• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Hotfix-20100907 - Bug

A

AndyDuke

Guest
После установки обновления Hotfix-20100907
- во всех сайтах СайтБилдера перестали восприниматься html теги в полях "Подзаголовок" и "Нижний колонтитул", и в меню второго уровня.

Использовались BR A_HREF. Пример
Было http://aist.ua/test/4.jpg
Стало http://aist.ua/test/2.jpg

Подскажите, чем вылечить?
 
Добрый день,

Дело в том, что последнее обновление как раз содержало обновление для системы, которое предотвращало исполнение кода на страницах сайтов, подготовленных с помощью Сайтбилдера. Это была уязвимость в продукте, которая на данный момент исправлена. Некоторую информацию по этому вопросу вы можете найти в интернете, например, тут http://inj3ct0r.com/exploits/13951.

На данный момент, вы можете откатить установленный патч, но, делать этого категорически не рекомендуется по причинам безопасности. Рекомендуем оставить как есть, убрав вставленный код.
 
The post is related to latest update and changes which were applied with it. The thing is that latest update corrects security issue and prevents code running on in internal fields of site pages which were created with help of Sitebuilder.
Customer used some code on site pages which do not work with new update. But this is correct as this closes the securiy hole.

It is suggested not to use the scripting in page fields. It is possible to still use this functionality by roling back latest update but this is not recommended.

Some information about it can be found here: http://www.allinfosec.com/2010/09/02/parallels-plesk-sitebuilder-persistent-xss-vulnerability/
 
So, it won't be possible to add promotional links in footer section ever again ?
 
You must log in or register to reply here.

Similar threads

О
Issue Для новичков
Replies
2
Views
831
Оксана Д
О
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
6K
Alex Presland
Alex Presland
danami
Custom button iframe no longer auto resizes to correct height.
Replies
6
Views
2K
danami
danami
P
Доработка функционала SiteBuilder
Replies
2
Views
8K
KenVero
K
Back
Top