WordPress.org

Ready to get started?Download WordPress

Forums

Brinkster updated their mysql server and I have an error. (43 posts)

  1. sysdevuser
    Member
    Posted 8 years ago #

    Links are messed up when saving or publishing a post. It looks like a mysql problem. So i went for support to brinkster, my host. I had a chat with support minutes ago and this is what I got:

    Tim: You will need to upgrade WordPress. We just patched a security hole within MySQL yesterday and WordPress seems to not like the fix.
    Tim: Please view the following link:
    Tim: http://software.newsforge.com/article.pl?sid=06/06/01/213223&from=rss

    Hey, I do need help, lots of it. I have two blog applications running and now posts or comments with links (posted or modified after last midnight) won't work. It seems that links are spoiled when saving or publishing only.

    Any one with the same problem? I saw the link given by Tim but I don't know what to do with it.

    Thx,

    Juan

  2. millelrtd
    Member
    Posted 8 years ago #

    I have the same problem still looking for a fix, I can still use my blog if I turn off all my plugins (which I cant turn back on now anyway).

    my post:
    http://wordpress.org/support/topic/75929?replies=8

    is this what yours is doing?

  3. gride
    Member
    Posted 8 years ago #

    same problem here
    not much help from brinkster live support
    ill post if i can figure anything on it
    ppppppppeeeeeeeaaaaaaaaccccccceeeeeeeeeeeeeeeeee

  4. sysdevuser
    Member
    Posted 8 years ago #

    I will not touch the plugins until I have the mysql problem fixed.

    Have you seen http://software.newsforge.com/article.pl?sid=06/06/01/213223&from=rss , the link given by brinkster support?

    Do you get something out of it in relation to our problem?

    Juan

  5. millelrtd
    Member
    Posted 8 years ago #

    When I call they emailed me the link and told me to look for a patch (from wordpress) and that wordpress should have been built to run with the new back slash workin.

  6. Cypher
    Member
    Posted 8 years ago #

    So what version of WP are you all running, at the least, upgrade to 2.0.3 and see if it works.

    If not, then put a bug against WP in http://trac.wordpress.org.

    Regards

  7. millelrtd
    Member
    Posted 8 years ago #

    2.0.3 for me, (did update last night hoping to fix the problem) but had alot of the same problems with 2.0.1 but with it I could turn on my plugins only for them to deactivate themself about 5 min later.

  8. Nazgul
    Member
    Posted 8 years ago #

    I took a look at the MySQL 4.1.20 Changelog and as far as I can tell this fixes a issue within MySQL. Therefore it looks like it doesn't require changes in the calling (for instance WordPress) programs.

    And I would expect more people to experience this issue if it was a WordPress related issue.

    Try asking them which version they were running before the upgrade. Maybe it's something else that was changed that's causing this issue.

  9. awe
    Member
    Posted 8 years ago #

    I have this problem too.

    I think the bit at the end of that article is what the problem is. I'd say since my phpMyAdmin is telling me that the MySQL version running is 5.0.15-nt that Brinkster has taken the second option.

    Rather than upgrading to 5.0.22, they have taken the
    sql-mode=NO_BACKSLASH_ESCAPES approach. *cough* slack *cough*

    I'm guessing that the backslash escaping for apostrophes is tightly built in to WordPress?

  10. sysdevuser
    Member
    Posted 8 years ago #

    Just posted ticket #2820 at http://trac.wordpress.org/report/1
    about this matter.

    Juan

  11. awe
    Member
    Posted 8 years ago #

    I don't think it's WordPress' fault. Slash escaping is a documented part of MySQL.

    I asked Brinkster if they had a 5.0.22 install they could move me to and got my hopes high when they said 'yes'. It turned out to just be 5.0.19 and they don't actually have anything higher. Go Brinkster support!

  12. gride
    Member
    Posted 8 years ago #

    i reupped all wordpress files to my host
    didn't change anything...........

  13. millelrtd
    Member
    Posted 8 years ago #

    I reuploaded wordpress no help here either, I was using Gallery2 it wacked out also :(

    All I can think of is to try a code I used when I was younger: up, up, down, down, left, right, left, right, b, a, select start I will try this and let you know if it helps :)

  14. gride
    Member
    Posted 8 years ago #

    thanks for cheering me up

  15. sysdevuser
    Member
    Posted 8 years ago #

    I got this from Ryan at http://trac.wordpress.org/report/1 ticket 2820

    Wed Jun 14 00:21:29 2006: Modified by ryan
    NO_BACKSLASH_ESCAPES will break WP. Backslash becomes a normal character rather than an escape character when that flag is set. This will cause queries to fail, as you have found out.

    Good, now I know what the problem is. So, what does it means, no more blogs? no more WordPress? no more Brinkster?

    I have two blog applications with problems and don't know what way to go.

  16. Nazgul
    Member
    Posted 8 years ago #

    Complain to Brinkster that they should upgrade their MySQL to a version which fixes the security issue instead of relying on workarounds which break a lot of software out there.

    From the MySQL page I linked above:
    If you are unable to upgrade MySQL to a version that includes the fix for the bug in mysql_real_escape_string() parsing, but run MySQL 5.0.1 or higher, you can use the NO_BACKSLASH_ESCAPES SQL mode as a workaround. (This mode was introduced in MySQL 5.0.1.) NO_BACKSLASH_ESCAPES enables an SQL standard compatibility mode, where backslash is not considered a special character. The result will be that queries will fail.

  17. gride
    Member
    Posted 8 years ago #

    i'm off to send complaint now

  18. sysdevuser
    Member
    Posted 8 years ago #

    Yes, i will complain too.

  19. gride
    Member
    Posted 8 years ago #

    yeahhhhh.. i got a message back from brinkster, sounds like they are working on the problem

    heres the message:

    Hello,

    We are preparing to update all the servers to the latest version. We hope to update all by the end of next week.

    I apologize for any inconvenience and frustration these issues have caused.

    If we can help with anything else, please let us know.

  20. houmidity
    Member
    Posted 8 years ago #

    We're having the same problem at Houmidity.com, but no reply from Brinkster about why they don't A.) Turn NO_BACKSLASH_ESCAPES back off until they upgrade to 5.0.22 or B.) Hurry up and upgrade to 5.0.22 instead of waiting a week to do so.

    Anyone else get any reply or have news on this subject?

  21. Nazgul
    Member
    Posted 8 years ago #

    Houmidity, I can answer question A for you.

    They put it in place because the version of MySQL they're running at the moment contains a explotable security bug, which is circumvented by that NO_BACKSLASH_ESCAPES workaround.

    It's a choice between being hacked or some broken software en they chose the second. As it should!

    What you can blame them for is lousy communication and indeed a lack of speed in upgrading to a safe MySQL version, which doesn't require this workaround.

  22. houmidity
    Member
    Posted 8 years ago #

    Nazgul, yes I can definitely appreciate and understand why they would want to patch MySql to prevent a new exploit, and I get why they turned on the NO_BACKSLASH_ESCAPES mode in the first place.

    However, once it's been determined to really hose up a lot of their customers' sites, it seems like they might consider turning it back off until they could upgrade to the new version, which gives us both security and compatibility with WordPress (we assume).

  23. Nazgul
    Member
    Posted 8 years ago #

    Houmidity, but if they turn it off, they're again susceptible to being hacked until they've upgraded their MySQL servers. So I understand why they don't turn it back off again.

    What I do not understand is why it has to take so long to upgrade MySQL. Even for a large organisation it should be do-able within 1-2 weeks. The MySQL security update was released around the 26th of may, so they've had over 3 weeks to upgrade by now.

  24. binaryone
    Member
    Posted 8 years ago #

    I am having a simular problem with brinkster

    I can’t save any thing with a an apostrophe in it. eg the name O’Neall. I have had 4 discussion with support today. In the first discussion I asked

    Don’t you find this a bit ridiculous what about words like Can’t, Where's, She'll, We'd, Didn't, They'd, I've, You've, Who's, He's, Let's, We're, That's. None of those can ever be entered into a database again?

    There response was

    You can easily create a script to replace the characters when entered into and read from the database.

    This only made me more determined to get an answer. So after an argument about which version of MySql is running on the server where my site is I got this response.

    We are preparing to update all the servers to the latest version. We hope to update all by the end of next week. I cannot say with any certainty that the upgrade will fix any problems. I believe it will solve the security problem recently discovered.

    I am going to give them a bit of time to fix the problem but if they don’t I will be following it up and I will post what I think we all should do at that time.

  25. Martin2006
    Member
    Posted 8 years ago #

    When NO_BACKSLASH_ESCAPES is enabled the correct way to insert the apostrophe character is as follows:

    'It won''t do it otherwise'

    The double apostrophe should do the trick.

    I also have been frustrated with Brinkster but have posted a temporary solution for .NET users at my site: http://www.m-s-d.net/

    Thanks,

    Martin

  26. sysdevuser
    Member
    Posted 8 years ago #

    I am looking for a site to move my two blog applications. I can't depend on Brinkster any more.
    I have contacted two hosting providers but I want to be sure that their mysql server has the innodb engine running and the infamous no_backslash thing is not enabled. I have two pre-sales inquiries open waiting for specific and clear answers.

  27. tammie
    Member
    Posted 8 years ago #

    I am also having this error (links messed up) with a site (nlcic.org) hosted with Brinkster. I contacted them and they said that the databases should be updated to Version 5.0.22 within 2 weeks.

    I'm also having a problem getting plugins to activate. I get an error about having the wrong data type in the second argument of line 100 in plugins.php. I was able to get this error to go away by typecasting current plugins to an array: (array)$current_plugins. However the plugins are still not activating which I'm guessing is a byproduct of the NO_BACKSLASH_ESCAPES hack.

  28. tammie
    Member
    Posted 8 years ago #

    I installed phpMyAdmin and edited the content for the posts manually - so they now link correctly. This is just a real pain. Rather than hacking my WordPress install to get the plugins to work, I think I'll wait for Brinkster to get their act together and update mySQL.

  29. bitkidoku
    Member
    Posted 8 years ago #

    I am using Brinkster too, and I have the same problem. I am sending their reply here:
    "Hello,

    We are preparing to update all the servers by next week. This cannot be guaranteed but it is the current estimate. I recommend contacting us on Friday to find out the latest.

    I apologize for any inconvenience and frustration these issues have caused.

    If we can help with anything else, please let us know."

    I cannot trust them anymore, I think I am going to move to another host when my time is up.

    Hope the problem will be solved by Friday. I can't post or do anything.

  30. binaryone
    Member
    Posted 8 years ago #

    Martin2006 the problem with writing temporary fixes to a problem caused by brinkster changing NO_BACKSLASH_ESCAPES is that when they up date to the latest version of mysql ( which they inevitably will), your data will be corrupt and then you will have to write another piece of code to go back and correct that. This might seem ok if you are the only one affected but when there are hundreds if not thousands who are affected the service provider should upgrade to the version of mysql that does not have the vulnerability.

    Brinkster should have never changed NO_BACKSLASH_ESCAPES they should have dropped every thing and started an immediate upgrade of all servers. After all they are a SERVICE provider and they should provide a service, otherwise why pay them.

    My other problem with brinkster is the way that they went about the whole problem, they changed the NO_BACKSLASH_ESCAPES with out any notification, how hard would it have been to send every one an email stating what they were doing and why. I know that I alone spent 3 days trying figure out what had gone wrong, my time is precious and I object to them wasting my time when an eamil would have helped.

    I have another question ( rectorial )

    If the vulnerability opens brinkster up to the possibility of attack, how many possible attacks are we talking? If the number is as I suspect (in the short term) very low to none, then don’t make changes to the configuration file which will brake every ones sites, say nothing, and start to upgrade to the latest version of mysql. If I am wrong and there is a high risk of attack, then instead of braking every ones site they should have start to upgrade to the latest version of mysql immediately. Either way the answer was never to take the slack way and hope no one notices. They should fix the problems not create them.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags