I thought that file got wiped every time you added/removed an extension?

Thanks for the heads up yet again...

@Ben - it used to in a previous revision. Now it only removes or adds the necessary lines to enable or disable an extension. So the installer/upgrader now adds the necessary line of code to prevent the attack and the extension manager just leaves it there. If, however, you aren't doing a fresh install or upgrading from 0.9.2, then you have to add it manually.

This post read like all I need to do to a 1.0.2 release is add that line to the file, yet if I grep the source for that define it doesn't show up, and of course nothing works.

Am I miss understanding the post, do I need to download and apply the patch first?

The entry says "If you are upgrading from the Vanilla 1.0.2 release".

If you are upgrading from some other release, then you'll need to do a full upgrade - instructions are included in the package.

The reason a grep doesn't show any changes is because Vanilla doesn't include your conf/*.php files by default. It creates them automatically when you do your install. If, however, you already have Vanilla installed, you will have to add the line manually.

Would have been nice for this blog's RSS feed to be working for automatic notification for security issues like this. Just saying. Of course, I'm at 1.0.3. =)

@Ernie - I agree. I do, however, have RSS on the community forum, and that feed should give anyone who's interested a much more up-to-date glance at what's going on with both Vanilla and it's add-ons.

If it were a perfect world, I'd have time to finish Swell, Fix up the addons site so it also has comments and RSS feeds, AND get all of the Vanilla changes and updates into place.

But sadly, this is reality.

I am using Vanilla 1.0.1 and I recently applied the patch manually. The result was Vanilla stopped working at all - it returns only blank files, instead of HTML.
Any idea why?

Anyone having problems with the upgrade should go to lussumo.com/community for help.

<a href= http://hardbabes-com.zovyre.cn >portofino bay</a> <a href= http://aspd-net-therapeutic-massage.zovyre.cn >1998 chev malibu thief warning</a> <a href= http://myfriendlydating-com.zovyre.cn >dugan racing</a> <a href= http://clubxxx-it.zovyre.cn >simmons college professional development</a> <a href= http://iamthebutterflyman-com.zovyre.cn >clyde yates teacher</a> <a href= http://chanalbion-com.zovyre.cn >hope center in jercity city</a> <a href= http://fantasies-freesexlist-net.zovyre.cn >cw shredder</a> <a href= http://campgear-ca.zovyre.cn >proforma</a> <a href= http://fresh-women-com-password.zovyre.cn >rate your professor</a> <a href= http://stbarnabasfalmouth-org.zovyre.cn >selegiline patch</a>

<a href= http://zizefela.newmail.ru >chrysler</a> <a href= http://kotutiv.newmail.ru >devildogs.info platoon charlie</a> <a href= http://zacilos.newmail.ru >coupons dinner</a> <a href= http://vehixyna.newmail.ru >malfeasance - definition</a> <a href= http://zabiwi.newmail.ru >sushi lahaina hi</a> <a href= http://jefyfu.newmail.ru >record jurenal conn.</a> <a href= http://hikiti.newmail.ru >charlene davis kennedy kreiger baltimore md</a> <a href= http://zelupyx.newmail.ru >airshow</a> <a href= http://jorira.newmail.ru >unitysound</a> <a href= http://jimiwigy.newmail.ru >blue book</a>