Hi everyone,
phpBB Group announces the release of phpBB 2.0.15, the "summer needs to be hot" release. This release addresses some bugfixes and addressing some security issues, one being serious. With this release the admin re-authentication security feature from phpBB Olympus has been backported to the 2.0.x branch too.
In includes/bbcode.php
Find:
{
global $lang, $bbcode_tpl;
After, add:
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "1:", $text);
Find:
*/
function make_clickable($text)
{
After, Add:
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "1:", $text);
Language authors please note that one language variable has been added too.
As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page (http://www.phpbb.com/downloads.php). As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release.
Patch Files contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Fixed moderator status removal in groupcp.php
- Removed newlines after ?> on some files - Thoul
- Added admin re-authentication (admin needs to login seperatly to access the ACP) - backported from Olympus
- Fixed vulnerability in url/bbcode handling functions - PapaDos and Paul/Zhen-Xjell from CastleCops
- Fixed issue in admin/admin_forums.php
- Suppressed warning message for fsockopen in /includes/smtp.php - Thoul
- Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) - Exy
- Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
- Updated the readme file
- Added one new language variable
- Added general error if accessing profile for a non-existent user
- Changed session id generation to be more unique - Henno Joosep
- Fixed bug in highlight code to escape characters correctly
- Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
- Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
- Fixed bypassing of validate_username on registration - Yen
- Empty url/img bbcodes no longer get parsed
As always, our Code Changes Tutorial is available too for those with heavily modded boards.
It can be downloaded from http://www.phpbb.com/phpBB/viewtopic.php?t=288165
----
To unsubscribe from this list visit http://www.phpbb.com/lists/?p=unsubscri ... **********
--
Powered by PHPlist, www.phplist.com --
phpBB Group announces the release of phpBB 2.0.15, the "summer needs to be hot" release. This release addresses some bugfixes and addressing some security issues, one being serious. With this release the admin re-authentication security feature from phpBB Olympus has been backported to the 2.0.x branch too.
In includes/bbcode.php
Find:
{
global $lang, $bbcode_tpl;
After, add:
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "1:", $text);
Find:
*/
function make_clickable($text)
{
After, Add:
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "1:", $text);
Language authors please note that one language variable has been added too.
As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page (http://www.phpbb.com/downloads.php). As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release.
Patch Files contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Fixed moderator status removal in groupcp.php
- Removed newlines after ?> on some files - Thoul
- Added admin re-authentication (admin needs to login seperatly to access the ACP) - backported from Olympus
- Fixed vulnerability in url/bbcode handling functions - PapaDos and Paul/Zhen-Xjell from CastleCops
- Fixed issue in admin/admin_forums.php
- Suppressed warning message for fsockopen in /includes/smtp.php - Thoul
- Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) - Exy
- Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
- Updated the readme file
- Added one new language variable
- Added general error if accessing profile for a non-existent user
- Changed session id generation to be more unique - Henno Joosep
- Fixed bug in highlight code to escape characters correctly
- Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
- Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
- Fixed bypassing of validate_username on registration - Yen
- Empty url/img bbcodes no longer get parsed
As always, our Code Changes Tutorial is available too for those with heavily modded boards.
It can be downloaded from http://www.phpbb.com/phpBB/viewtopic.php?t=288165
----
To unsubscribe from this list visit http://www.phpbb.com/lists/?p=unsubscri ... **********
--
Powered by PHPlist, www.phplist.com --