Vanilla 2.0.18.4 Released

Todd

This discussion is related to the Vanilla addon.

This release fixes a security hole in Vanilla that can leave your forum open to XSS attacks. There are also a couple of other minor fixes included with this release. We strongly recommend updating to this version of Vanilla.

Changelog:

• 2012-03-26 Partially fix #1330 by checking the format field on models.
• 2011-09-28 Fixed canonical url in /categories/*.
• 2012-03-16 Fixed canonical url bug when looking at a category.

If you are running Vanilla 2.0.18+ and want the files to fix the security hole you can do the following:

1. Download Vanilla 2.0.18.4
2. Replace the following files on your site:
   • applications/dashboard/locale/en-CA/definitions.php
   • library/core/class.validation.php
   • library/core/functions.validation.php

UnderDog

Great job! It solves the security vulnerability that was posted this morning. http://vanillaforums.org/discussion/19533/bug-1330-unauthorized-db-manipulation-via-post-form-tampering

Really fast reaction time.

aery

fast reaction time

I have been waiting so long for 2.1

wemix

Thanks . i also downloded the latest version and installing my website's forum on it only.

Ron

Download page shows 2.0.18.4.

finid

Just downloaded and installed this on a test system, and attempting to embed it in a WPress site.

Issue, the screencasts at http://www.screenr.com/kqY do not match what I am seeing on the embed page on the dashboard. Also, after installing the WP site, the page that is supposed to be auto-created is not and the features I saw on the screencast does not match what I am looking at on the embed page on my WP dashboard.

Any help is appreciated.

aery

I tried to update from 2.0.8.1 to 2.0.8.4. Copied and overwrited the files, deleted ini files from cache.

But when running http://forum.gtricks.com/utility/update, it shows blank page. No success no failure information.

The debugger is confusing, and just says

Success: false BodyClass: 'Dashboard Utility update Home'

aery

anything I should be worried about?

RawRathee

hmmm I am going to install vanilla over a new site now...

ojiozu

Will this fix the bug Below? http://vanillaforums.org/discussion/19677/openid-authentication-failure-on-firefox

Lincoln

@aery Try /utility/structure if you're having trouble.

aery

@Lincoln tried it. It always remains consistent.

Even after clicking on button "Run Structure and Data Scripts" and after getting the structure successfully executed, I always get the same things on Rescaning.

The code -

alter table `GDN_AnalyticsLocal`  engine = innodb;

update GDN_User User set 
 Permissions = ''
where Permissions <> '';

alter table `GDN_Tag`  engine = innodb;

alter table `GDN_Log`  engine = innodb;

alter table `GDN_Regarding`  engine = innodb;

alter table `GDN_Ban`  engine = innodb;

alter table `GDN_TagDiscussion`  engine = innodb;

UnderDog

@aery time to open a new thread. I lost you when you either get a blank page or you get a page with The debugger is confusing, and just says

Success: false BodyClass: 'Dashboard Utility update Home'

I also missed what is wrong with the SQL queries you showed. Do they work in phpMyAdmin?

Todd

I'm wondering if your MySQL doesn't have InnoDB support. Try running the following query to see if InnoDB is there:

show storage engines;

aery

@Todd it does have -

UnderDog

ahum! InnoDB Support DISABLED

aery

The support is disabled but it does have that installed.

peregrine

does this help

www.mydigitallife.info/enable-mysql-innodb-storage-engine-support-in-xampp-installation/

aery

@peregrine I dont know what my hosting provider is using :(

Anyways, thanks for the help :)

aery

So my hosting provider does not support InnoDB but MyISAM.

What shall I do now?

UnderDog

Change engine=innodb to engine=myisam

Let's see if your SQL queries work then.

aery

@UnderDog Changing engine name will be no effect because the tables are already formatted in MyISAM engine.

Secondly, for update GDN_User User set Permissions = '' where Permissions <> '';

I dont have user row in GDN_User table.

Absurd!

So, if these queries doesnt run that means I can never update my vanilla properly?

UnderDog

I'm just wondering why you didn't open a separate topic, that's all :-S
How come you don't have a GDN_User table?

freeeeemind

does anyone know how to make a clean upgrade ? or maybe there's an upgrade patch or anything ?

DianeGrenier

Hi, new here. Glad to upgrade my old Vanilla product, version 2.0.17.8 to this 2.0.18.4. Thanks guys there. Diane

mjray

Anyone else had their forum get confused about whether it is in the root folder of the subdomain or in /vanilla/ after updated from 2.0.18.2 to .4? I can't get to Advanced Settings because the link goes to /vanilla/settings/advanced and removing vanilla or putting /dashboard/settings/advanced doesn't display it. I've cleared the cached ini files, my browser cache and cookies - no change. Also, I can't preview or post because it's looking for /vanilla/index.php which doesn't exist. Any ideas?

matt

Non-HTML InputFormatter only active on initial discussion, not subsequent comments

I'm using the following config option to use the BBCode InputFormatter:

$Configuration['Garden']['InputFormatter'] = 'BBCode';

However, the non-HTML InputFormatter is only active on the initial discussion but not subsequent comments. This is confusing for users as subsequent posts do not use BBCode/Markdown but use HTML instead.

I'm using Vanilla 2.0.18.4 and have reported this on GitHub.

https://github.com/vanillaforums/Garden/issues/1358

mjray

mjray Anyone else had their forum get confused about whether it is in the root folder of the subdomain or in /vanilla/ after updated from 2.0.18.2 to .4?

Another admin figured out the problem. The vanilla folder needs to be deleted after upgrade and it wasn't.

UnderDog

^^ split ^^

nkaa

good

PocketTactics

Every time VF updates, my badges get reset.