Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.


This discussion is related to the TagThis addon.


  • This issue is because of an unsafe use of ForceIncomingString() in the addon. Each
    and every use of this function should be wrapped in htmlspecialchars() to avoid XSS

    Edit files the files default.php library/Function.TagThis.php and make change all
    instances of ForceIncomingString([...]) to
    htmlspecialchars(ForceIncomingString([...])) and the code should be safe.
  • it seems like most people are installing this with no problem...but i have a brand new install of vanilla 1.1.10 and i am getting this error as soon as i click on the discussion tab after enabling:

    Parse error: syntax error, unexpected '&', expecting T_VARIABLE or '$' in /homepages/34/d189919702/htdocs/noomagroup/discuss/extensions/TagThis/library/Function.TagThis.php on line 29

    anyone have any insight on what i am missing?
  • is there any way to tag discussions created by other member ?

    Is there any way to show a set of predefined tags to the user , such that user can select the tag from specified list ?
  • helllo ,
    Can any one answer my question ?

Sign In or Register to comment.