I was able to create a fix and push it to TeamMentor/Master but the reality is that we shouldn't had moved the TeamMentor.net into 3.2.1 version (from 3.2) without a full QA round.
So the solution was to revert the live sites to the 3.2 version (from 3.2.1) and then move it to 3.2.2 after QA signs it off.
But how do we do that?
Well since TeamMentor is Git based, there is a very easy solution for it, just checkout the version we want :)
It is actually impressive how quick and effective it is:
Here is the what the 3.2.2 version of TM looks like (note the top-right 3.2.2 version):
Now lets look at what the commit list looks like from Git Bash using the $ git log --online -n 15 command:
The one we want is the 89dbd47 commit (7th down).
We can now change the local files from the current version (master), into the 89dbd47 version, by executing $ git checkout 89dbd47
After that, just refreshing the browser will show that we are now in the 3.2 version
What is really powerful here is that we had a different file structure changed in seconds
To see this in action, lets open a file that was changed in VisualStudio (note the TM.tmVersion value of TM 3.2 at the top left):
Next, we will revert back our file system to the 3.2.2 version (ie. the current master version) using $ git checkout master
VisualStudio will detect the file change:
And after reloading the file we will back to version 3.2.2
Just go to the admin panel, click on the 'Advanced Admin Tools' and the 'GitHub Sync' links:
And we're back into the 3.2 version:
This post actually gave me an idea for a real cool feature to add in the future: Admin option: Gui to select which commit to use
Security as TAX
Finally, remember that all of this happened because a security fix had a nasty side effect, which makes it a good example of the TAX we (developers) have to pay when adding security to our apps (remember that the CSRF fix added NO value to the app since it didn't improve its user-value, it just prevented an abuse case from happening)