Home › Forums › BulletProof Security Pro › Maint. Mode Text – Slashes
- This topic has 7 replies, 2 voices, and was last updated 11 months ago by
AITpro Admin.
-
AuthorPosts
-
JohnS168
ParticipantBPS 16.3.2 Pro
A little problem has creeped into the latest releases.
The maintenance mode text is not being stripped of slashes before creating bps-maintenance-values resulting in incorrect html.
e.g.
img class=\"alignnone wp-image-7363\" src="\http://xxxx.com/wp-content/uploads/2015/10/image.png\"
AITpro Admin
KeymasterI did do some sanitization stuff in MMode in BPS Pro 16.3.2, but I just checked this and slashes are still being stripped out of the MMode Editor. Try these steps and let me know if this works or not.
Cut (not Copy) your HTML code out of the MMode Text Editor.
Resave your MMode settings. The Editor should be blank.
Paste your HTML code to a text or code editor and remove the slashes.
Copy your HTML code into the Text Editor and save your MMode settings.AITpro Admin
KeymasterOk I see the problem now. It is not in the MMode Editor itself. It is in the bps-maintenance-values.php file. Ugh. I’ll fix this in a minute and upload a new BPS Pro 16.3.2 zip file, which you can install using the BPS Pro Setup menu > Upload Zip Install zip installer.
JohnS168
ParticipantNo joy. Same results.
The html is fine in the MMode editor. It is when it is written to bps-maintenance-values.php.
I added stripslashes($MMoptions[‘bps_maint_text’]) to maintenance.php on line 460 to get around the issue. You probably have a better solution but it was 11PM when my boss called so I got creative.
AITpro Admin
KeymasterThis problem has actually been going on for a while. I checked a few versions back and the problem was happening in those versions too. I’ll upload a new BPS Pro 16.3.2 zip in about 30 minutes.
AITpro Admin
KeymasterOk a new BPS Pro 16.3.2 zip file has been uploaded to the API server and the BPS Pro Secure Download area: https://www.ait-pro.com/wp-admin/. The Maintenance code is very outdated and ugly. That is going to be cleaned up in BPS Pro 16.4. It works, but yeah really ugly stuff.
JohnS168
ParticipantWe have a winner. Much appreciated.
AITpro Admin
KeymasterActually the problem did start occurring in BPS Pro 16.3.2 because I changed the double quotes to single quotes for the value of the $bps_maint_text variable in the bps-maintenance-values.php file. Double quotes would process backslashes in the HTML and escape double quotes. Single quotes on the other hand treat backslashes literally.
-
AuthorPosts
- You must be logged in to reply to this topic.