Announcement

Collapse
No announcement yet.

phpBB 2.0.10 released

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • phpBB 2.0.10 released

    Just for your Info

    l.i. Changes since 2.0.9
    Fixed deleting of styles in admin_styles.php
    Fixed wrong unsetting of variables introduced in phpBB 2.0.9, making the board non-functional for users with specific php.ini settings
    Added code to let phpBB work with PHP5 for those having register_long_arrays set to off (default settings) - running phpBB 2.0.x with PHP5 is not supported at http://www.phpbb.com.
    Fixed bug in admin_board.php for board settings having single quotes in it
    Fixed "search by author" in search.php. Now it is possible to search for users with special chars in their name too
    Fixed forum jumpbox propagating session id in moderator control pages
    Added check for newlines at redirecting pages, to prevent http response splitting attacks - Ory Segal and Amit Klein
    Fixed visual confirmation code. The image was not created due to a wrong regular expression.

    l.ii. Changes since 2.0.8
    Fixed one vulnerability in admin_board.php - Xore
    Added checking for proper session id characters to sessions and viewtopic to prevent injections - Bartlomiej Korupczynski
    Fixed injection vulnerabilities possible with linked avatars
    Implemented unsetting globalised variables
    Limited confirm switch to POST variable in posting
    Changed IP code in common.php to prevent IP spoofing, which might introduce some problems with private IP Ranges showing up. - Wang Products
    Updated visual confirmation mod [pre-edited files]
    Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by R45
    Added the ability to link to https/ftps sites using the img bbcode tag
    Fixed user online information in admin/index.php
    Fixed getting group moderator in groupcp.php if running oracle backend - spotted by pakman
    Fixed use of non-existing result variable in modcp (poster_id instead of user_id)
    Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - Matthew C. Kavanagh, Janek Vind
    Fixed problem with SID not delivered to next page in groupcp.php

    l.iii. Changes since 2.0.7
    Fixed several vulnerabilities in admin pages
    Fixed sid checking code in admin/pagestart.php
    Fixed injection vulnerabilities possible with the img bbcode tag
    Limited allowed images in img bbcode tag to jpg, jpeg, gif and png
    Fixed redirect problems - 2.0.7a
    Fixed sql injection vulnerability in search - 2.0.7a
    Fixed sql injection vulnerability in privmsg - 2.0.8a

    phpBB is free and open source forum software that is easy to use, powerful, and highly customisable. Our community offers extensive support to end users.
    Windows XP SP2
    Daemon Tools 4.03

  • #2
    we're aware of it, but as this is a custom-portal, we sometimes forget to
    update version-info. Nevertheless, thank you for this information

    Comment

    Working...
    X