Please disregard the 'View article...' shown at the bottom of many posts as this is the result of restoring old forum posts from a backup.

Do NOT use recent patches to v2.3.1, v2.2.3, or v2.1.4! Data Corruption Issue

Please do NOT install v2.3.1 Patch #1/2, v2.2.3 Patch #6/7, nor v2.1.4 Patch #3/4! They will cause WYSIWYG text to become garbled when saving, and will strip scripts when saving a Code Snipped module. We are still working on a universal (server) fix for these versions. .


View article...

Comments

  • So what do we do to roll back if the patch was installed? Specifically 2.3.1 patch 1.


    View article...
  • I'll try to get a patch #3 up soon with the 3 older subsystem files expRouter.php, expTheme.php, & expString.php.


    View article...
  • The quickest fix (at this point) is to re-install the last full package and the most recent pre-fix patch

    v2.1.4 full package and v2.1.4patch2
    v2.2.3 full package and v2.2.3patch5
    v2.3.1 full package

    If using the git 'master' repo, you could do a
    git checkout v2.3.1


    View article...
  • Patch 3 for v2.3.1 ok now? We can test with that link in which we found out this issue if you think patch 3 is safe enough to try.


    View article...
  • There were several issues with the first set of recent security patches:
    1. It would strip out all scripts from the Code Snippets module when saving those items, which defeats the purpose of the code snippets module.
    2. On some servers it would an 'rn' in place of all 'new lines' when saving text from any form (configure, etc...).
    3. It would strip out the closing tags on most html/wysiwyg data when saving text from any form (configure, etc...)
    (which means the security filter was working TOO well, it was not only scrubbing out unwanted things but also needed/wanted things)

    Though we've fixed #1 and #3 , #2 is hard to pin down, especially since I can't reproduce it locally, however it seems to appear on many remote servers.

    Therefore, the following patches (which may be available in the wild) are NOT recommended:
    v2.1.4patch3, v2.1.4patch4, and v2.1.4patch5
    v2.2.3patch6, v2.2.3patch7, and v2.2.3patch8
    v2.3.1patch1, v2.3.1patch2, and v2.3.1patch3



    View article...
  • Taking expRouter.php, expTheme.php, & expString.php from the full package of v2.3.1 would fix this for now? Any database changes?


    View article...
  • The fix will be found in v2.1.4patch6, v2.2.3patch9 and v2.3.1patch4. See separate discussion


    View article...
Sign In or Register to comment.