Notifications to upgrade the quicktabs module based on a security risk.

After the upgrade to quicktabs, there are errors in the display.
See attached files.
On the main group page, all posts are displayed.
However, when you use the quicktabs to display Posts, Wikis, etc - all of the content disappears.

CommentFileSizeAuthor
two.png11.04 KBdavidhunter
one.png73.18 KBdavidhunter

Comments

ezra-g’s picture

ezra-g commented
Issue tags: +Commons 7.x-3.4 radar

Commons is running QuickTabs with a hash of 89f7fd0b7313782d0f7504996daa36bde798ec79, which predates the QuickTabs security advisory at https://drupal.org/node/2103187. However, please note that the issue in that advisory isn't applicable to a default configuration of Commons: We don't rely on QuickTabs block access checking.

However, we should be able to safely move to the latest QuickTabs release, so leaving this issue open and adding to the 3.4 radar.

davidhunter’s picture

davidhunter commented

Thanks for the "quick" reply Ezra.
I'll roll it back.

ezra-g’s picture

ezra-g commented
Assigned: Unassigned » ezra-g
ezra-g’s picture

ezra-g commented

Looks like this was introduced with http://drupalcode.org/project/quicktabs.git/blobdiff/88d0ba4d7d6715e7bf5... .

ezra-g’s picture

ezra-g commented
Assigned: ezra-g » Unassigned

I'm going to be afk for a few hours.

japerry’s picture

japerry
Location KOMK
commented
Assigned: Unassigned » japerry
japerry’s picture

japerry
Location KOMK
commented

Actually, after lots of cache clearing and testing, its actually this one:

http://drupalcode.org/project/quicktabs.git/commitdiff/f8b6611a6ecadab96...

japerry’s picture

japerry
Location KOMK
commented

Ugh. cache clearing sucks. now I think its..

http://drupalcode.org/project/quicktabs.git/commitdiff/88d0ba4d7d6715e7b...

japerry’s picture

japerry
Location KOMK
commented
Status: Active » Fixed

Added a patch that will revert the JS bug that apparently fixed tabs for IE7 users. Oh well. =P

http://drupalcode.org/project/commons.git/commit/c5ee1a6

Automatically closed -- issue fixed for 2 weeks with no activity.