CommunityBridge

15.5k Downloads

URGENT: CommunityBridge potentially corrupting XenForo "secondary_group_ids" table

jwflory opened this issue ยท 5 comments

commented

Hey @iain-davis,

May have found the issue with why CommunityBridge isn't playing nicely with secondary groups in XenForo.

This past week, I've been having all sorts of errors and issues with my XenForo installation regarding MySQL, as you can see here.

Long story short, there were problems with the xf_user table, specifically the secondary_group_ids table. It prevented me from performing many fundamental operations in my XenForo installation, such as managing add-ons and rebuilding caches.

After consulting a staff member of XenForo, he shared with me the following information:

This should be resolved now. I can only guess that this was caused by an add-on, as you had corrupted data in the secondary_group_ids for a number of users. This is normally a comma delimited list of user group IDs, but you had values like:

27111111111111
211211111111111111111111111111111111111111111
2312312424242424242424

It looks like something must have been modifying that field directly. Further, those values weren't actually in the user group relation table, so these modifications weren't done through XenForo itself.

I have removed the invalid data, but please check that your users are in the expected groups. Please also resolve the issue with the script/add-on that is modifying this data directly. Any code that doesn't use the XenForo API to access the DB has a possibility of manipulating the data incorrectly (such as here).

This is concerning to me because the only possible add-on or plugin I have that touches this table is CommunityBridge, which is what makes me inclined to think this is what caused the issue.

My CommunityBridge config can be found here. Password is just 'communitybridge'.

Thanks for looking into this! For the time being, I have removed CommunityBridge from my server.

commented

A version number would be helpful. I'll check out your config against 2.3.5.449.

commented

I can't replicate this problem on 2.3.5.449. There was a version a while ago (that didn't stay released very long) that I think had an issue of that type. Is it possible the bad data was generated by that version?

commented

Never mind. Found the edge case while testing the UUID version. New release shortly.

commented

To my knowledge, seems to be fixed. Thank you! ๐Ÿ‘