There are a few tweets going around about an exploit in our WooFramework. It happens to be making news around the same time we were hacked so naturally it could cause some hysteria about a possible link between the two and a vulnerability on our user’s sites. Rest assured there is no link and the exploit was actually fixed a few days before our website was hacked.
We have however issued another update to the WooThemes framework (V5.3.11 V5.3.12) to tighten the security of our themes even further. We recommend all users update their themes to the latest version, it’s really easy. Click the “Update Framework” button in our theme framework in the WP backend to grab and install the latest version.
This from WooThemes developer Matty Cohen:
The shortcode preview functionality that was in the WooFramework’s bundled shortcode generator (the neat popup used to add shortcodes to posts and pages with a point-and-click interface) was identified as a potential security exploit several days ago. After the first report was made, we began work on isolating and resolving this exploit. This resulted in the removal of this functionality from the WooFramework (the shortcode generator is still there… just the preview functionality was removed).
The potential exploit is such that the shortcode preview allowed users to generate shortcodes using the preview window’s file, without authenticating the user.
We would have preferred the user who published the details of the exploit to have disclosed it to us securely and privately first, before sharing it on social readers where it received some unjustified, harsh critique, but for the sake of transparency we are publicly acknowledging and responding to the information at the risk of causing some nervy users.
Feel free to post any further questions below where Matty and our other developers will happily calm your nerves. What we have actioned as a result of this story is a new Twitter account that users can follow called “WooThemesDev” which will communicate theme updates and codebase details to interested users.
Follow ‘WooThemesDev’ on TwitterUpdate: Version 5.3.12 of the WooFramework was recently released to ensure that the file in question is overwritten correctly by the WooFramework one-click update system. This update was flagged as “critical” and is an essential update.
Update: If you’re experiencing an issue automatically updating to V5.3.12, or the update doesn’t show for you on the “Update Framework” screen of your WordPress admin, please see our tutorial on how to perform a manual WooFramework upgrade.
If this tutorial link isn’t visible to you after being logged in to your WooThemes account, give us a shout in the Support Forum and we’ll assist in getting you upgraded.
Please ensure that all themes on your website that use the WooFramework are updated to the latest version (not just the theme you have active).
Manually Upgrading the WooFramework
To manually upgrade the WooFramework, the steps are:
- Download the WooFramework ZIP file.
- Backup your entire theme onto your computer, using an FTP program (your web hosting provider should provide FTP information). This is a precaution in case you need to revert to the previous version you were running.
- Unzip the WooFramework ZIP file downloaded in step 1.
- Remove all files from the functions folder inside your theme via FTP.
- Replace the content of the functions folder inside your theme with the contents of the ZIP file unzipped above.
- Repeat this for all WooThemes using the WooFramework that are on your server, not just the active theme.
I haven’t developed anything using WooThemes, but have clients who have brought over Woo-based themes. The exploit’s proof-of-concept (from the Gist that I learned from it) using a link to the impacted file on demo2.woothemes.com still appears to render shortcode output.
Can you say more about the fix? Should that still render (follow @kraft on Twitter and I’ll DM you the link. Don’t want to include it here since it is a security concern!)?
Hi Brandon,
Using the latest version of the WooFramework, this file and the functionality to preview shortcodes was removed entirely.
Any examples of this exploit in effect will not render using the latest version of the WooFramework.
Matty
This is great, but I think the real question is why is it still active on your demo servers.
Hi Tony,
We’re currently in the process of updating our demo servers. Our sincerest apologies for the inconvenience caused here.
Guys,
Great to hear that it is patched by why are we still able to see this: http://demo2.woothemes.com/olya/wp-content/themes/olya/functions/js/shortcode-generator/preview-shortcode-external.php?shortcode=%5Btwitter_follow%20username=%22iota%22%5D
This patch needs to be pushed to your demo servers.
Thanks Tony. Please see above comment. 🙂
Hey Bud
Have to be honest, my bigger concern is not in how this vulnerability was disclosed by Jason Gill, but how it was not by WooThemes on April 23rd when it was found and patched: http://cl.ly/3S2o1z380L3i1D44443A, especially with a “critical” rating. What’s probably more frustrating is that the demo servers were not patched in that same timeframe.
The disclosure by Jason has just further exasperated the situation and we must all now work together to get the word out to as many people as possible.
Not good guys, not good at all.
Tony
Tony,
We’ve certainly learnt a lot over the past week, with our server downtime and this possible WooFramework exploit.
We are taking these lessons to heart and implementing further structures and channels to be able to communicate with WooThemes users as directly and as quickly as possible.
Matty et. al –
You’re in a tough spot, and running on overtime for a while… It’s tough to know how to handle one of these fires (let alone 2) until you’re there…
The important part is identifying the things that went well, and the things that went not-so-well, and documenting them as a policy for the next time (fingers crossed there isn’t, but this is the Internet after all).
Cheers on being able to move forward, keeping your chins held high, and helping clients get switched over and secure as a priority.
Matt
Hey, do you have a direct download link for this? When I click the update framework link in wordpress I get a failed message..
Hi Jason.
No problem. 🙂 Please post in our support forums and we’ll do all we can to assist with getting you to the latest version of the WooFramework.
When posting in the forum, please also post the message you get when clicking the “Update Framework” button.
Thanks Jason. 🙂
That Jason isn’t this Jason 🙂 Update Framework worked for me and fixed the issue.
Ping me at attached email address, would be happy to have an honest discussion with you guys. Sorry for an unexpected day of troubles, next round of beers is on me.
When I press [update framework], I get the following screen.:
____________
Framework Update
You have the latest version of WooFramework
→ Your version: 5.3.3
_____________
How can I force a new update? Or can I download it?
Thank you,
Denis
I used your link:
http://woocommerce.com/2009/08/how-to-upgrade-your-theme/#update-6
It’s updated.
thank you
This doesn’t seem to work for me. Whenever I click on that link, I am automatically logged out and told that I need to be logged in to access this content. But I’m already logged into my account, so can someone help me with this please?
When I try to update automatically, I am told that I already have the 5.3.3 version of the framework (whereas the current version is 5.3.12)
Same problem here. I am unable to access the page even though I am logged in. It keeps returning to the login form.
Same as Puranjay and Richard below.
Stuck in log-in loop with no way out.
Please post the tutorial somewhere else for now.
It should be open for anyone to see since there were issues with logging in.
Nonetheless, the update framework functionality works from within the theme options now. 🙂
Hello,
I was able to update the framework manually, but I thought you would like to know about a problem I was having with the automatic updater. I got a “copy failed” error message when I tried to do the automatic update. I changed the permissions on the /canvas/functions folder to 777 temporarily, and that did not solve the problem.
New framework 5-3-12 successfully downloaded, extracted and updated.
Will stay tuned for any other critical update:)
My theme framework says “up to date” but it is definitely not 5-3-12. Is this something not yet working on the new setup?
I’m trying to update three separate sites but when I click “Update Framework” I get a message reading.
“You have the latest version of WooFramework
→ Your version:” old_version_number (Showing versions, 3.7.03, 4.5.1, & 4.6.0) for the three sites. Do I need to download this and install it manually? If so, where can I go to do this?
TY
Appreciate that you boys have had some rough days, but some of us have had our accounts “expire” – are you working on fixing that?
Hi Beth, Todd,
To manually upgrade the WooFramework, please see our guide here: http://woocommerce.com/2009/08/how-to-upgrade-your-theme/#update-6
Hi Johnny.
We are aware of the subscription expiration issue and will be looking into it over the next few days. 🙂
OK, I tried to follow that link which brought me to a login page stating “This resource is only available to registered WooThemes users.” I then log in and I’m redirected to “http://woocommerce.com/dashboard/” and so when I try to paste the URL into my address bar (having just logged in) it takes me back to the “This resource is only available to registered WooThemes users.” page. Any insight into why I’m unable to find the page you’re linking to?
TY
I’m having the exact same problem as Todd, and am also unable to post about the issue in the forum — it let’s me compose my forum post, but then the submit button does nothing at all.
I’m having the same problem – the tutorial asks me to log in, even when I’m already logged in, so I can’t view it. If I log in on the prompt page, it just takes me to the dashboard.
Same issue here as all of the previous commenters noted.
I should also note that the “Update framework” button has NEVER worked for me.
Will we get any clarification on this?
Same exact issue here. Logged in, click link and am asked to login again, when I do I go to Dashboard.
Todd, Julie, Evan, Konstantinos,
The login issue is a known issue at present, which our team are working to resolve.
Please email us on techsupport [at] woocommerce.com where we can assist with the upgrade, if you’re having difficulty accessing the forums as well.
@Konstantinos – The “Update Framework” link may not be working for you due either to a permissions issue with your “wp-content” folder not being able to be written to, or due to your server not allowing the connection to be made to retrieve the information about the update.
Our sincerest apologies for the inconvenience caused here, all.
I just wanted to say that I was having the same issue in regards to automatic upgrades, that my version of Unsigned was not recognizing that there was a new update. So I changed the permissions on wp-content to 777 from 755, and it allowed me then to see “A new version of WooFramework is available.”
Whenever you do get it upgraded, please remember to change your permissions back!
Again, same here
Having same problem.
I’m having the same problems…when I click on the link above…it’s asks me to login…then it just takes me to the dashboard. When I try to enter in the link again…same thing…so I can’t get to the tutorial on how to manually update the framework.
Hi Tony,
Please e-mail us on techsupport[at]woocommerce.com if the link to the tutorial doesn’t work after logging out, clearing your browser’s cache and logging back in.
From there, our ninjas will assist in getting the upgrade to you. 🙂
Hi! I can’t access this link. Every time I click it it takes me to the WooThemes login page (even if I’m already logged in!) and won’t take me any farther.
– Update Framework page says I have the “most recent version” – 5.1.4 and I can’t get at the page to manually update.
I’m running in circles here – please help!
Joanna,
The update functionality from within the theme options should be working now, please let us know if it is.
You shouldn’t need to manually do so now. 🙂
Have attempted to download via automatic update and get the message that I have the latest version (5.3.11). I try to login to my account and get the message that I have an expired membership–which I do not. Any help would be appreciated. I am concerned that more information wasn’t available regarding the critical nature of this exploit as well. It makes me worry about my woothemes websites (approximately 25 of them). I really like woothemes, but I lost a lot of time during the timthumb exploit and do not like the idea of having this issue again.
Hi Joe,
Regarding your subscription, we’re currently in the process of restoring this data. Thank you for your patience in this regard.
I’d advise performing a manual upgrade, as outlined in our tutorial here: http://woocommerce.com/2009/08/how-to-upgrade-your-theme/#update-6
Our sincerest apologies for the inconvenience caused here.
Thanks and regards,
Matty.
A blog comment (by Mark Lowe) on this article on memeburn.com, claimd there may be an exploit in the .12 framework.
Can you pleas advise if it is safe to apply the .12 fix?
http://memeburn.com/2012/04/premium-wordpress-theme-developer-woothemes-hacked/#comment-513968267
Hi Steve.
I can confirm that Mark Lowe is incorrect. The file he’s referring to would be injected only to vulnerable websites. In his case, I’d upgrade to V5.3.12 and then change all passwords (FTP, CPanel, Database, WordPress, etc).
I can’t update either b/c it says it’s already up to date w/ an outdated version. My theme updates never come through the admin either.
Hi vrob,
Please see our tutorial here ( http://woocommerce.com/2009/08/how-to-upgrade-your-theme/#update-6 ) for steps to perform a manual upgrade.
Thanks.
Ok, but that’s a pain…do you know why the dash upgrade isn’t working for so many people? I’d feel better if you had this on your radar and were trying to fix it…
Ok–Just tried to read the instructions to manually update and I get the same login loop others describe, so I log in, then try to access the page and it tells me to log in. So it’s nice that you’re telling everyone to upgrade, but send me another email when you fix the upgrader or the login loop…
The framework update functionality should be working, you can find that here. – http://cl.ly/0c3N0m2v3E3R0i1o2z0i
Hiya. Perhaps emailing users when there a critical update is available might be in order? Especially when an exploit is found …
http://lightpointsecurity.com/content/how-to-botch-a-security-vulnerability-discovery-woothemes-case-study
We could have sent an email out with the information, with our site down though we had no where to direct people. We weren’t able to send people to a post, provide a download of the updated framework, instructions on updating, etc…
As soon as the site came back up safely we sent an email. It was just entirely bad timing unfortunately.
New framework successfully updated
thank you
I hit update framework in my WordPress and all I get is “You have the latest version of WooFramework
→ Your version: 5.1.3”.
This is ridiculous, people/ I’ve had my whole hosting account hacked and infected because of WooTheme bugs. Hire some security expert.
Hi Egor,
Our sincerest apologies for the inconvenience caused here.
I can assure that we’re doing all we can to rectify the situation as best we can.
I noticed a problem when I updated canvas to 4.7.11. When trying to add a new menu item in one of my menus a pop-up would come up saying “Are you sure you want to do this?” with no option. Actually deleted V 4.7.11 and reinstalled V 4.7.9. Now am able to update menus but frame work update is not yet a reality. Will try to be patient as I have been in this situation myself.
Hi Tony,
This issue has been rectified in V5.3.12 of the WooFramework.
I’d recommend performing the same manual upgrade as you did when reverting to V4.7.9, except with V5.3.12.
Please e-mail techsupport [at] woocommerce.com if you encounter issues, either with the automatic updater or with posting in the forum or viewing the tutorial here: http://woocommerce.com/2009/08/how-to-upgrade-your-theme/#update-6
Thanks and regards,
Matty.
I have a combination of EGOR’s problem JOEY WATT’s
My WooFramework’s say “You have the latest version of WooFramework” when it really IS NOT (5.13, 5.0.2, or less)
AND
I have the expired membership problem. So when I visit your link to MANUALLY UPGRADE the framework with the tutorial, it brings me to the Expired subscription page. Can’t upgrade anything and can’t even read about it do it manually.
Love the themes, love the support, but is really getting ridiculous …
the manual framework upgrade link started working for me so that is fixed **
Thanks for letting us know, Mike. 🙂
Same:
You have the latest version of WooFramework
→ Your version: 5.3.11
Hi Tom,
If the above-mentioned tutorial link isn’t visible to you, please let us know of techsupport [at] woocommerce.com and we’ll assist you in upgrading. 🙂
Hi team,
I see this message:
You have the latest version of WooFramework
→ Your version: 5.3.3
No updates for a recommended V5.3.12 is available.
Regards,
Igor
Hi Igor,
Please see the link to our manual upgrade tutorial above.
Our sincerest apologies for the inconvenience caused here.
Thanks and regards,
Matty.
Hi Matty,
The recommended link – http://woocommerce.com/2009/08/how-to-upgrade-your-theme/#update-6 – brings us to login page, and after login directs to nowhere.
Regards,
Igor
Sorry, I’m logged out every time I try to reach the link to the manual update entry. What can I do?
Hi there.
Please e-mail support [at] woocommerce.com and we can assist with the update.
Our sincerest apologies for the inconvenience caused here.
Howdy woo – great to see you back – ive upgraded my woo framework and I get the message: “all up to date on 5.1.6” no mention of 5.3.12? Any ideas?
Hi there. 🙂
We’d recommend a manual upgrade in that case. Please see the blog post for a link to the manual WooFramework upgrade tutorial.
If this tutorial is inaccessible to your WooThemes account, please e-mail us on support [at] woocommerce.com and we’ll assist with getting you upgraded. 🙂
il send in an email matty as I cannot download anything right now from woo – even after reactivating 🙁
There is another download link for the latest Framework file on this member forum post: http://woocommerce.com/support-forum/?viewtopic=75054
I can login to my account, but I’m one of the users that has the message that the account is no longer active. I can’t get to the manual framework link because the site logs me out on clicking the link, and on logging back in I’m taken elsewhere.
@thomas – thanks, I’ve at least got hold of the framework now.
Could someone confirm how I update it? Do I just unzip if over the Theme name folder? Maybe a cut ‘n’ paste from the tutorial that we can’t reach to a sticky on the forum, and/or this blog post?
OK, overwriting the files doesn’t work.
Just received general email pushed out, which doesn’t contain instructions.
HELP!
I’ve logged in but I can’t enter (http://woocommerce.com/2009/08/how-to-upgrade-your-theme/) this page. I’m sure this is not a cookie issue, I have dashboard access.
Why you are not writing the direct link to WooFramework 5.3.12?http://woocommerce.com/updates/framework.zip
I’ve got the same issue with the link that Mustafa mentions.
Ok
Lets go through some of the issues here that I (and maybe others are experiencing) I have a subscription account which doesn’t work, it tells me it has expired. I have sent a number of emails to support but have yet to have issue rectified.
I have a number of high value clients that would be mortified to know there websites are vulnerable.
Many of the sites I have tried to update the framework with tell me I have latest version of framework when I clearly dont.
I cant access latest files because logins dont work and there is nothing for me to download – even though I should have access to all.
I understand the problems Woo are facing but these are serious times.
Still waiting
Peter
Geez Users – backoff. Give this provider some time to rectify things. Just because we don’t have the latest framework is NO reason to panic. Hell, we’ve probably been at risk for some time. And, the truth be known, there are probably other vulnerabilities in our themes and frameworks. So, get over it! Just make sure you actually back your sites up routinely and then you can breath. Gosh sakes.
Marcus
No one is abusing Woo here. However when you cannot access certain information, when it is critical to do so, then of course people are anxious.
Your assertion that we have probably been at risk for sometime, is weird. There is a difference between security vulnerabilities being published online by others and a security notification by the company itself.
Very different!
Peter
The 5.3.12 update doesn’t show for me on the “Update Framework†menu. so i tried to upload manually by logging in. i realized that i forgot my password on Woothemes. so i clicked Lost Password? then wrote me email. I got an email saying “This site requires JavaScript and Cookies to be enabled. Please change your browser settings or upgrade your browser.” so sending new password system is not working…
Good luck on sorting all this guys and well done on efforts so far, but I’m one of the many frustrated people who cannot update.
The dashboard doesn’t work – it says I’m on the latest where I’m not.
The manual link to update doesn’t work – it just loops me around login/dashboard and never shows the page.
There is no where else to download 5.3.12 from.
So you have a fix, but there is no way for me to actually access it. Can someone else who has 5.3.12 upload to somewhere else and provide a link here please? I have multiple vunerable sites that need patching ASAP!
Thanks in advance.
(oh and to top it all off, the createsend mailer that just came out from Adii is a little broken too (i.e. techsupport@ mailto link is broken).
I know you’re trying your hardest but I think you need to make this update publically available on a trusted server/3rd party host as soon as possible, instead of relying on people being able to access it through the woo domains which just isn’t working for me and many others.
Pete
OK, I’ve got working links. I’m not sure if there was a good reason for not publicly posting the framework link – could that lead to more attacks? So I’ll post the link that works for me and the method that worked for me in the General forum ASAP. Keep refreshing 😉
Can you simply post the instructions here? I submitted a support ticket email almost an hour ago with no reply. I cannot access the instructions page because it keeps asking me to log into the website when I am clearly logged in.
I couldn’t access the instruction page either, but I can now access the forum.
You need to use the download to replace the existing theme functions folder.
Great, thank you.
Hello Guys,
I have tired to update the WooFramwork through the dashboard however, when I try I get this error “Failed: Filesystem preventing downloads. ( ftpext)”.
What should I do next?
everytime I go to that instruction page for the framework I get logged out and cant see anything
hi do we need to update woocommerce?
You should always keep WooCommerce up to date.
Hi,
I can’t update the woo framework automatically from my theme (inside admin area), and every time I click on the instructions for the manual update, I get logged out and I can’t see them…
Please forward a link to the manual instructions which I can see (it seems that Mike has the same problem!).
Thanks,
Kenny
Hi all,
Yes, there was a good reason for not posting the direct link to the ZIP file here.
If you encounter issues with the automatic updater, please download the ZIP file from the link that several commenters have now posted.
The steps are:
– Download ZIP file, either from the direct link posted by several commenters here, or by e-mailing us for the ZIP file.
– Backup your entire theme onto your computer. This is a precaution in case you need to revert to the previous version you were running.
– Unzip the WooFramework ZIP file downloaded in step 1.
– Remove all files from the “functions” folder inside your theme via FTP.
– Replace the content of the “functions’ folder inside your theme with the contents of the ZIP file unzipped above.
You should now be running the latest version of the WooFramework.
Please see above in the blog post as well. If you encounter issues with these steps or with the download, please contact us directly on techsupport [at] woocommerce.com rather than commenting here. 🙂
Thanks and regards,
Matty.
“I can’t update the woo framework automatically from my theme (inside admin area), and every time I click on the instructions for the manual update, I get logged out and I can’t see them…
Please forward a link to the manual instructions which I can see (it seems that Mike has the same problem!).
Thanks,
Kenny”
I have got the same problems, I cannot access the instructions for manual update. When trying to access it, I have to login and get redirected to my account dashboard.
Please, let me know how to access the manual update instructions.
Hi Ellen,
I’ve added manual update instructions to this blog post.
Our sincerest apologies for the inconvenience caused here.
Hi Matty!
Thanks for the instructions. (Your post was published, when I was still writing mine, sorry if I seemed concerned or impatient.)
I could update all of my woothemes’ framework.
This is getting old, timthumb and now this?
The below works just fine. Make a complete backup first
http://woocommerce.com/updates/framework.zip
Replace all files in the /functions directory
Now you have manually patched the framework
Michael
I’m running Framework 2.7.10 and watched a video on the Woothemes site about being able to update your framework via WordPress. I don’t know what’s wrong, but there is no button in my Busy Bee section of WordPress that allows me to update the framework. I don’t know how to update it manually because the instructions are confusing me.
Hi Stevie,
We’d definitely recommend upgrading from a V2.x of the WooFramework. I don’t believe automatic updates were present in those versions, unfortunately.
If you require assistance in performing this upgrade, please e-mail us on techsupport [at] woocommerce.com.
To rephrase the instructions, it would be:
– Backup your theme from your website (via FTP) onto your computer.
– Download the ZIP file linked to above and unzip it.
– Via FTP, remove the contents of the “functions” folder of the theme.
– Replace the contents of the “functions” folder with the contents of the ZIP file unzipped in step 2.
I hope that helps. If not, please e-mail us and we can assist. 🙂
Thanks and regards,
Matty.
I submitted a help ticket on this but maybe this thread will be quicker. I did a manual update because the install didn’t see it needed to be updated. I forgot to empty the functions folder first. I copied over the new files and overwrote everything which seems like it should still be fine. However I now have an error message and the site doesn’t come up.
Fatal error: Cannot redeclare woothemes_more_themes_page() (previously declared in /home/jenna/public_html/chinatrip/wp-content/themes/postcard/functions/admin-functions.php:2476) in /home/jenna/public_html/chinatrip/wp-content/themes/postcard/functions/admin-theme-page.php on line 64
I’m wondering if not emptying the folder caused this or what else did. Also wondering if there’s a fix other than restoration. It makes me not want to do the manual update on any of installs until I know why this one went awry.
Thanks,
Sheila
Hi Sheila,
Removing the “admin-theme-page.php” file should resolve this. If not, please e-mail us on techsupport [at] woocommerce.com where we can assist directly. 🙂
Thanks and regards,
Matty.
Thanks Matty. But removing that file did not fix it. I’ve put in to my host to restore the site at this point. But I’m nervous to try this on another site. Do you think it was caused by not emptying that folder first?
Hi Sheila,
That’s possible, yes.
If you encounter further issues of this nature, please e-mail techsupport [at] woocommerce.com where our ninjas are on hand to assist. 🙂
Per your request I emailed on May 1. On May 3 Tiago Noronha asked for my login credentials and told me s/he would look into it and would do the upgrade for me. It’s now May 11 and I haven’t heard back. I emailed again to touch base and got an automated response back that I should post! Instead of starting a new forum thread I thought I’d ask you here if someone is still looking into this for me or what my next steps are. I basically have failed to do the manual upgrade twice from v2.2.3 of the framework. Thank you.
What is the link to your forum thread?
Odd, it won’t let me respond to you under your question but it will here!
There isn’t a link to a forum thread. I had posted here (see above) and was asked to email support. I did so and by email was asked for login credentials which I sent. I have successfully manually updated another Postcard themed site. But this one failed twice requiring a backup restore. The site has framework 2.2.3 installed with Postcard v1. The other one I updated had a newer version. I’m guessing that could be the issue. If you guys can’t help me I was thinking I’d do a data backup and try starting from scratch on a dev site with a new install and import my data. I just have to be sure I find and transfer any customizations. I did this site a LONG time ago and it was pro-bono so I really don’t want to put a ton of time into it. But I’m worry about leaving it vulnerable.
I can email my credentials again if that would help. This is what I received ….
MAY 03, 2012 | 07:53PM CAT
Sheila,
Can you send us your WordPress admin & FTP login so we can debug the issue?
I’ll personally update the theme framework for you. 🙂
Thanks!
Regards,
Tiago
OK, after typing my last post I decided to take the bulls by the horns. I read how to update the theme and indeed, doing so fixed the problem. So I’m good-to-go now. It might’ve been helpful if someone has simply suggested that to start with. Everything I read said the theme version didn’t matter it was the framework that needed updating. But with a v1 theme it simply didn’t work. Happy to close my needs out.
Sheila, Did removing “admin-theme-page.php†help? I removed it and received additional errors like:
Warning: require_once(/nfs/c04/h02/mnt/80256/domains/blog.eduardogonzalezloumiet.com/html/wp-content/themes/mainstream/functions/admin-theme-page.php) [function.require-once]: failed to open stream: No such file or directory in /nfs/c04/h02/mnt/80256/domains/blog.eduardogonzalezloumiet.com/html/wp-content/themes/mainstream/functions.php on line 18
Fatal error: require_once() [function.require]: Failed opening required ‘/nfs/c04/h02/mnt/80256/domains/blog.eduardogonzalezloumiet.com/html/wp-content/themes/mainstream/functions/admin-theme-page.php’ (include_path=’.:/usr/local/php-5.2.17/share/pear’) in /nfs/c04/h02/mnt/80256/domains/blog.eduardogonzalezloumiet.com/html/wp-content/themes/mainstream/functions.php on line 18
Hi Eduardo,
Your “functions.php” file is calling the “admin-theme-page.php” file.
Commenting out or removing this line from your “functions.php” file would resolve this.
The alternative is also to upgrade to the latest version of your theme, using the download from your WooThemes Account Dashboard. 🙂
If you encounter issues with commenting out the legacy code in your “functions.php” file, please e-mail techsupport [at] woocommerce.com where our ninjas are on hand to assist. 🙂
I am really frustrated that the tutorial page isn’t working:
http://woocommerce.com/2009/08/how-to-upgrade-your-theme/#update-6
I just get to the login page (although I’m already logged in). I try again and the page refreshes. No tutorial – when I need it the most.
Please, woo guys, figure out a way that we don’t have to go through anything like this again.
They’ve pasted the tutorial at the top of the page mate.
I have no idea how to do steps 2, 4 and 5 from your instructions. I have never used FTP or done a manual backup. Those of us who are not techies require more specific instructions, please. How do you “backup your theme to your computer”?
Step 2 :
Log in to your WordPress installation. On the left-hand menu, click on the menu item which displays the name of your theme. Click on ‘Backup Settings’. There are two backups to complete, the WooThemes one, and at the top of that page you’ll see a link to the WordPress Export Tool. Since it sounds like you haven’t been taking backups of your site to date, suggest you complete both backups 😉
If you can get into the forums, you’ll find other help there 😉
Scott,
The FTP related steps involved connecting to your web server using an FTP program such as “Transmit” for the Mac, or FileZilla (or another such program) for Windows.
From there, you’d navigation to your “themes” folder and drag the folder containing your theme’s files onto your computer’s desktop.
We recommend a backup of the physical files, just in case you ever need them.
If you’d like us to assist, please e-mail us on techsupport [at] woocommerce.com.
Great. I have invested way too heavily in Woo. I have quite a few site with your themes and non of them can be updated automatically for some reason. I’m on a satellite connection and this is going to kill a day or two of my time just to fix this via FTP.
Thanks for the notice though.
The auto update and manual updates ARE NOT WORKING! The link in this post send you into an infinite login loop. Same for the link in the email that Adii sent out earlier today.
As mentioned above, the Framework auto updates are not working (Canvas). When one goes to the Update Framework page, it shows that it has the latest version (5.2.2) even when this is not the latest version. I know you guys have had a hard week (understatement), but this needs to be fixed.
I’m not a coder/developer/hacker but a possible idea to deal with some security issues:
Create a fund/reward system to pay individuals who find major bugs in Woo products and report them to you guys first confidentially. Just some incentive for people to hack away at your system and report instead of taking it down.
Hi all,
If you see a comment that is the same issue that you’re experiencing, we are aware of it. There’s no need to repost about the same issue. 🙂
Please follow the steps in the blog post above. If you get stuck with these steps, please e-mail us directly, rather than commenting on this blog post (this is a blog post for conveying information. Support can be done via the Support Forums or over e-mail at techsupport [at] woocommerce.com if you require assistance with the steps).
Thanks all. We really appreciate your patience during this time and are very sorry for the inconvenience caused here.
Question: If the themes are up-to-date why would we have to change out the files in functions folder? Why would we not just update the theme and be done with it?
Hi jpatt,
The theme version and WooFramework version are different entities. Having an up to date theme doesn’t constitute having an up to date WooFramework, and visa versa.
More information on this can be found in a blog post we published on what components make up a WooTheme. 🙂
The reason for changing out the entire “functions” folder is to ensure that all files are fresh versions (it’s also easier than updating just one or two files). 🙂
Got it. An updated theme may not include the latest framework.
May I suggest maybe faster way to update for those with ftp challenges. Not sure if this is woo approved or not. Not sure of reason for not just replacing theme.
Idea:
Open extracted Framework file. Copy files (select > copy)
Open extracted woo theme. Go to functions folder. Delete files. Past in new ones. Compress theme again. Re-install via WordPress.
Just suggesting – May not work for reasons unknown to me. – Not necessarily woo approved.
The link at the top of this post and manual update via FTP worked for me on two sites just now. No love on the auto update from the dashboard, but the manual was fairly painless. FYI…
Followed the (very simple) steps for the Manual update (DLd the zip etc.) and all seems fine in that I was running 4.2.1 and its now showing I’m running 5.3.12, BUT it also says,
Old version of TimThumb detected in your theme folder. Click here to update.
Yet, I literally just DLd the zip, so would have thought I have the latest of everything… Don’t want to undo what I just did, so wondering do I click or not click?
Claire
PS. Appreciate your transparency, service dedication etc. and am sending virtual hugs/high fives/positive thoughts your way. Must have been a nightmarish week at Woo Towers. Thank you. 🙂
Hi Claire,
I suspect the TimThumb was detected in your theme. I’d recommend letting the TimThumb detector do it’s task, which will convert to using the latest version of TimThumb, which is available in the WooFramework.
Thanks for your support, Claire. 🙂
Hi,
I just downloaded your free theme, swatch. It still has the preview shortcode file with all the code intact.
Hi Satish,
We’re currently updating all theme packages. Please bear with us while the updated files upload.
Thanks. 🙂
Well I give up, I asked for help via email as I can’t get framework updated via the themes dashboard or through the link here and I was given the link to this page again.
Don’t give up 😉 The blog post above has been updated with instructions, (including a link that works for those of us that couldn’t use the previous link). If that doesn’t work, try the forum or e-mail support.
I am puzzled.
According to the indicator on my Theme Options page as well as the info on my Update Framework page, I’m running 5.3.7
How to I upgrade from 5.3.7 to 5.3.12? Wouldn’t that be a downgrade?
I’m running Emporium as my theme.
What gives?
Last time I checked, 12 is higher than 7, this this is definitely an upgrade 🙂
You, sir, are absolutely correct.
Until you pointed it out, I was reading it as 5.3.7 vs 5.3.7.1.2
I always use single digits between dots for my plugin / theme versions…
Thanks for setting me straight. I’m off to upgrade!
Hi there,
I just replace manual and it works 🙂
Should I update my WP to the 3.3.2 version ?
Thank you!
Hi Lupisima,
We’d recommend keeping your WordPress installation up to date on a regular basis, yes. 🙂
OK, I manually updated the functions folder EXACTLY as detailed here. I am getting a fatal error now!!!!!!!!!!!
Fatal error: require_once() [function.require]: Failed opening required ‘/home/YADDAYAYAD/public_html/MYBLOG/wp-content/themes/freshnews/functions/admin-theme-page.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/YADDAYADA/public_html/MYBLOG/wp-content/themes/freshnews/functions.php on line 18
??? I am not a tech expert. Please tell me what this means. I have Woo Themes on 5 of my sites, all are commercial sites. This is atrocious.
Hi Rebecca,
This file should not be present on the server, nor required by another file.
Please e-mail us on techsupport [at] woocommerce.com where we can assist with this upgrade.
You may need to comment out a line in the “functions.php” file of Fresh News, I believe.
Update: This line isn’t in the latest version of Fresh News’ “functions.php” file. I suspect you’re running an older version of the theme (which should be fine, by the way) and would just need to patch one line in your “functions.php” file. 🙂
I’ve informed the team to keep an eye out for your e-mail and what the issue is. 🙂
Matty: THANKS for the speedy response. Yes, i am using an old theme version. I emailed techsupport. I hope they answer soon! 🙂 THANKS!!!!!
I tried to go to the link you provided to manually update my theme (http://woocommerce.com/2009/08/how-to-upgrade-your-theme/#update-6), but I get a login page and I am not a subscriber. I’m using the Bueno theme. How can I get the instructions?
Hi Joe,
Please see the updated blog post above, containing instructions. 🙂
Thanks and regards,
Matty.
I’ve written a quick and dirty mass updater for other hosting companies.
https://github.com/zippykid/wooframework-updater
Would love some update from the woo guys directly if possible.
Did you create a backup before deleting the files in the functions folder? If so, I would recommend putting the backup back into place. Then check if the functions folder includes a file called admin-theme-page.php
If so, tell us which version of freshnews theme are you running on?
Ooops, never mind above post. I see Matty is helping Rebecca in the right direction already. Matty, need some red bull? 😉
HAHA! 🙂
I’m using Fresh News 2.3.1 on 4 sites. I’ve only tried updating 2 so far, both get that fatal error thing. I did not backup the functions folder but I backed up my sites (mySQL databases) and the directory backup. I sent a quick email to techsupport as Matty asked.
Seems you made a correct backup. Which means if things can’t be solved you can go back to how is was before and start “fresh”.
But I am sure the support e-mail will get you back on track .
Good luck!
I’m running Kaboodle & Kaboodle Commerce themes. I was able to manually update to the recommended framework for Kaboodle, but is there anything that I need to do for the ‘kabboodle-commerce” theme?
Thanks,
Rebecca
As long as your framework now says 5.3.12 you have done all the steps needed to fix framework problems.
Updating your theme is something different from the framework. So it’s up to you if you can and want to update that.
Hi Rebecca,
Our child themes don’t contain the WooFramework so no, those don’t require a WooFramework update.
Glad to hear you’re up to date. 🙂
Hi there,
So I’m on framework 5.3.12 now (I upgraded manually) on WP version 3.3.2. WP tells my that all my themes are up-to-date, but I run Digital Farm version 1.2.0. However, I see a new version of Digital Farm 1.4.3 available on Woothemes. I’ve 2 questions: is my site still vulnerable for this exploit? And two: how can I perform a safe and manual upgrade of the Digital Farm theme?
Thanks!
Answer 1: You are save now!
Answer 2: You can log into woothemes site, then download latest theme version, then install new(er) theme as you install any theme. This can be done using WP backend or through FTP. Or you can read the install instructions in the enclosed PDF file in the zip you downloaded.
Hopes this helps!
…thanks for your info!
But I cannot install Digital Farm -via the backend- as a new theme because the target folder ‘digital farm’ already exists and it won’t override. In the zip file is no PDF file with instructions available, only a changelog.txt. So I would like to know what the procedure is for manually updating the theme…!
Unzip the zip.
Find the folder which includes the theme.
It’s probably called something like digital farm.
Rename it something like digital-farm-v.X.X.X
Then use FTP to upload folder into your wp-content/themes folder
Go to the WP backend. The theme should now be shown but not yet active. You can choose to activate it.
Ofcourse before doing all this, please make backup. This is always good practise and hopefully will cheer up Mark! 😉
Everyone crying that your site is f’d up now – I suggest you’re likely not a professional user, and you could fo those of us who are a favor by getting out of the way and accepting the downtime while this gets sorted out.
If you’re actually a professional user who applied changes to your live site that cause it to go down, then you could use a couple of the most basic pointers that will serve you well in your future carrear as someone that runs live code requiring 100% uptime:
– Always apply any changes to a development copy of your site first, to make sure it works without issues.
– Have backups. Always. Lots.
I use Canvas Buddypress theme. Should I update anything besides the function folder inside Canvas theme?
Hi Tita,
The child theme should use the WooFramework from the parent Canvas theme, so updating the “functions” folder in Canvas should get you up to date. 🙂
Ok. Thanks!
…thanks for your info!
But I cannot install Digital Farm -via the backend- as a new theme because the target folder ‘digital farm’ already exists and it won’t override. In the zip file is no PDF file with instructions available, only a changelog.txt. So I would like to know what the procedure is for manually updating the theme…!
Unzip the zip.
Find the folder which includes the theme. It’s probably called something like digital farm.
Rename it something like digital-farm-v.X.X.X
Then use FTP to upload folder into your wp-content/themes folder
Go to the WP backend. The theme should now be shown but not yet active. You can choose to activate it.
Ofcourse before doing all this, please make backup. This is always good practise and hopefully will cheer up Mark! 😉
Thanks again…this works for me!
Oh my word, I just updated my themes and I LOVE THE NEW THEME options. From there, the framework update worked perfectly (for 2 out of 4 sites so far).
Maybe many of the problems users are having are because they are not running the most recent theme versions, eh? Perhaps users should be notified and that would quell a lot of confusion? Just sayin.
Thanks Matty and Alengio for your support. Thanks to guys like you, WooThemes rocks.
Thanks Rebecca. We’re glad you like the WooFramework update and are up to date with things. 🙂
I believe the other two websites you’re running with Fresh News (if I remember correctly, all 4 websites are running Fresh News?) would require a theme update as well, or to comment out the “admin-theme-page.php” file call in your “functions.php” file.
Again, really glad you’re up to date. Please let us know via an e-mail to techsupport [at] woocommerce.com if you require assistance with your remaining updates. 🙂
Note that if anyone installed, or had automatically installed, v1.3.1 of the VaultPress plugin it may have broken your website. I’m running Gazette Edition and when they pushed out v1.3.1 my website just showed a blank page with no data. I narrowed it down to their plugin and retrograded down to v1.3 to fix my site. Here’s what I got today in email from VaultPress:
“Today, we tried to update your site to VaultPress 1.3.1 with a WooThemes framework security hotfix. VaultPress 1.3.1 had a problem that caused an error for a small number of our customers. We pinpointed the problem, fixed it, and released VaultPress 1.3.2.
Your site is running version 1.3.2 so you’ve already been updated and should not see an error.”
They did give me credit for their subscription due to the error. Hopefully nobody did a manual plugin upgrade to v1.3.1 as they would have to manually upgrade to v1.3.2 if they don’t have the automatic feature turned on.
Is there some reason the framework.zip file is so hard to download?
I’d like to globally apply it to all my woothemes-based sites, so I figured a good start would be to download it via the terminal, i.e.
wget http://woocommerce.com/updates/framework.zip
but this results in “This site requires JavaScript and Cookies to be enabled. Please change your browser settings or upgrade your browser.”
I’m trying to have patience about this security problem, but it’s hard when
(1) the auto-updater on most of my sites doesn’t work, reporting things like “your version 5.3.1 is up-to-date”
(2) I can’t download the new framework ZIP file as easily as I can update (for example) wordpress.org/latest.zip
Do you want me to send it to your gmail?
Hi Canton,
We are currently looking into these issues. I’d advise downloading the file via the browser in the interim.
Downloading via the browser should allow you to then access the file via Terminal and perform your desired updates. 🙂
I also have the problem on multiple sites where it says that I have the latest version of the framework when I don’t. And I prefer not to manually update every site.
Why are you simply providing a workaround for the “latest version” problem instead of fixing it so we can update manually? It doesn’t seem like the customer should have to go through the extra work of manually updating when it’s supposed to update automatically.
I should have said, “instead of fixing it so we can update automatically.”
Hi Brandon,
We are currently looking into the Automatic Update functionality.
In order to not delay anyone in getting their WooFramework up to date, we provided the manual update steps.
Our sincerest apologies for the inconvenience caused here.
Wait. There’s an Automatic Update option for the WooFramework? I have the Gazette Edition and I don’t see any option to turn automatic updates on/off.
I ask because if the WooFramework is updated for my site automatically it will break it as I have a modified framework file.
Or are you talking about the option to update WooFramework by hitting the update button? If so you might want to call that ‘Express Update’ instead of ‘Automatic’ which implies it’s done without human intervention.
Hi Baron,
I was referring to the “Update Framework” link in the WordPress admin.
My apologies for the confusion. I was referring to our express updater. 🙂
Using the updater will overwrite your modifications though, just be sure to back those up when you upgrade.
Just manually updated the site. Thanks for heads up.
Hello Woo Guys,
Still alive after all this hassel?
I started replacing the functions folder in my Livewire theme, which works with Framework 2.1. The result was a blank page.
After that I reinstalled the backup, which was allright.
On my Livewire seems to operate an older version of Framework. So what do I do now?
Regards,
Daan
Hi Daan,
It looks like you’re theme requires an update as well.
Please let us know if we can assist with this. If so, please e-mail techsupport [at] woocommerce.com.
Thanks Daan. 🙂
I have a few sites with woothemes, seems the framework updater is not working though, says it’s up to date but shows an old version number. Actually it’s the case with most of them.
Hi Nur,
We’re aware of this issue and are currently looking into it.
In the interim, please use the manual update process, outlined in the blog post above.
Thanks. 🙂
I am a total tech dummy, but was still able to update manually. So there is hope for the other ftp challenged out there. Hang in there Woos!!!
Really glad you’re up to date, Karin. Thanks for your support. 🙂
How do you update the framework automatically?
Hi Antonio,
To clarify, I was referring to the “Update Framework” link in the WordPress admin in my comment to Baron.
We are currently looking into the updater. In the interim, we’d recommend the manual update process outlined above.
Thank you for your patience in this regard.
I too am unable to update the framework on Simplicity. At what point do you expect for the automatic update to be working. I am not comfortable trying anything manually, as I am really new to WordPress.org and woo themes and am REALLY fearful of screwing something up.
Hi Andrea,
We’re working on getting the updater going again. No set ETA as yet, unfortunately.
Our team of ninjas are on hand to assist with the updates as well. If you’re not 100% comfortable with a manual update, please e-mail us on techsupport [at] woocommerce.com and let our ninjas know. From there, they’re more than happy to assist with the update process. 🙂
Thanks for the quick fix! Just updated it in seconds. Please pass on my thanks to the ninjas!
No automatic update? Ah, no ETA on that. Just the more important update like ever, but you are going to make it a PITA for us to deal with. I think the fact on major security update that you guys can’t get the auto update should speak to the confidence one might have in your themes in the future. You had a security flaw recently, now another one shortly thereafter.
How about something more useful to use other than “no set ETA”? How about something more reassuring like, a team is looking at this and should be a few hours. Or perhaps you can’t admit that your system is FUBAR when in fact it is needed the most.
Sorry to rant, but this is pathetic. Sure replies on this thread is nice but how about something more useful? I question now whether auto update will even be possible. If your team working on this isn’t big enough, make it bigger. I say manual update this.
Hi gman,
To clarify, our team have been working on the updater for several hours alongside our hosting provider. It is down due to our recent move to a new server. We have isolated the area in which the malfunction is occurring and are currently looking into the best possible resolution for this. We estimate several hours before the updater is active.
For more information on our recovery process from our recent downtime, please see our blog post here: http://woocommerce.com/2012/05/recovery-update-tuesday-1-may/
Our sincerest apologies for the inconvenience caused here.
Appreciate a more detailed post about the automatic update situation. I might have been a bit harsh with my words.
On a side note, perhaps Woo Themes needs a better protocol when it comes to security issues? It’s not like Windows OS that prompts you for security patches. I suppose the email was sufficient, but you should honestly border on spamming people about the need to update their blogs. Email to me is hardly a reliable method of notifying about serious security issues. Ask people for two email address for their sign ups. I don’t know. The more your company grows, the more stuff like this is going to bring you down and tarnish your reputation. I love what you guys do, but the previous security issue and this one seems a bit Mickey Mouse in the handling or protocols. Just my opinion, that’s all.
Hi gman
We have now fixed that auto update functionality. I’ve worked hard with our hosting provider to get that issue resolved and we’ll be putting measures in place to ensure that the updater will work even if our website is down.
Thanx for the fix and the update on the autoupdate infrastructure.
Can you please make the main wooframework options independent now; I couldn’t load the theme options on Canvas & Over Easy at all during the downtime (framwork update aside).
How do I use the short codes now? When i’m in the post/page edit I can see the short code list but when I click the short codes don’t insert. I think I may have disabled the short code js from loading a while back, that could be my problem what file can I check in?
Hi Max.
Please e-mail us on techsupport [at] woocommerce.com or post in the forums where our ninjas can assist, if need be. 🙂
Just wanted to say W00t! The auto update within WordPress is now available. A huge thank you guys for getting that working again. Saves a bit ‘ol hassle for a lot of us. Manual updating is soooo not WordPress if you know what I mean.
We know what you mean, glad to have it working again!
updated! Thank you!
Hi,
I have a client using WooThemes and they have been hacked…likely from the WooTheme vunerability. I have seen the recommendation of replacing the functions folder with the “new” version, but that was for folks to do a safety upgrade, not with someone who’s site has been exploited.
What is the mode of attack? Are theme files being overwritten or is the maliciousness confined to the functions folder files? Once attacked, do plugins or WP itself get infected?
I have only browsed the comments here (there are so many!) and re the “Automatic Update” via WordPress… Is it being suggested that the WP Auto update can be used to clear a hacked WooThemes theme? Manual seems much safer.
Thanks!
Ken
Hi Ken,
We’re really sorry one of your websites has been compromised.
We’d advise updating to the latest version of the WooFramework soonest and contacting the security professionals at http://sucuri.net/ to isolate and resolve the hack. They would be able to isolate which areas of your website have been affected.
We’d also advise changing all passwords (WordPress, FTP, database, CPanel, etc).
Our sincerest apologies for the inconvenience caused here.
Thanks and regards,
Matty.
I can’t confirm that our website has been compromised, but it is certainly acting up, and updating our theme and framework didn’t seem to fix it. I’d really like to know more about the recommended course of action in the case of a compromised website:
– How can you tell if your website has been compromised? Where do you look?
– How do you fix it? Will reverting to an earlier back up be enough?
– We have several sites hosted on the same server, but the others are not using WooThemes. Could they still be affected?
I think this might merit a blog post of its own.
Hi Erlend,
Please see my comment above to Ken on the course of action if you feel your website may have been compromised.
We’d recommend contacting the security professionals at Sucuri ( http://sucuri.net/ ) who can scan your server and isolate any potentially compromised areas of your server.
Our sincerest apologies for the inconvenience caused here.
What does this vulnerability enable a malicious hacker to do?
I have lots of sites. I’m deciding whether to update them. If it’s not a security risk that could actually have a negative impact on me I see no reason to.
Hi Louis,
This update is a critical update that we advise you update to right away.
The exploit, as detailed above in the blog post, allows unauthorized users to display shortcodes. Through this, a hacker could compromise your website.
Our updater is available via the “Update Framework” link in your WordPress admin, to make the update process quicker.
Our sincerest apologies for the inconvenience caused here.
I don’t have to do this for Original Premium News, right? There is a /functions/ folder, but only 2 files, custom.php and easytube.php, and they’re not in the Woo Framework I downloaded.
Unfortunately, the theme was hacked this morning. IFRAME injection in header.php. I’m not yet sure where the hole is.
Hi Sam,
If the “functions” folder inside your theme doesn’t resemble that of the WooFramework, this fix wouldn’t apply to your theme, no.
Regarding the error you’ve noted, I’d advise contacting the security professionals at Sucuri ( http://sucuri.net/ ). They would be able to advise on and resolve this hack.
The current (latest) version of the Original Premium News theme does run on the WooFramework. Once the hack on your website has been resolved, you could upgrade to that, if you wish to do so.
Our sincerest apologies for the inconvenience caused here.
Hi, WooThemes….. I just checked Wootique theme changelog…
Hmmm… have you update that theme (regarding this exploit issues) lately ??
🙂
==========================================================
“………
*** Wootique Changelog ***
2012.04.17 – version 1.3.1
* template-sale.php preparation for WooCommerce 1.5.4
2012.03.29 – version 1.3
* header.php
includes/theme-woocommerce.php – html5 shim now hooked into wp_head
* header.php
includes/theme-woocommerce.php – added woo_nav_before() action and hooked search into it
* header.php
includes/theme-woocommerce.php- added woo_nav_after() action and hooked cart / checkout buttons into it
* header.php – added woo_content_before() hook
* footer.php – added woo_content_after() hook ”
…………”
Hi Alvin,
The update was made to the WooFramework, which carries it’s own changlog file ( “functions/functions-changelog.txt”).
Clicking “Update Framework” in your WordPress admin and following the quick update process there would get your copy of the WooFramework up to date.
Thanks! 🙂
oh i see..
i got it..
thanks, Matty Cohen
🙂
Hi,
I have updated my woothemes framework for canvas. I also am using woocommerce and canvas commerce. Do I need to do anything with these?
Thanks
Hi Steve,
WooCommerce doesn’t contain the WooFramework and your child theme piggybacks off of Canvas’ WooFramework, so you should be all good to go after updating Canvas’ WooFramework. 🙂
Hi guys
I updated the Wooframework manually, everything goes fine but then I get the message “Old version of TimThumb detected in your theme folder. Click here to update.”
When I click “update TimThumb”, I get error “Warning: fopen(/var/www/vhosts/mysite/httpdocs/blog/wp-content/themes/canvas/thumb.php) [function.fopen]: failed to open stream: Permission denied in /var/www/vhosts/mysite/httpdocs/blog/wp-content/themes/canvas/functions/admin-functions.php on line 3368
Can you please help me out?
Regards
Christof
Christof,
Post in the forums for technical support. We’ll be able to help out much more thoroughly there than comments here. – http://woocommerce.com/support-forum/
Hello Guys,
What happened to you all?? No one responding in the forum? Themes are not working properly, neither plugins.
I’m using canvas theme for my new project and the comment system is not working in the theme, I’ve upgraded to the latest framework. WooDojo Plugin is also not working, I started a thread in the forum and it has been 2 days, no one solved my problem.
I want you to assist me as quickly as possible. Here’s the thread: http://woocommerce.com/support-forum/?viewtopic=75705
Sorry for the late response time in the forum. During weekends it may not be answered as quickly as usual, but I’ll make sure it is answered today.
Awesome, now the Google fonts I used are no longer supported.
If you want to add more Google fonts, check this tutorial: http://woocommerce.com/tutorials/add-more-google-fonts-to-options/
I finally managed to update the framework, for some reason the automatic update took quite a few attempts and when I was about to give up it worked.
I want to thank you for sending a warning email to the Woothemes mailing list because WordPress does not tell you when WooThemes framework has to be updated, you need to go the necessary tab to see the warning which I hardly do.
Hi,
You guys rock! So major things happened and you dealt with it. You made it painless… all I had to do was go into my theme and click a button and all the files updated automatically. That is way above the normal FTP aggravation that most fixes would entail.
WooCommerce rocks too!
I am still getting an error on the Theme Options panel for Canvas. I manually did the update to the functions file.
Here is the error I am receiving:
Fatal error: Out of memory (allocated 29360128) (tried to allocate 262142 bytes) in /homepages/14/d364782900/htdocs/Pretty Things Lingerie/wp-content/themes/canvas/functions/admin-interface.php on line 1231
This should help: http://codex.wordpress.org/Editing_wp-config.php#Increasing_memory_allocated_to_PHP
If you need more help, please post in our forums.
Are your free themes safe? I wanted to test-drive some themes, but was looking at the changelogs and it’s been literally years since the free themes have been updated, and no mention in the changelog of any security fixes.
Hi,
Yes they are updated as well. The WooFramework has it’s own changelog in functions/functions-changelog.txt
I’m trying to update manually but I’m getting this error “Fatal error: Cannot redeclare woothemes_more_themes_page() (previously declared in C:\xampp\htdocs\wordpress\wp-content\themes\hotnaija\functions\admin-functions.php:2477) in C:\xampp\htdocs\wordpress\wp-content\themes\hotnaija\functions\admin-theme-page.php on line 65” what do I do?
I got this ”
Warning: require_once(C:\xampp\htdocs\wordpress/wp-content/themes/hotnaija/functions/admin-theme-page.php) [function.require-once]: failed to open stream: No such file or directory in C:\xampp\htdocs\wordpress\wp-content\themes\hotnaija\functions.php on line 18″ before I added “admin-theme-page.php” from my old theme and later got this error “Fatal error: Cannot redeclare woothemes_more_themes_page() (previously declared in C:\xampp\htdocs\wordpress\wp-content\themes\hotnaija\functions\admin-functions.php:2477) in C:\xampp\htdocs\wordpress\wp-content\themes\hotnaija\functions\admin-theme-page.php on line 65” How do I fix it?
I have INSPIRE 1.1.2 installed on a site and there is no framework option. My account login has been suspended although i was a paying customer for 2 years and it appears my subscription just ended june 1st. How can I update this theme?
*no update framework option.
If you post in our support forum we will assist you with the upgrade, although your version doesn’t have shortcodes so does not have the security hole.
Hello, on another site I just updated sealight to the latest version of the framework, only to see this message:
Old version of TimThumb detected in your theme folder. Click here to update.
When I click there, I see this:
Warning: fopen(/home/logic/public_html/wp-content/themes/sealight/thumb.php) [function.fopen]: failed to open stream: Permission denied in /home/logic/public_html/wp-content/themes/sealight/functions/admin-functions.php on line 3369
Delete the old thumb.php manually from ‘wp-content/themes/sealight/thumb.php’
Please use our support forum if you need more assistance.
Who can help me please? If click unorderer list with tick in my post doesn’t appear the tick..
Please do post in the forums if possible so we can help. – http://woocommerce.com/support-forum/