts to leave the latest version well alone. If me and @Patrick both got locked out, there's clearly something wrong.

Yup!

I'm reverting back to 5.1.3 as well...well what a waste of time this was.

ipxadam

@soluslabs yes it worked for my modules. I also had to remove functions.php.

soluslabs

@phxadam said: @soluslabs yes it worked for my modules. I also had to remove functions.php.

So you can't call functions.php from the module in 5.2?

ipxadam

oops its /includes/functions.php

But thats correct. When I called both I got this error:
"Fatal error: Cannot redeclare emailtpl_template()"

It seems init.php calls the same functions as /includes/functions.php

soluslabs

Thanks. I'm uploading it on our dev whmcs now.

Spencer

@soluslabs said: Thanks. I'm uploading it on our dev whmcs now.

Looks like you owe phxadam 1 year of free solus!

Patrick

Had few payments come in and worked fine, I just used the full 5.1.4 stable version rather then the patch and uploaded our sql before we attempted to do the upgrades to 5.2. (Domain reg also works)

AlexBarakov

Well according to the email I just got, the holes are not known to the public, so if whmcs keeps their mouth shut I asume we will have enough time to wait for them to clear their shit, again.

soluslabs

@Alex_LiquidHost said: Well according to the email I just got, the holes are not known to the public, so if whmcs keeps their mouth shut I asume we will have enough time to wait for them to clear their shit, again.

I'm sure they will. I would say Vlad will list them shortly.

AlexBarakov

@soluslabs said: I'm sure they will. I would say Vlad will list them shortly.

According to their email:

The resolved security issues were all identified by Vlad C. of NetSec

Interactive Solutions http://safeornot.net. There is no reason to
believe that these vulnerabilities are known to the public. As such, WHMCS will
only release limited information regarding the vulnerabilities at this time.

Once sufficient time has passed to allow WHMCS customers to update their

installed software, WHMCS will release additional information regarding the
nature of the security issues. These Targeted Security Releases and Patches
address 6 vulnerabilities in WHMCS version 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 5.0,
5.1, and BETA 5.2. Additional, supplemental information is scheduled to be
released April 9th, 2013.

According to this, it is ''safe'' for now.

soluslabs

If Vlad found the issues then they are safe. He's a good guy and won't release any information until WHMCS have sorted it. He won't wait forever though!

AlexBarakov

@soluslabs said: If Vlad found the issues then they are safe. He's a good guy and won't release any information until WHMCS have sorted it. He won't wait forever though!

My English is kinda bad, however as far as I understand they will release the information on 9th of April?

An offtopyc, when are you guys going to release the 1.14 beta?

fileMEDIA

Some informations for upgrading: http://docs.whmcs.com/Version_5.2_Release_Notes#Upgrade_Steps

Release Notes

Display Problems/Browser Cache - Always clear your browser cache, or perform a hard > refresh after upgrading, most display related issues are purely due to seeing an old > version of the CSS

The Add Transaction permission is now required in order to apply payment to an > invoice - previously access to Manage Invoices was also sufficient

The dbconnect.php file has been removed as of WHMCS V5.2 and so any custom files > will require updating to include "init.php" and only "init.php", the current separate > "functions.php" include will be handled automatically

In the viewinvoice.tpl template file the variable {$subscriptionid} has been changed to > {$subscrid}

Further release notes will be added here throughout the course of testing.

soluslabs

@fileMEDIA said: Some informations for upgrading: http://docs.whmcs.com/Version_5.2_Release_Notes#Upgrade_Steps

Release Notes

Display Problems/Browser Cache - Always clear your browser cache, or perform a hard > refresh after upgrading, most display related issues are purely due to seeing an old > version of the CSS

The Add Transaction permission is now required in order to apply payment to an > invoice - previously access to Manage Invoices was also sufficient

The dbconnect.php file has been removed as of WHMCS V5.2 and so any custom files > will require updating to include "init.php" and only "init.php", the current separate > "functions.php" include will be handled automatically

In the viewinvoice.tpl template file the variable {$subscriptionid} has been changed to > {$subscrid}

Further release notes will be added here throughout the course of testing.

thanks.. I attempted to upgrade our dev whmcs from 5.1.3 to 5.2.1 but it's failed... Not sure what the issue is yet.

I'll fix the module up now.

liviu

I hate changes

soluslabs

I've updated the module to work with 5.2. It should also work with 5.1

http://files.soluslabs.com/solusvm/modules/whmcs/solusvm_whmcsmodule_v3.12.zip

Just be aware i've not tested it because i can't get 5.2 to install..

gnugeek

My custom modules stopped working because this update broke class autoloading.

ipxadam

I'll give it a shot

soluslabs

@Alex_LiquidHost said: An offtopyc, when are you guys going to release the 1.14 beta?

Monday. There's still a few bugs to clean up and i have 2 days of meetings and i need to be around when it's released.