Important Notice: Application Security Updates

Important Notice: Application Security Updates

To enhance security and adhere to WordPress best practices, our team made changes to the CMS application on Monday, December 16, 2024.

Following this update, we’ve identified some functional issues:

1. Legacy Widgets within Normal Blocks

Legacy widgets (e.g., section widget, subpage navigation widget) stored within normal blocks use a hash key.

Solutions:

Option 1: Replace the Subpage Navigation Widget with the Subpage Navigation Shortcode. To replace section widgets, our team developed a plugin called Content Visibility that allows you to set visibility rules on the block level.

Option 2: Activate the Classic Widget plugin to restore the legacy widget interface. This will resolve errors related to legacy widgets. Please note, Block widgets currently in use will remain functional on the front end. However, editing these widgets on the widget page may require technical expertise. If challenges arise, we recommend migrating them to classic widgets.

Gravity Forms generated file download link.

When your audience uploaded a file to your form, the Gravity Forms plugin will generate a URL and store the URL as part of the entry.i.e https://cms.ubc.ca/index.php?gf-download=2024%2F12%2FSmy-pdf.pdf&form-id=18&field-id=80&hash=abcde12345678fghijs. Since the hash within the URL is generated by WordPress, the links generated before the update will no longer resolve to the uploaded file and links generated after the update will remain valid. Unfortunately, there is no fix for the older links. However, you are still able to view files that your visitors have uploaded by viewing the specific Gravity Forms entry. You can do so from Forms -> Entries from your site’s dashboard.

We’re very sorry for this inconvenience and if you have any questions, please feel free to contact us at Lt.hub@ubc.ca or join our weekly WordPress clinics at https://events.ctlt.ubc.ca/tag/wordpress/.