phpBB 2.0.9 released re: upgrade??

Posted: Mon Jul 12, 2004 5:10 pm

[ Only registered users can see links on this board! Get registered or login! ]

Quote:

Fixed one vulnerability in admin_board.php - Xore

Added checking for proper session id characters to sessions and viewtopic to prevent injections - Bartlomiej Korupczynski

Fixed injection vulnerabilities possible with linked avatars

Implemented unsetting globalised variables

Limited confirm switch to POST variable in posting

Changed IP code in common.php to prevent IP spoofing

Updated visual confirmation mod [pre-edited files]

Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by R45

Added the ability to link to https/ftps sites using the img bbcode tag

Fixed user online information in admin/index.php

Fixed getting group moderator in groupcp.php if running oracle backend - spotted by pakman

Fixed use of non-existing result variable in modcp (poster_id instead of user_id)

Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - Matthew C. Kavanagh, Janek Vind

Fixed problem with SID not delivered to next page in groupcp.php

Can I assume chatserv will be doing the upgrade or is it being done over at cops???? Rolling Eyes

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Well, since Chatserv was the ONE at nukecops who did the other upgrades, and the fact that he is no longer at nuke cops, you can bet it won't be nukecops Laughing

Posted: Mon Jul 12, 2004 6:29 pm

That's what I thought, just needed clarification Laughing

Posted: Tue Jul 13, 2004 2:31 pm

[ Only registered users can see links on this board! Get registered or login! ] Wink

Posted: Tue Jul 13, 2004 3:12 pm

Thanking you kind sir. Smile