The Textile plugin has been updated today as it was discovered that Textile was undoing some protection ExpressionEngine makes to submitted data to prevent variable parsing in user-submitted content.  In certain circumstances this could result in PHP errors and broken content.  If you are using the Textile plugin, this is considered a critical and mandatory update.  Simply replace your existing Textile plugin with the version 1.1 (2.0.0 r2779).

Entry permalink

I upgraded, but now, when I see a preview of the post in the control panel after publishing or updating, I see

at the end of each paragraph. The code that gets outputted on the site is still good; just the preview is affected. I’m using 1.6.3.

Try a fresh download, Eric, should fix that.

Awesome, thanks!

I was a little confused by what looks like a retrograde version number. The version for the Textile plugin I had installed was 2.0 (2.0.0 r2779), and yours is version 1.1 (2.0.0 r2779). The difference is only one line and is clearly your security fix. Did you mean 2.1? Or maybe I got 2.0 from some other place (I can’t remember whether I downloaded from the official plugin list)??

The version number used to be just 2.0.0 r2779 which was taken entirely from the version of Textile, not the plugin version, as we do not create or maintain that codebase.  This is the first time that the plugin’s code, which is just a gateway to Textile, has been significantly changed, so I decided to be more explicit in the versioning.  The plugin version is the first listed, and the parenthetic version is the version of Textile, i.e. EE Textile Plugin version 1.1, using Textile’s 2.0.0 r2779 codebase.

Derek, I have a small request. Can we get a “Last Modified” date and time on the plugins, extensions, modules, and expansions? Seeing when it was first posted is great but “Date: Mar 09, 2004” makes it seem like it was the last time the plugin was updated. Just a suggestion. Thanks for the update.

ignite, you’re making it too difficult for me!  (added)

Wow, that was fast! Looks good! I like the “Published” label too. Thanks.

For the record I love the “Last Updated” addition. Thanks for this.

Upgrading stopped other plugins from working. The read file plugin and image rotator tags now show as plain text. Help!

{exp:read_file}

Share your code, please, Turkish?

Example…

The equals signs are to stop textile converting the quotes. Basically tell Textile it’s RAW HTML.

Yes, but where are you putting this?  In an entry?  A template?  Is it inside a Textile plugin tag?  What’s the full context, Turkish Baker?

A weblog entry field with the formatting type set to Textile.

That’s what I suspected, but I did not want to make assumptions.  That’s precisely the type of thing this fix is intended to disallow.  EE tags are not parsed in entry content.  There is a plugin you could use in your template “Allow EE Code” which will bypass this restriction if your site has only trusted authors publishing content.

Hello Derek,

I try :
 

and
 

but I still cannot use {site_url} (for example) in my weblog entries ({CF_BODY} is a custom field).

Any ideas?

I thought to reinstall with the old textile plugin, but I’ll overwrite it with the newest release!

Fabrice, thank you, that’s actually a bug in the Allow EE Code plugin which I’ve fixed.  Download the latest version and you should not have any problems.  Your second syntax is the correct one, incidentally.

Work like a charm. Thank YOU.