Maint. Mode Text – Slashes

Home Forums BulletProof Security Pro Maint. Mode Text – Slashes

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #41525
    JohnS168
    Participant

    BPS 16.3.2 Pro

    A little problem has creeped into the latest releases.

    The maintenance mode text is not being stripped of slashes before creating bps-maintenance-values resulting in incorrect html.

    e.g.

    img class=\"alignnone wp-image-7363\" src="\http://xxxx.com/wp-content/uploads/2015/10/image.png\"
    #41530
    AITpro Admin
    Keymaster

    I did do some sanitization stuff in MMode in BPS Pro 16.3.2, but I just checked this and slashes are still being stripped out of the MMode Editor.  Try these steps and let me know if this works or not.

    Cut (not Copy) your HTML code out of the MMode Text Editor.
    Resave your MMode settings.  The Editor should be blank.
    Paste your HTML code to a text or code editor and remove the slashes.
    Copy your HTML code into the Text Editor and save your MMode settings.

    #41531
    AITpro Admin
    Keymaster

    Ok I see the problem now.  It is not in the MMode Editor itself.  It is in the bps-maintenance-values.php file.  Ugh.  I’ll fix this in a minute and upload a new BPS Pro 16.3.2 zip file, which you can install using the BPS Pro Setup menu > Upload Zip Install zip installer.

    #41532
    JohnS168
    Participant

    No joy.   Same results.

    The html is fine in the MMode editor.  It is when it is written to bps-maintenance-values.php.

    I added stripslashes($MMoptions[‘bps_maint_text’]) to maintenance.php on line 460 to get around the issue.  You probably have a better solution but it was 11PM when my boss called so I got creative.

    #41533
    AITpro Admin
    Keymaster

    This problem has actually been going on for a while.  I checked a few versions back and the problem was happening in those versions too.  I’ll upload a new BPS Pro 16.3.2 zip in about 30 minutes.

    #41534
    AITpro Admin
    Keymaster

    Ok a new BPS Pro 16.3.2 zip file has been uploaded to the API server and the BPS Pro Secure Download area:  https://www.ait-pro.com/wp-admin/.  The Maintenance code is very outdated and ugly.  That is going to be cleaned up in BPS Pro 16.4.  It works, but yeah really ugly stuff.

    #41535
    JohnS168
    Participant

    We have a winner.  Much appreciated.

    #41542
    AITpro Admin
    Keymaster

    Actually the problem did start occurring in BPS Pro 16.3.2 because I changed the double quotes to single quotes for the value of the $bps_maint_text variable in the bps-maintenance-values.php file.  Double quotes would process backslashes in the HTML and escape double quotes.  Single quotes on the other hand treat backslashes literally.

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.