[Stephen Edgar]

bbPress 2.5.9 is out, and is a security release for all previous 2.x versions.

bbPress versions 2.5.8 and earlier are susceptible to a form of cross-site-scripting, due to the way users are linked to their profiles when they are mentioned in topics and replies.

Check the 2.5 milestone for a comprehensive changelog of fixes.

Take a moment to update your bbPress installations to 2.5.9. If you’re using WordPress’s built-in updater, it should only take a click or two.

These fixes have also been ported over to 2.6, which we continue to run here at bbPress.org and BuddyPress.org.

[Soul]

Hi Stephan
nice work for the update. But it is forgotten the pagination when threaded reply is activated.
Will bbpress do this integrate asap?

Best regards.

PS: I made the patch it was mentioned before.

[rf0854]

Please note that the text editor is now missing after updating to 2.5.9. Currently running wordpress 4.5.1

Any fixes available for this?

[Kineta]

Where is the best place to log bugs? Thanks.

[rf0854]

Just an FYI to anyone who was following this thread… This was fixed by adding the following code to my theme’s footer.php file.

<?php wp_footer(); ?>

This was inserted right before the </body> tag. Enjoy!

[Robkk]

@soulkitchen

Can you link me to the exact patch you worked on??

@kineta

Create a ticket in the bbPress trac. Login using your WordPress.org/bbPress.org login credentials. Find any more bugs, please report them.

https://bbpress.trac.wordpress.org/

@rf0854

Yeah not having wp_footer(); will mess up the editor because the script is enqueued in the footer of your page.

[mica123]

Before I upgrade to bbpress 2.5.9 I’d like to check on the following:

1. I put some bbpress php files into my child theme ((bbpress.php – modified by @robkk; the following files were modified by me: feedback-no-forums.php, feedback-no-replies.php, feedback-no-search.php, feedback-no-topics.php, form-forum.php, form-reply.php, form-topic.php, loop-single-form.php) – will I have to do something after the upgrade?

2. Should I worry about the text editor missing after the upgrade as reported in the post above?

Thank you.

[Robkk]

@mica123

I already replied to your topic here about the bbpress.php file in your theme. As for the bbP Default theme package template files in bbPress, there were no changes from 2.5.8 to 2.5.9, 2.5.9 was mainly an update to a security issue involving at-mention functionality.

In the future when the release of 2.6 happens, you would have to edit some files. It would be quite easy to

1. compare the new 2.6 templates and compare them to your modified files
2. make those changes to a copy of the 2.6 templates
3. test them to see if everything is in working order in a testing environment
4. update to bbPress 2.6 on your main production site (after taking a backup of course)
5. and then push the template files to your child theme using FTP

As for the text editor issue above from the other user, I think they just modified their footer.php file in their theme and accidentally removed <?php wp_footer(); ?>, and then that screwed up all the scripts and styles hooked into the footer.

[mica123]

Thanks @robkk, I will reply to your other reply. Yes, I will follow your instructions.