Vanilla 2.0.18.4 Released

Todd

This release fixes a security hole in Vanilla that can leave your forum open to XSS attacks. There are also a couple of other minor fixes included with this release. We strongly recommend updating to this version of Vanilla.

Changelog:

• 2012-03-26 Partially fix #1330 by checking the format field on models.
• 2011-09-28 Fixed canonical url in /categories/*.
• 2012-03-16 Fixed canonical url bug when looking at a category.

If you are running Vanilla 2.0.18+ and want the files to fix the security hole you can do the following:

1. Download Vanilla 2.0.18.4
2. Replace the following files on your site:
   • applications/dashboard/locale/en-CA/definitions.php
   • library/core/class.validation.php
   • library/core/functions.validation.php

UnderDog

Great job! It solves the security vulnerability that was posted this morning.
http://vanillaforums.org/discussion/19533/bug-1330-unauthorized-db-manipulation-via-post-form-tampering

Really fast reaction time.

aery

fast reaction time

I have been waiting so long for 2.1

wemix

Thanks . i also downloded the latest version and installing my website's forum on it only.

Ron

Download page shows 2.0.18.4.

finid

Just downloaded and installed this on a test system, and attempting to embed it in a WPress site.

Issue, the screencasts at http://www.screenr.com/kqY do not match what I am seeing on the embed page on the dashboard. Also, after installing the WP site, the page that is supposed to be auto-created is not and the features I saw on the screencast does not match what I am looking at on the embed page on my WP dashboard.

Any help is appreciated.

aery

I tried to update from 2.0.8.1 to 2.0.8.4. Copied and overwrited the files, deleted ini files from cache.

But when running http://forum.gtricks.com/utility/update, it shows blank page. No success no failure information.

The debugger is confusing, and just says

Success: false
BodyClass: 'Dashboard Utility update Home'

aery

anything I should be worried about?

RawRathee

hmmm I am going to install vanilla over a new site now...

ojiozu

Will this fix the bug Below?
http://vanillaforums.org/discussion/19677/openid-authentication-failure-on-firefox

Linc

@aery Try /utility/structure if you're having trouble.

aery

@Lincoln tried it. It always remains consistent.

Even after clicking on button "Run Structure and Data Scripts" and after getting the structure successfully executed, I always get the same things on Rescaning.

The code -

alter table `GDN_AnalyticsLocal`  engine = innodb;

update GDN_User User set 
 Permissions = ''
where Permissions <> '';

alter table `GDN_Tag`  engine = innodb;

alter table `GDN_Log`  engine = innodb;

alter table `GDN_Regarding`  engine = innodb;

alter table `GDN_Ban`  engine = innodb;

alter table `GDN_TagDiscussion`  engine = innodb;

UnderDog

@aery time to open a new thread. I lost you when you either get a blank page or you get a page with The debugger is confusing, and just says

Success: false BodyClass: 'Dashboard Utility update Home'

I also missed what is wrong with the SQL queries you showed. Do they work in phpMyAdmin?

Todd

I'm wondering if your MySQL doesn't have InnoDB support. Try running the following query to see if InnoDB is there:

show storage engines;

aery

@Todd it does have -

UnderDog

ahum! InnoDB Support DISABLED

aery

The support is disabled but it does have that installed.

peregrine

does this help

www.mydigitallife.info/enable-mysql-innodb-storage-engine-support-in-xampp-installation/

aery

@peregrine I dont know what my hosting provider is using

Anyways, thanks for the help

aery

So my hosting provider does not support InnoDB but MyISAM.

What shall I do now?

UnderDog

Change engine=innodb to engine=myisam

Let's see if your SQL queries work then.