cristoslc

FYI, Claris has significantly expanded their response at https://support.claris.com/s/answerview?anum=000035819&language=en_US and provided more information on older versions. If you want a more in-depth analysis, I've been collating all the community findings I'm aware of, along with our research, in a blog post on fixing the Log4j exploit on FileMaker Server. FileMaker Server 16 is not vulnerable to these two newest Log4j (2.x) exploits, so you probably won't be compromised by the majority of botnet activity going on right now. However, FMS 16 does use an older Log4j (v1.2.15) that is no longer maintained and has active Remote Code Execution vulnerabilities of its own. You should *definitely* check out the mitigation steps in our blog post and prioritize upgrading to FileMaker Server 19.

I'm trying to use TinyMce in a webviewer in FileMaker but save the resulting HTML into a database field. I am aware of the standard practice of using an fmp:// link with a script & parameter, but that won't work in Windows (the html content returned as the parameter will likely exceed the 2048 character limit). I am using a javascript function to change the HTML DOM by putting the contents of the TinyMCE editor into another div on the page when the user clicks "Submit" inside the webviewer. However, when I use `GetLayoutObjectAttribute ( "webviewer" ; "Content" )` it shows the content of the unmodified (pre-javascript altered) page, not the page after javascript has modified the DOM. Sample file: http://cris.lc/sxti2 Is this expected behavior? Am I doing something incorrectly?