Also, the subset of passwords affected by using “==” instead of “===” are those on which the password hashes begin with 0e followed by exclusively numerical characters.
Suela.
Also, the subset of passwords affected by using “==” instead of “===” are those on which the password hashes begin with 0e followed by exclusively numerical characters.
Suela.
wow! I wish I had found this forum post before I started the long and tedious process of uploading the 12,000 PHPlist files to my server.
It would be nice if we could just have ‘a patch’ in cases like this…
Hi @mikerotec that is why I 'd asked if so many files must be updated in order to upgrade to 3.5.1 (from 3.5.0)
PS: Tried to find a listing of all “necessary” files for basic usage but none at this point!
I don’t really see the issue, takes about 10 minutes to update when done manually…
and updated version number in database (table: phplist_config) & uploaded the following files: init.php & structure.php (admin subfolder)
May be more to do? I don’t know…
Try using SFTP, rsync, or the automatic updater to make such upgrades more convenient.
The automatic updater was deprecated, wasn’t it??? It’s not included in the latest version…
I do use SFTP and it’s still pretty tedious. Not sure I can set up rsync in this case
It’s really odd that the latest release the automatic updater is showing is 3.5.0.
Hello, can you please try again (make sure you are starting fresh by removing the actions.txt file in the /Config folder). I can’t replicate that in my installation and can confirm the version in the server is 3.5.1.
Hmm, NO it is not deprecated and it is included on the latest version. Can you please check on why would that be with your installation?
Thanks
The automatic updater shows version 3.5.1. The phpList Community News in the dashboard does not. I actually did not try the automatic updater earlier because I assumed that the news and the updater are in sync. I’ve cleared my browser cache, just in case.
Oh, now that bit is actually updated directly from the phplist.org website and usually every release notification is shared so, I understand the confusion. You should be able to see the post about that release too now.
Thanks,
Suela.
This is getting off-topic, but fwiw before wpcli
, I would usually update my wordpress installs using svn sw
. Would it be possible to update phpList’s files with a single carefully written git clone
against some tagged version?
@maltfield it seems done for now…
The fix is provided by switching to using strict comparison ‘===’ on the Password validation line in this file.
Hello everyone
Someone has shared on Twitter this blog earlier today:
You might want to check.
Mariana
For me the" phpList community news" in the dasboard is now only a link to https://www.phplist.org/newslist/
Hi, I get this error at the last step of the web updater:
Could not delete /myphplistsfolder/updater/…/base/vendor/bin
The folder updater contains this files
drwxr-xr-x 3 www-data www-data 4096 Dez 29 16:42 .
drwxr-xr-x 10 www-data www-data 4096 Feb 17 17:09 …
drwxr-xr-x 2 www-data www-data 4096 Dez 29 16:42 images
-rw-r–r-- 1 www-data www-data 80233 Dez 29 16:42 index.php
-rw-r–r-- 1 www-data www-data 3889 Dez 29 16:42 README.md
My whole phplists web folder is owend by the web server user.
What can I do?