HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 2.0.18.4 Released

This discussion is related to the Vanilla addon.
ToddTodd Chief Product Officer Vanilla Staff
edited March 2012 in Releases

This release fixes a security hole in Vanilla that can leave your forum open to XSS attacks. There are also a couple of other minor fixes included with this release. We strongly recommend updating to this version of Vanilla.

Changelog:

  • 2012-03-26 Partially fix #1330 by checking the format field on models.
  • 2011-09-28 Fixed canonical url in /categories/*.
  • 2012-03-16 Fixed canonical url bug when looking at a category.

If you are running Vanilla 2.0.18+ and want the files to fix the security hole you can do the following:

  1. Download Vanilla 2.0.18.4
  2. Replace the following files on your site:
    • applications/dashboard/locale/en-CA/definitions.php
    • library/core/class.validation.php
    • library/core/functions.validation.php
Doudou
«13

Comments

  • Great job! It solves the security vulnerability that was posted this morning.
    http://vanillaforums.org/discussion/19533/bug-1330-unauthorized-db-manipulation-via-post-form-tampering

    Really fast reaction time.

    There was an error rendering this rich post.

  • aeryaery Gtricks Forum in 2.2 :) ✭✭✭

    fast reaction time

    I have been waiting so long for 2.1

    There was an error rendering this rich post.

  • Thanks . i also downloded the latest version and installing my website's forum on it only.

  • Download page shows 2.0.18.4.

  • Just downloaded and installed this on a test system, and attempting to embed it in a WPress site.

    Issue, the screencasts at http://www.screenr.com/kqY do not match what I am seeing on the embed page on the dashboard. Also, after installing the WP site, the page that is supposed to be auto-created is not and the features I saw on the screencast does not match what I am looking at on the embed page on my WP dashboard.

    Any help is appreciated.

  • aeryaery Gtricks Forum in 2.2 :) ✭✭✭

    I tried to update from 2.0.8.1 to 2.0.8.4. Copied and overwrited the files, deleted ini files from cache.

    But when running http://forum.gtricks.com/utility/update, it shows blank page. No success no failure information.

    The debugger is confusing, and just says

    Success: false
    BodyClass: 'Dashboard Utility update Home'

    There was an error rendering this rich post.

  • aeryaery Gtricks Forum in 2.2 :) ✭✭✭

    anything I should be worried about?

    There was an error rendering this rich post.

  • hmmm I am going to install vanilla over a new site now...

  • LincLinc Detroit Admin

    @aery Try /utility/structure if you're having trouble.

  • aeryaery Gtricks Forum in 2.2 :) ✭✭✭

    @Lincoln tried it. It always remains consistent.

    Even after clicking on button "Run Structure and Data Scripts" and after getting the structure successfully executed, I always get the same things on Rescaning.

    The code -

    alter table `GDN_AnalyticsLocal`  engine = innodb;
    
    update GDN_User User set 
     Permissions = ''
    where Permissions <> '';
    
    alter table `GDN_Tag`  engine = innodb;
    
    alter table `GDN_Log`  engine = innodb;
    
    alter table `GDN_Regarding`  engine = innodb;
    
    alter table `GDN_Ban`  engine = innodb;
    
    alter table `GDN_TagDiscussion`  engine = innodb;
    

    There was an error rendering this rich post.

  • @aery time to open a new thread. I lost you when you either get a blank page or you get a page with The debugger is confusing, and just says

    Success: false BodyClass: 'Dashboard Utility update Home'

    I also missed what is wrong with the SQL queries you showed. Do they work in phpMyAdmin?

    There was an error rendering this rich post.

  • ToddTodd Chief Product Officer Vanilla Staff

    I'm wondering if your MySQL doesn't have InnoDB support. Try running the following query to see if InnoDB is there:

    show storage engines;
    
  • aeryaery Gtricks Forum in 2.2 :) ✭✭✭

    @Todd it does have -

    There was an error rendering this rich post.

  • ahum! InnoDB Support DISABLED

    There was an error rendering this rich post.

  • aeryaery Gtricks Forum in 2.2 :) ✭✭✭

    The support is disabled but it does have that installed.

    There was an error rendering this rich post.

  • does this help

    www.mydigitallife.info/enable-mysql-innodb-storage-engine-support-in-xampp-installation/

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • aeryaery Gtricks Forum in 2.2 :) ✭✭✭

    @peregrine I dont know what my hosting provider is using :(

    Anyways, thanks for the help :)

    There was an error rendering this rich post.

    cnece
  • aeryaery Gtricks Forum in 2.2 :) ✭✭✭

    So my hosting provider does not support InnoDB but MyISAM.

    What shall I do now?

    There was an error rendering this rich post.

  • Change engine=innodb to engine=myisam

    Let's see if your SQL queries work then.

    There was an error rendering this rich post.

Sign In or Register to comment.