phpBB geupdate naar versie 2.0.4

Moderators: goldenarrow, MirandaD, Hanmar

Antwoord op onderwerpPlaats een reactie
 
 
BartVB
Eigenaar

Berichten: 36263
Geregistreerd: 08-01-01
Woonplaats: Arnhem

phpBB geupdate naar versie 2.0.4

Link naar dit bericht Geplaatst door de TopicStarter: 28-11-02 11:45

De afgelopen tijd heb ik alleen security problemen met phpBB doorgevoerd op Bokt. Andere, kleine, bugs die gevonden zijn heb ik niet veranderd.

Net heb ik de code op Bokt gelijk getrokken met versie 2.0.4 van phpBB, hierdoor zijn er behoorlijk wat (kleine) dingen veranderd.

AUB meteen laten weten als je rare dingen merkt!

Hieronder een lijstje met veranderingen:

<a name="203">

1.i. Changes since 2.0.3




  • Fixed cross-browser scripting issue with highlight param

  • Back-ported highlighting code from phpBB 2.2

  • Add session id validation to posting, profile, email, voting - Edwin van Vliet <- FINISH ME!

  • Added {S_HIDDEN_FIELDS} template var to profile_send_email.tpl

  • Added "intval" fix for flood check, may resolve some issues

  • Added missing index to post_id for search_wordmatch

  • Fixed spelling error in search add words preventing use of stopword list

  • Fixed issue with search common words not being run

  • Introduce viewtopic resync patch by Ashe

  • Replace a for n in templating code

  • Fixed ordering in memberslist

  • Fixed group_id sequence issues with pgsql and msaccess <- FINISH ME!

  • Fixed assumption of word censors in user notification

  • Fixed incorrect display of quotes in user management fields

  • Fixed entry of special chars in all profile fields - note this may cause temporary issues

  • Fixed incorrect display of quotes when using avatar gallery

  • Fixed missing username in email sent to users when admin activated

  • Added check for non-empty smiley code and url in smiley admin

  • Prevent display of -- sig seperator in emails when no board sig exists

  • Fixed URL propagated sid issues with jumpbox

  • Fixed wrong mode name check (polldelete) in functions_post

  • Added missing root path to l10n image path check

  • Remove validation of fields when deleting a user

  • Fixed sort mode select box in memberslist to default to current mode

  • Deny inline topic review listing to users without auth_read permissions

  • Prevent display of topic notification checkbox if user cannot read forum

  • Remove incorrect pre-pending of IP to uploaded avatars

  • Fixed deletion of uploaded avatars when changing to remote/gallery

  • Added check for non-blank line during install schema/basic sql ops

  • Added sort ordering to Top Ten poster listing by request

  • Fixed incorrect error report when altering case of username

  • Added jumpbox output to modcp {JUMPBOX} will now work

  • Fixed non-updating of users with MOD levels when deleting a forum

  • Remove email to group moderator when approving new members

  • Fixed non-handling of HTML in poll options

  • Fixed non-deletion of polls when deleting forum and its posts

  • Fixed moved shadow topic from being bumped upon reply

  • Changed field size of timezone to decimal(5,2) where applicable

  • Fixed missing sid append to URL when redirecting to newest reply

  • Fixed missing slashes in private IP preg check

  • Fixed session not setting userdata['user_id'] to ANON as appropriate

  • Added check for non-empty name in disallow admin

  • Fixed validation of SSL website addresses in profile

  • Fixed inability of admins to upload avatars via user admin panel

  • Fixed non-deletion of private message text upon full box overwrite

  • Fixed incorrect error message in smiley admin

  • Fixed incorrect alt-text for "Stop Watching Topic" image

  • Temporary fix for missing lang strings in forum admin - translators should update their packages if not done already

  • Use selected localisation during later stages of installation

  • Fixed non-check of permissions when deleting a topic via Moderator Control Panel

  • Fixed non-update of banlist upon user deletion

  • Check approved users boxes by default in usergroup approve form

  • Fixed non-appending of sid to backup meta refresh

  • Fixed non-notification of no support for certain databases in backup/restore

  • Added $images var to message die global declaration

  • Fixed wrong string, Private_message in Private Messaging

  • Add mail send result to error output

  • Fixed non-appending of sid to Mozilla nav bar menu items

  • Fixed incorrect profile linking from MSNM url in private messaging

  • Grammatical errors in English lang_main fixed - Cluster

  • Allow deletion of avatar and simultaneous upload/linking/gallery selection

  • Fixed non-updating of user rank when changing from special to normal rank in rank admin

  • Changed user topic notification default in schemas to 0 (off)

  • Fixed non-XHTML compliant img tags in privmsg.php

  • Fixed non-deletion of announcements and polls when removing forum contents in forum admin

  • Fixed non-pruning of watched topics table when pruning related topics

  • Enable GET redirect on logout

  • Added check for IE6.x to viewtopic ICQ indicator javascript

  • Fixed quoting of messages with MS-SQL (Username wasn't used in quote)




<a name="202">

1.ii. Changes since 2.0.2




  • Fixed potential cross-site scripting vulnerability with avatars - Showscout

  • Fixed potential SQL rewrite issue in page header - missing contrib

  • Fixed potential CSS/HTML rewrite on viewing in login - Marc Rees

  • Fixed (hopefully) issue with MS Access and multiple pages



<a name="201">

1.iii. Changes since 2.0.1




  • Fixed missing "username" lang variable in user admin template

  • Session work around for users behind rotating IPs - vHiker

  • Fixed potential session user_id re-write - Ashe

  • Fixed potential cross-browser scripting issue with BBCode URLs

  • Fixed potential gallery avatar exploit - Ashe

  • Fix sorting of smileys on each function call - Ashe/psoTFX

  • Clear topic_mod text output in viewtopic - Lars

  • Fix regex for avatar remote urls

  • Fix non-updating of user post counts when deleting whole topics

  • Increase time limit when sending topic reply notifications

  • Set default forum when splitting topics

  • Fix non-deletion of uploaded avatars when switching to gallery

  • Removed various closing newlines from included files

  • Add MAX_ROWS to HEAP table alter in install/upgrade - Ashe

  • Update username maxlength for subSilver templates

  • Allow ( and ) in BBCode [url] tags

  • Fix non-quoting of # in username validation regexs

  • Fix overlooked global var in private messaging

  • Possible fix for \r\n email templates issues

  • Fix missing str_replace for category title forum admin SQL

  • Fix trailing , when sending emails via smtp

  • Fix avatar issues in user admin

  • Fix improper checking of email address ban in sessions

  • Fix use of hard coded language strings in forum admin

  • Fix missing closing ) in smilies admin

  • Fix missing Username label in user admin

  • Fix upgrade.php bug where conversion would not complete (and updated other scripts to match the changes)

  • Fix problem with redirect and login.php

  • Fix typo that could cause problems with sorting in the memberlist

  • Fix emailer to allow sending emails with language-specific character sets


ƃuılıǝɔ ǝɥʇ uo ƃuıɔuɐp ǝɹ,ǝʍ uǝɥʍ 'ƃuılǝǝɟ ɐ ʇɐɥʍ ɥo
"Als je niets te verbergen hebt, ben je een slechte paashaas" - Loesje


Antwoord op onderwerpPlaats een reactie

Wie is er online

Gebruikers op dit forum: _Mirjam, _Yasmine_, AmyJamess, Balou_k, eventueel, jampy, littletash, M_i_R, Marcato, MarjanB, soesita, tennan, The_Cat, Tivoli, Xanthippe en 11 bezoekers