Page 1 of 1

phpBB 3.3.5 Do NOT update!

PostPosted:October 7th, 2021, 7:10 pm
by ThemeSplat
Well bunch of issues with extensions...
Do not update for now until I can verify what is breaking things left right and center ;) :poom:

Re: phpBB 3.3.5 Do NOT update!

PostPosted:October 7th, 2021, 9:52 pm
by El_Lagarto
Good to know! Thanks!

Re: phpBB 3.3.5 Do NOT update!

PostPosted:October 28th, 2021, 8:20 pm
by Leinad4Mind
Let us know when it's safe. Today I had some time and I've updated all extensions. :plus1:

Will wait some more weeks, just in case :-)

Re: phpBB 3.3.5 Do NOT update!

PostPosted:October 28th, 2021, 8:25 pm
by franht1
thanks for the notice ... i will not update until new order!

Re: phpBB 3.3.5 Do NOT update!

PostPosted:November 6th, 2021, 3:24 pm
by kubano
It's still having issues?

Re: phpBB 3.3.5 Do NOT update!

PostPosted:November 6th, 2021, 4:35 pm
by ThemeSplat
Wait a bit longer. Almost went through all the extensions and fixed the issues were created with the 3.3.5 changes...

Re: phpBB 3.3.5 Do NOT update!

PostPosted:November 11th, 2021, 4:32 pm
by ThemeSplat
Should be ok to update now... However you do not need to update unless there are bugs or security issues that are a concern for your situation.

If any issues with premium extensions are encountered after the update, make sure you also update the extensions and or if an update is not available make sure to report any issues so they can be addressed asap.

Re: phpBB 3.3.5 Do NOT update!

PostPosted:November 11th, 2021, 10:40 pm
by Dion
phpBB 3.3.5 has a pretty serious bug in its migrations code. This bug is one of the reasons why Dave has asked people to avoid updating to phpBB 3.3.5. The bug in 3.3.5 can be demonstrated with the following migration function that does nothing more than create a JSON-encoded string as a $config variable. The function works correctly in all previous versions of phpBB that supported migrations.
Code: Select all
	public function update_data()
	{
		return array(
			array('config.add', array('dd_migrationbug', '{"A":"101a","B":"102b","C":"103c","D":"104d","E":"105e","F":"106f","G":"107g","H":"108h","I":"109i","J":"110j","K":"111k","L":"112l","M":"113m","N":"114n","O":"115o","P":"116p","Q":"117q","R":"118r","S":"119s","T":"120t"}'))
		);
	}

The issue is in the phpbb/config/db.php file. The set_atomic() function now contains the following in its INSERT query:
Code: Select all
				'config_name'	=> $this->db->sql_escape($key),
				'config_value'	=> $this->db->sql_escape($new_value),

All previous versions of phpBB contained the following:
Code: Select all
				'config_name'	=> $key,
				'config_value'	=> $new_value,

The use of sql_escape() is incorrect -- the sql_build_array() function also calls this function with strings, which means the string is being double-escaped.

One hopes the phpBB devs fix this quickly, because it will undoubtedly result in a large number of broken extensions. The following ticket is the culprit:

https://tracker.phpbb.com/browse/PHPBB3-16870