+1-888-365-2779
Try Now
More in this section

Forums / Security / Sitefinity CMS lower that 3.7 SP3 fix

Sitefinity CMS lower that 3.7 SP3 fix

20 posts, 0 answered
  1. Natalia Zosimova
    Natalia Zosimova avatar
    2 posts
    Registered:
    23 Jun 2010
    18 Nov 2010
    Link to this post
    I've just tried to apply the recommended fix:http://www.sitefinity.com/Libraries/Product/SF_file_upload_vulnr.sflb.ashx.

    After i've modified web.config according the instructions, I tried to run our sitefinity web site.
    It did not get started and instead threw an error:
    CS0117: 'Telerik.Cms.Security.GlobalRights' does not contain a definition for 'CmsAccess'

     Telerik.Cms.Security.GlobalPermission permissionAccess = new Telerik.Cms.Security.GlobalPermission(Telerik.Cms.Security.GlobalRights.CmsAccess);
    Line 85:                     if (!permissionAccess.CheckDemand())
    Line 86:                         context.Response.Redirect("~/Sitefinity/nopermissions.aspx");
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    18 Nov 2010
    Link to this post
    Hi Natalia,

    Try using Telerik.Cms.Security.GlobalRights.CMSAccess. If the problem persists for you, please share the version of Sitefinity you use, because it seems to be over 2 years old if CmsAccess does not work for your.

    Best wishes,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Natalia Zosimova
    Natalia Zosimova avatar
    2 posts
    Registered:
    23 Jun 2010
    18 Nov 2010
    Link to this post
    Yes. it is the old version:

    : Sitefinity 3.2.1616.2:1

    ,

    So, the namespace 'Telerik.Cms.Security.GlobalRights' does not contain a definition for 'CmsAccess'

    Thank you,
    Natalia
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    18 Nov 2010
    Link to this post
    Hello Natalia ,

    Use CMSAccess as suggested.

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Christopher
    Christopher avatar
    2 posts
    Registered:
    07 Jun 2012
    18 Nov 2010
    Link to this post
    I attempted to apply this fix to sitefinity version (3.5.1747.2:1) and receive the following error while trying to load the site:

    CS0234: The type or namespace name 'Linq' does not exist in the namespace 'System' (are you missing an assembly reference?)
  6. Christopher
    Christopher avatar
    2 posts
    Registered:
    07 Jun 2012
    18 Nov 2010
    Link to this post
    I have resolved the error. I had to add new references to the to the <System.Web><Compilation> section of the web.config file:

    <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>


    I found the information here:

  7. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    19 Nov 2010
    Link to this post
    Hi Christopher,

    System.Linq does not exist in .NET 2.0. You may use it in .NET 3.5 and .NET 4.0

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  8. Steven
    Steven avatar
    3 posts
    Registered:
    09 Jun 2008
    19 Nov 2010
    Link to this post
    Are there any other tips or documentation on applying this Sitefinity Security Patch to 3.2 Sitefinity sites? Or for that matter, any .NET 2.0 based versions of Sitefinity?

    I have several sites to patch today (like 8 of them) and I could use all the support I can get at this point!

    ;)

    thanks,

    Steven Land
  9. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    19 Nov 2010
    Link to this post
    Hello Steven,

    The AccessModule is a standrad ASP.NET HttpModule - MSDN reference. If you prefer you can compile the code to a class library and put it in your bin. After the class has been added to App_Code folder you can clean the solution which should remove the reference you don't need. Telerik.Cms.Security.GlobalRights.CMSAccess has to be used for versions running Sitefinity 3.2.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  10. Jason M
    Jason M avatar
    108 posts
    Registered:
    15 Jan 2007
    19 Nov 2010
    Link to this post
    Is this security fix for versions lower than 3.7 SP3 or 3.7 SP2?  The email I received yesterdat states "This information is relevant for all Sitefinity websites, which are running on version lower than 3.7 SP3 (build 2057)".  However, according to this KB build 2057 is for 3.7 SP2.  I had issues applying the fix to my 3.7 SP2 project and want to make sure its secure.

    Thanks!
    J
  11. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    21 Nov 2010
    Link to this post
    Hi Jason,

    This issue was fixed in Sitefinity 3.7 SP2 build 3.7.2057 released on 2.12 2009. All sites that use versions prior this build are affected.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  12. Bachar Zeidan
    Bachar Zeidan avatar
    67 posts
    Registered:
    01 Jul 2010
    06 Dec 2010
    Link to this post
    Hi, I apply the fix.
    'Cause my site is a vb solution, I converted the c# code into vb.net. Can I have the vb.net version of AccessModule.cs file to check if it is correct?
    Finally: how can I verify that the patch is properly working?

    Thank you,
    Bachar
  13. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    06 Dec 2010
    Link to this post
    Hi Bachar,

    You can use our converter to convert the code. The code disables access to Sitefinity/UserControls/Dialogs folder if the user has not been authenticated and they cannot access the backend.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  14. Bachar Zeidan
    Bachar Zeidan avatar
    67 posts
    Registered:
    01 Jul 2010
    09 Dec 2010
    Link to this post
    All works fine,
    thank you!
  15. Roopesh
    Roopesh avatar
    39 posts
    Registered:
    29 Oct 2010
    13 Dec 2010
    Link to this post
    Hello Sir,
    I am using sitefinity 3.7 . I was able to upload master pages from admin before .But now when I click on 'Select' no popup is showing .I am facing same problem in upload controls sections also .I am not seeing the popup .What is the issue
    Thank You
    Roops
  16. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    13 Dec 2010
    Link to this post
    Hello Roopesh,

    The control that we use is RadUpload. Could you check whether any js errors are thrown when you click on "Select" button or try to upload a control or template using another browser so you can narrow down the issue. Can you replicate the problem on http://demo.sitefinity.com/Home.aspx

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  17. Roopesh
    Roopesh avatar
    39 posts
    Registered:
    29 Oct 2010
    13 Dec 2010
    Link to this post
    Hello sir,,

    How can i login to admin side .


    I checked in the javascript error log in mozilla
    i could not see any javascript errors .is it possible to replace all files for the upload functionality ?
  18. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    13 Dec 2010
    Link to this post
    Hello Roopesh,

    You can access the admin through  http://demo.sitefinity.com/Sitefinity/Login.aspx. You don't need to be a registered user - choose a temporary username.

    The RadUpload used for uploading master pages is located inside Sitefinity/Admin/ControlTemplates/PageTemplates/MasterPageUploader.ascx

    The RadUpload for pages cannot be replaces.

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  19. Chris Aybar
    Chris Aybar avatar
    25 posts
    Registered:
    20 Oct 2008
    06 Jan 2011
    Link to this post
    The C# to VB converter referred to above does not perform a proper conversion of the code.  The resulting code returns this error:

    > Class 'AccessModule' must implement 'Sub Dispose()' for interface 'System.Web.IHttpModule'.

    Even after changing the Dispose method declaration to:
    > Public Overloads Sub Dispose() Implements IHttpModule.Dispose

    ...then changing the Init method declaration to:
    > Public Overloads Sub Init(ByVal context As HttpApplication) Implements IHttpModule.Init

    the following error is returned:

    Public Event PostAuthenticateRequest(sender As Object, e As System.EventArgs)' is an event, and cannot be called directly. Use a 'RaiseEvent' statement to raise an event.
  20. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    06 Jan 2011
    Link to this post
    Hello Chris,

    You can take a look at MSDN to see the C# VB conversation. This is a standard implementation of an HttpModule.


    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
20 posts, 0 answered