The Special SiteSplat Membership has launched! Check our In Da Club Plan 👌
  • phpBB 3.3.5 Do NOT update!
  • News, Announcements, Feedback, Improvements, Changes and Policies.
News, Announcements, Feedback, Improvements, Changes and Policies.
 #35724  by ThemeSplat
 October 7th, 2021, 7:10 pm
Well bunch of issues with extensions...
Do not update for now until I can verify what is breaking things left right and center ;) :poom:
 #35784  by Leinad4Mind
 October 28th, 2021, 8:20 pm
Let us know when it's safe. Today I had some time and I've updated all extensions. :plus1:

Will wait some more weeks, just in case :-)
 #35786  by franht1
 October 28th, 2021, 8:25 pm
thanks for the notice ... i will not update until new order!
 #35798  by ThemeSplat
 November 6th, 2021, 4:35 pm
Wait a bit longer. Almost went through all the extensions and fixed the issues were created with the 3.3.5 changes...
 #35823  by ThemeSplat
 November 11th, 2021, 4:32 pm
Should be ok to update now... However you do not need to update unless there are bugs or security issues that are a concern for your situation.

If any issues with premium extensions are encountered after the update, make sure you also update the extensions and or if an update is not available make sure to report any issues so they can be addressed asap.
 #35825  by Dion
 November 11th, 2021, 10:40 pm
phpBB 3.3.5 has a pretty serious bug in its migrations code. This bug is one of the reasons why Dave has asked people to avoid updating to phpBB 3.3.5. The bug in 3.3.5 can be demonstrated with the following migration function that does nothing more than create a JSON-encoded string as a $config variable. The function works correctly in all previous versions of phpBB that supported migrations.
Code: Select all
	public function update_data()
		return array(
			array('config.add', array('dd_migrationbug', '{"A":"101a","B":"102b","C":"103c","D":"104d","E":"105e","F":"106f","G":"107g","H":"108h","I":"109i","J":"110j","K":"111k","L":"112l","M":"113m","N":"114n","O":"115o","P":"116p","Q":"117q","R":"118r","S":"119s","T":"120t"}'))

The issue is in the phpbb/config/db.php file. The set_atomic() function now contains the following in its INSERT query:
Code: Select all
				'config_name'	=> $this->db->sql_escape($key),
				'config_value'	=> $this->db->sql_escape($new_value),

All previous versions of phpBB contained the following:
Code: Select all
				'config_name'	=> $key,
				'config_value'	=> $new_value,

The use of sql_escape() is incorrect -- the sql_build_array() function also calls this function with strings, which means the string is being double-escaped.

One hopes the phpBB devs fix this quickly, because it will undoubtedly result in a large number of broken extensions. The following ticket is the culprit:
 #35844  by ThemeSplat
 December 3rd, 2021, 8:21 pm
Hey Guys,
so a fix is in the works with the phpBB team for the bug above.
If you are on phpBB 3.3.4 do not update and wait for phpBB 3.3.6 before doing so.
if you are already on phpBB 3.3.5, update to phpBB 3.3.6 as soon as its released.
 #35847  by Bez
 December 4th, 2021, 6:25 pm
Thanks for the info