All The Latest From WHMCS

Home / Blog

WHMCS Security Advisory for 4.5, 5.0, 5.1, 5.2


WHMCS has released new patches for the 4.5, 5.0, 5.1 and 5.2 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.

WHMCS has rated these updates as including critical or important security impacts. Information on security ratings is available at http://docs.whmcs.com/Security_Levels.

Releases
The following full-release versions of WHMCS have been published and address all known vulnerabilities:
5.2.5

The latest public releases of WHMCS are available inside our member's area at https://www.whmcs.com/members/clientarea.php

Security Issue Information
The Targeted Security Release and Patch updates for 4.5, 5.0, and 5.1 resolve an issue of unsanitized information being used in a SQL query. Using a crafted URL, an attacker could perform an SQL Injection.

The Targeted Security Release and Patch update for 5.2 addresses a security enhancement regression discovered in 5.2.3 and 5.2.4. This regression is not related to the itemized vulnerability mentioned for 4.5, 5.0, and 5.1. The regression was identified internally and is not a candidate for public disclosure.

Mitigation

WHMCS Version 4.5
Download and apply the appropriate patch files to protect against these vulnerabilities.

Patch files for affected version of the 4.x series is located on the WHMCS site as itemized below.

v4.5.5 (patch only) - http://www.whmcs.com/download/302/v455patch

To apply the patch, simply download the appropriate patch file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation.

No install or upgrade process is required.

WHMCS Version 5.x
Download and apply the appropriate full-version or patch of WHMCS to protect against these vulnerabilities.

Patch files for affected version 5.x are located on the WHMCS site as itemized below. A full-version of 5.2.5 is located in the WHMCS member's area download section, under your license details.

v5.0.6 (patch only) - http://www.whmcs.com/download/306/v506patch
v5.1.7 (patch only) - http://www.whmcs.com/download/310/v517patch
v5.2.5 (patch only) - http://www.whmcs.com/download/314/v525patch
v5.2.5 (full-version) - Available in the members area

When updating from v5.0.5, v5.1.6, or v5.2.4 you can use the patch file and the upgrade process is not required. Simply download the appropriate file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation.

If running any other version you should apply the full-version, simply download the file from our member's area and then follow the regular upgrade instructions which can be found at http://docs.whmcs.com/Upgrading


*This Security Advisory is in the process of being emailed to all active license holders.*


Posted by David on Thursday, May 16th, 2013







Long-Term Support Policy


Effective May 1st, 2013 WHMCS will have a Long-Term Support Policy. The Long-Term Support (LTS) Policy defines how long we intend to provide Important and Critical updates for published versions of WHMCS.

We encourage you to review the full Policy at http://docs.whmcs.com/Long_Term_Support. In short, we will provide Important and Critical updates for one year after the initial publication of the minor version. You can use the WHMCS Versions & LTS Schedule to see which versions are currently covered by Long-Term Support and when the End-Of-Life date is. The Schedule will be updated to include new minor versions when they are published.

NOTE: The LTS Policy does not introduce any changes to how WHMCS licenses or services are implemented with in the product or on our servers. Your WHMCS installation will continue to function according to the type and status of your license, the same as it has in the past.


Posted by Matt on Wednesday, May 1st, 2013







WHMCS Version 5.2.4 Release Announcement


WHMCS V5.2.4 is now available for all WHMCS license holders to download.

This is a maintenance release for the V5.2.x series. It is an incremental update, and therefore upgrading is simple and straightforward. All you need to do is download the update from our client area, unzip and then upload the files to your WHMCS installation. No install or upgrade process is necessary.

Visit our members area to download it now: www.whmcs.com/members

As always, we are offering our professional upgrade service where we handle the entire update process for you. For more details or to order, visit www.whmcs.com/upgrade-service

The full change log for this release can be found @ http://changelog.whmcs.com/

Thank you for choosing WHMCS.


Posted by Matt on Tuesday, April 23rd, 2013







WHMCS Security Advisory for 4.x, 5.0, 5.1


WHMCS has released new patches for the 4 series, 5.0 and 5.1 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. If you are not running the WHMCS 5.2, you are highly encouraged to update immediately.

WHMCS has rated these updates as including critical or important security impacts. Information on security ratings is available at http://docs.whmcs.com/Security_Levels.

Releases
The following full-release version of WHMCS have been published and address all known vulnerabilities:
5.1.6

The latest public releases of WHMCS are available inside our members area at https://www.whmcs.com/members/clientarea.php

Security Issue Information
The resolved security issue was identified by Dinesh Kumar Mohanty of Ultra Web Solutions Private Limited, India. There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS will only release limited information regarding the vulnerabilities at this time.

Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issue. These Targeted Security Releases and Patches address 1 vulnerability in WHMCS version 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 5.0, and 5.1. Additional, supplemental information is scheduled to be released May 28th, 2013.

Mitigation

WHMCS Version 4.x
Download and apply the appropriate patch files to protect against these vulnerabilities.

Patch files for affected versions of the 4.x series are located on the WHMCS site as itemized below.

4.0 series: http://www.whmcs.com/download/258/v403patch
4.1 series: http://www.whmcs.com/download/262/v413patch
4.2 series: http://www.whmcs.com/download/266/v422patch
4.3 series: http://www.whmcs.com/download/270/v432patch
4.4 series: http://www.whmcs.com/download/274/v443patch
4.5 series: http://www.whmcs.com/download/278/v454patch

To apply the patch, simply download the appropriate patch file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation.

No install or upgrade process is required.

WHMCS Version 5.x
Download and apply the appropriate full-version or patch of WHMCS to protect against these vulnerabilities.

Full-version and patches for the affected version of the 5.x series are located in the WHMCS members area download section, under your license details.

v5.0.5 (patch only)
v5.1.6 (full-version and patch)

When updating from v5.0.4 or v5.1.5, the upgrade process is not required. To apply the full-version or patch, simply download the appropriate file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation.


*This Security Advisory is in the process of being emailed to all active license holders.*


Posted by David on Tuesday, April 23rd, 2013







A basic guide to WHMCS Template creation

Written by Alistair from WHMCSThemes.com


In this blog post, we will be covering the basic aspects of how the WHMCS template system works, as well as how you can make a WHMCS template to match your existing website. This process is commonly known as WHMCS Integration.

The areas covered are:

1) Things you will need
2) Preparation
3) What files to edit
4) Making a WHMCS template to match your HTML template
5) IF statements
6) Troubleshooting with official WHMCS documentation



1) Things you will need

To get started, you will need the following things:

- A licensed copy of WHMCS software installed on your website
- An FTP client, such as FileZilla (FREE)
- A text editor, such as NotePad++ (FREE)
- A website template (HTML is the best choice for beginners)
- A basic working knowledge of HTML editing

If you do not have an HTML template, we have created one especially for use with this guide, which you can download free of charge:


FreeHTMLTemplate.png



2) Preparation


We will be using the Portal layout as the focus of our guide, in conjunction with the Free HTML template provided above.

To begin making an integration based on the Portal layout, you will need to download a copy of the template folder to your desktop. This can be done by using an FTP client, such as FileZilla.

At this stage, it is recommended that you rename the portal folder you just downloaded to something unique, for example, "template1". You should then upload the folder via FTP to your WHMCS templates directory. You should now see all of the pre-loaded WHMCS template folders, as well as your new template folder, which we have called "template1".

To view your new template without activating it in your WHMCS Admin panel, you can use the following URL:

http://www.yourwebsite.com/whmcs/index.php?systpl=template1



3) What files do I need to edit?

The WHMCS template front end (what your clients will see) is based on the Smarty template system. For those of you who are not familiar with what Smarty is - don't panic. For the purposes of WHMCS template creation, all you need to know for now is that Smarty allows the use of user friendly variables and IF statements. Smarty makes other things possible too, but as this is a beginner's guide, we will focus on the basics.

Let's return to our desktop and take a look in the folder we called "template1". As you will see, there is a folder for images, and a number of other files. The only 3 files you need to be concerned with for now are:

1) header.tpl - This file controls the top section of the WHMCS template
2) footer. tpl - This file controls the sidebar and bottom section of the WHMCS template
3) style.css - This file controls the CSS styling of the WHMCS template

This screenshot shows the typical sections of a website template in relation to the WHMCS template files they use:



whmcs-template-structure.png



4) Making a WHMCS template to match your HTML template

The first thing to do is to find a page of your HTML template that is suitable for WHMCS. Ideally, such a page would have a content area and a side bar, just like the Portal layout has.

As you can see from our free HTML template, the blank.html page would be ideal for WHMCS integration.

If you look at the HTML folder, you will see that all the files that the HTML template uses are located in there. Our WHMCS template is going to need these files, so let's copy the "HTML" folder and all of its contents into our "template1" folder (the WHMCS template we are making), located on the desktop. You should also upload the HTML directory to the "template1" folder on your server:

http://www.yourdomain.com/whmcs/templates/template1/

You do not need to upload the actual HTML files - you just need to upload the CSS and image folders.

You should now be able to see these folders at the following locations:

http://www.yourdomain.com/whmcs/template1/HTML/css/
http://www.yourdomain.com/whmcs/template1/HTML/images/

So now, your WHMCS template has its own copy of the CSS and image files used in the HTML template. This is particularly important if you are going to be using an SSL certificate with WHMCS.

Now let's open the blank.html (HTML) file and the header.tpl file (WHMCS) in our text editor. You can delete everything in the header.tpl file, as we are going to insert the layout from our HTML template.

You will need to copy the top section of code from blank.html and paste it into header.tpl. We need to copy everything from the very top of the blank.html file, all the way down to where the individual page content is going to begin. If you remember from the picture above, the header.tpl only contains the top section of the template - it does not include any individual page content. In other words, we need to copy the HTML code up to the point that the content container has just begun - we want the content box, but we don't want any actual content in the header.tpl file.

Once copied, you can paste it into the header.tpl file.

In the case of our free HTML template, you would need to copy everything, starting at the top and going all the way down to:

Code:
<div class="box03C">


header-code.png


So now your header.tpl will have all of that code copied into it.

Let's now open the footer.tpl (WHMCS) file and do the same thing - we need to copy the HTML code, starting from where the main content box ends. In the case of our free HTML template, you would need to copy everything below the last instance of:
Code:
<p>Content Goes here..</p>

We don't want to copy "Content Goes here" - we want to copy everything below it and paste it into our footer.tpl file, overwriting all the existing footer.tpl content.



footer-code.png


Let's go ahead and save the header.tpl and footer.tpl files and upload them to our WHMCS template folder on the web server. You might be curious to see what it looks like at this stage, but it won't look good as we need tell the WHMCS template where to find the HTML template image and CSS files.

Let's go back to the header.tpl file that's open in your text editor. You will need to make some changes to the <head> section.

As you will see, the CSS file that our HTML template relies on has been linked to as follows:
Code:
<link href="css/style.css" rel="stylesheet" type="text/css" />

So that WHMCS can locate it, we need to change the href tag to its correct location. This will be:
Code:
<link href="templates/template1/HTML/css/style.css" rel="stylesheet" type="text/css" />


Our free template doesn't contain images within the code itself, but if you are using a different template that does, you would need to tell WHMCS where to locate the images. For example, your template might have this:
Code:
<img src="images/logo.png" />

All you would need to do is change it to this:
Code:
<img src=" templates/template1/HTML/images/logo.png" />

Now you can save the header.tpl and upload it to your template directory on your server. If you preview the WHMCS template in your browser now, it should look much better. However, there is still work to be done.

The final thing to do in terms of design is to apply the WHMCS style sheet and JavaScript calls. You can copy and paste the following code into the <head> section of the header.tpl file:
Code:
<meta http-equiv="content-type" content="text/html; charset={$charset}" /> <title>{$companyname} - {$pagetitle}{if $kbarticle.title} - {$kbarticle.title}{/if}</title> {if $systemurl}<base href="{$systemurl}" />{/if} <link rel="stylesheet" type="text/css" href="templates/{$template}/style.css" /> <script type="text/javascript" src="includes/jscript/jquery.js"></script> {$headoutput} {if $livehelpjs}{$livehelpjs}{/if}

This code tells your WHMCS template to load all necessary JavaScript and it also provides the CSS foundation for the WHMCS page content.

If you save the header.tpl file now and upload it to your server, you will probably see a few display issues. This is because the style.css of the Portal template is conflicting with your HTML template stylesheet.

So to resolve it, you need to remove all conflicting CSS from the WHMCS style.css file, and upload it to your server.

This should now result in a perfect WHMCS integration. All that remains to be done is to add the WHMCS navigation menu links. Due to the way the HTML template is structured, we will be placing the code needed into the footer.tpl file so that the WHMCS navigation links appear in the template side menu.

If you look at the code in the footer.tpl file, you should find the following:
Code:
<ul class="ulStyle03"> <li><a href="#">Link 1</a></li> <li><a href="#">Link 2</a></li> <li><a href="#">Link 3</a></li> <li><a href="#">Link 4</a></li> <li><a href="#">Link 5</a></li> </ul>

All we need to do is replace it with this:
Code:
<ul class="ulStyle03"> {if $loggedin} <li><a href="clientarea.php" title="{$LANG.clientareanavhome}">{$LANG.clientareanavhome}</a></li> <li><a href="clientarea.php?action=details" title="{$LANG.clientareanavdetails}">{$LANG.clientareanavdetails}</a></li> <li><a href="clientarea.php?action=products" title="{$LANG.clientareanavservices}">{$LANG.clientareanavservices}</a></li> <li><a href="clientarea.php?action=domains" title="{$LANG.clientareanavdomains}">{$LANG.clientareanavdomains}</a></li> <li><a href="clientarea.php?action=quotes" title="{$LANG.quotestitle}">{$LANG.quotestitle}</a></li> <li><a href="clientarea.php?action=invoices" title="{$LANG.invoices}">{$LANG.invoices}</a></li> <li><a href="supporttickets.php" title="{$LANG.clientareanavsupporttickets}">{$LANG.clientareanavsupporttickets}</a></li> <li><a href="affiliates.php" title="{$LANG.affiliatestitle}">{$LANG.affiliatestitle}</a></li> <li><a href="clientarea.php?action=emails" title="{$LANG.clientareaemails}">{$LANG.clientareaemails}</a></li> <li><a href="cart.php" title="{$LANG.ordertitle}">{$LANG.ordertitle}</a></li> <li><a href="logout.php" title="{$LANG.logouttitle}">{$LANG.logouttitle}</a></li> {else} <li><a href="index.php" title="{$LANG.globalsystemname}">{$LANG.globalsystemname}</a></li> <li><a href="register.php" title="{$LANG.clientregistertitle}">{$LANG.clientregistertitle}</a></li> <li><a href="clientarea.php" title="{$LANG.clientareatitle}">{$LANG.clientareatitle}</a></li> <li><a href="announcements.php" title="{$LANG.announcementstitle}">{$LANG.announcementstitle}</a></li> <li><a href="knowledgebase.php" title="{$LANG.knowledgebasetitle}">{$LANG.knowledgebasetitle}</a></li> <li><a href="submitticket.php" title="{$LANG.supportticketspagetitle}">{$LANG.supportticketssubmitticket}</a></li> <li><a href="downloads.php" title="{$LANG.downloadstitle}">{$LANG.downloadstitle}</a></li> <li><a href="cart.php" title="{$LANG.ordertitle}">{$LANG.ordertitle}</a></li> {/if} </ul>

This code tells WHMCS to display 2 sets of menu links, depending on whether the user is logged in or not. If a user is logged in, they will be shown the main links, as well as links related to their client account. If a user is not logged in, the client account links will be hidden.

Now you can save the changes to the footer.tpl file, and hopefully, your WHMCS integration should be looking pretty good!&#8195;


5) IF Statements

A great feature of the WHMCS / Smarty template system is that IF statements are incredibly easy to implement.

The most common one you will want to use is to tell WHMCS to display content depending on whether the user is logged in to their account or not. For example, WHMCS has the ability to display user account information. This is where you would want to use the following IF statement:
Code:
{if $loggedin} Content here will be shown to users who are logged in. {else} Content here will be shown to everyone, unless the user is logged in to their account. {/if}

It's also useful for displaying a welcome message to users when they log in.

As you can see, you do not need to know any PHP to implement these IF statements.


6) Troubleshooting with official WHMCS documentation

If you're not familiar with how to integrate WHMCS with a template, it's likely that you'll run into some problems along the way.

Your first port of call should always be the official WHMCS documentation - it's there to be used!

Here are some links to useful WHMCS documentation for integration issues:

http://docs.whmcs.com/Client_Area_Template_Files
http://docs.whmcs.com/Template_Syntax

If you don't find your answer in the documentation, a simple Google search should direct you to other places where you might find the answer.

If you still can't find a fix for your issue, asking for help on the official WHMCS forums should be your next move. The WHMCS user community is a friendly bunch and has a wealth of experience with WHMCS.

Don't forget, if you manage to fix the issue yourself, please update your forum post with the solution you used. It will probably be useful for someone else who has the same problem in the future.


I hope you have found this blog post useful and I wish you good luck with your integration.

Best regards,

Alistair

WHMCSThemes.com
Zumada Limited (UK)


Posted by Alistair on Monday, April 22nd, 2013







« Previous Posts