sorry about that, I read my post and have been doing some digging around. I think doing something to the phpthumb showed results, I applied the patch to both sites, but going through my log, I cannot find any malicious use of fltr[] so it looks like my errors were unrelated to this. While I’m not 100%, I think the host switched something around, the giveway was when I tried saving a resource, my backslashes started multiplying. looked into phpinfo and saw that the magic quotes were active. While I don’t know what exactly the host did, I assume it was an upgrade to a new version of php, and modx doesn’t fix the magic quotes past version 5.3
Sorry about the off topic issue
and thanks for getting that patch, I’ll need to apply it to the other sites still. Hopefully this will get included soon as this is a pretty big oopsies