Hi, i have a problem, when there are {if} on forum threads i have a blank page or a page with 89Protect17MePlease when i put args if {if $var } ..., i have tried to put OFF the protect_javascript var but the bug stay.
wtf ?
OK, for the record we’ve got EE version 1.6.3 and version 2.1.0 for the forum.
Are you running your forums through templates, and if so, is PHP enabled? I can find something similar to what you describe, but I don’t see how its possible to get to it.
Could you run a test for me? Try using a default forum theme, and if you are running through templates, be sure nothing else is in the template but
{exp:forum}
Also, any extensions or plugins installed? If you disable/uninstall does the problem persist?
Finally - I’m going to encourage you to update to 1.6.4. There was an important security update in addition to a series of bug fixes.
OK, for the record we’ve got EE version 1.6.3 and version 2.1.0 for the forum.
Are you running your forums through templates, and if so, is PHP enabled? I can find something similar to what you describe, but I don’t see how its possible to get to it.
Could you run a test for me? Try using a default forum theme, and if you are running through templates, be sure nothing else is in the template but
{exp:forum}
yes i am running the forum through templates bug php isnt activated in forum template, i have try the default template and same problem.
Derek Allard - 10 July 2008 09:46 AM
Also, any extensions or plugins installed? If you disable/uninstall does the problem persist?
Ok, i have localized the bug, it is in textile plugin, i will try to find why it’s bug.
Derek Allard - 10 July 2008 09:46 AM
Finally - I’m going to encourage you to update to 1.6.4. There was an important security update in addition to a series of bug fixes.
I not update now because i have change some hard code and i will need to made this in the new version ^^, i will update but later, what is the security update please ?
Thanks for your help.
This is pointing to a collision somewhere in custom code and the forum. We simply cannot support EE installs where the code has been changed. If you can update to 1.6.4 we will be able to work this through for you, but without standard code, I can’t begin to diagnose.
For the record, what is the exact code that is causing your error? I’m not able to recreate, but I’m on a stock EE installation. Also, is “89Protect17MePlease” exactly what you see?
You may want to try disabling/uninstalling plugins or extensions and see if the problem persists?
With respect to the security update, you can find more information in our blog.
...the development team has identified and fixed a potential cross-site scripting vulnerability…
You could run a search of the bug tracker and bug forum but nothing springs to mind. Are you reporting one? If so, I’ll need the questions above answered.
Confirmed, xtz_, and fixed. Textile uses braces in its syntax and was converting text that EE had already protected from being parsed, effectively undoing EE’s protection for braces.
We appreciate the report; in the future though it would be good to be thorough when reporting a problem - this one had us guessing and making many assumptions about your environment, which hindered our ability to identify the problem.
The [code] markers indeed need to be whitelisted. Download a fresh copy that addresses this; I went ahead and incremented to version 1.1.1 for clarity.
Seems all of the small issues have been buttoned up! If you have additional problems, please use the button at the top or bottom of the thread to start a new related topic.
Profile
MSG
This Question is Resolved.
If you have a similiar issue that this thread does not address,
click the button below to open a new related support topic.
