The Textile plugin has been updated today as it was discovered that Textile was undoing some protection ExpressionEngine makes to submitted data to prevent variable parsing in user-submitted content. In certain circumstances this could result in PHP errors and broken content. If you are using the Textile plugin, this is considered a critical and mandatory update. Simply replace your existing Textile plugin with the version 1.1 (2.0.0 r2779).
I was a little confused by what looks like a retrograde version number. The version for the Textile plugin I had installed was 2.0 (2.0.0 r2779), and yours is version 1.1 (2.0.0 r2779). The difference is only one line and is clearly your security fix. Did you mean 2.1? Or maybe I got 2.0 from some other place (I can’t remember whether I downloaded from the official plugin list)??
The version number used to be just 2.0.0 r2779 which was taken entirely from the version of Textile, not the plugin version, as we do not create or maintain that codebase. This is the first time that the plugin’s code, which is just a gateway to Textile, has been significantly changed, so I decided to be more explicit in the versioning. The plugin version is the first listed, and the parenthetic version is the version of Textile, i.e. EE Textile Plugin version 1.1, using Textile’s 2.0.0 r2779 codebase.
Derek, I have a small request. Can we get a “Last Modified” date and time on the plugins, extensions, modules, and expansions? Seeing when it was first posted is great but “Date: Mar 09, 2004” makes it seem like it was the last time the plugin was updated. Just a suggestion. Thanks for the update.
That’s what I suspected, but I did not want to make assumptions. That’s precisely the type of thing this fix is intended to disallow. EE tags are not parsed in entry content. There is a plugin you could use in your template “Allow EE Code” which will bypass this restriction if your site has only trusted authors publishing content.