Elgg 1.7.3 has been released and addresses a security vulnerability. Users are encouraged to upgrade immediately. Visit the blog for more information.
This discussion is closed and is not accepting new comments.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Make sure you are only running plugins distributed with Elgg. Then check the link for the enable plugin button and past it here (you can edit out your site hostname).
Thank you Cash for your answer .
I didn't yet enable any plugin yet. For the button link it's : "http://www.mysite.com/action/admin/plugins/enable?plugin=messages&__elgg_token=4bbc582c8fbbab112373f9d80870e6e3&__elgg_ts=1284051659 " I think the problem comes from the bol text but even if i delete it and browse on just " http://www.mysite.com/action/admin/plugins/enable?plugin=messages " it shows me the same thing
__elgg_token and __elgg_ts are needed so it is good that they are there.
Look at your .htaccess file and make sure it has %{QUERY_STRING} on some of the rewrite rules near the bottom of the file.
yeah the %{QUERY_STRING} is there and it's even wrote two times. Really it's a crazy thing because i downloaded the package from elgg's download section and i made a new installation not an upgrade :s
@Yassine - something wrong with your server maybe? Tough to predict what it going wrong since we haven't had any other reports of this on a clean install. I would recopy the code over to make sure a file was not corrupted.
To debug this, you could start by putting this line at the top of engine/handlers/action_handler.php and report back on what is written to your error log:
error_log(print_r($_REQUEST, TRUE));
You should get an array with all the parameters from the URL you pasted here.
Also, can you post information on your web server and how PHP is being used (Apache module vs CGI)?
From 1.7.1 -> 1.7.3 ... 5 seconds development server ... all fine...10 seconds test server (shared host) -> all fine....10 seconds production server (dedicated) ... all fine ... GREAT guys !
Brett Next release if its just an update could you please please have two downloads one for people who want to do a fresh complete upload and another just for the ONLY changed code files. Every time a new release comes out I have alot of files I have custom coded and would help out if there could be two downloads so I know what files have been rewritten.
+1 for an intelligent upgrade process. :)
For those wanting to talk about having two releases, the thread is here for that: http://community.elgg.org/mod/groups/topicposts.php?topic=593107&group_guid=212067