Forum updated to 2.0.11

Site management, affiliation, links and all topics not in 'Romcenter' or 'Datafiles' forums.

Moderator: Wanderer

User avatar
RomCenter
Author
Author
Posts: 1519
Joined: Fri Sep 28, 2001 12:34 pm
Location: France
Contact:

Forum updated to 2.0.11

Post by RomCenter »

Fixed vulnerability in highlighting code (very high severity, please update your installation as soon as possible)
Fixed unsetting global vars - Matt Kavanagh
Fixed XSS vulnerability in username handling - AnthraX101
Fixed not confirmed sql injection in username handling - warmth
Added check for empty topic id in topic_review function
Added visual confirmation mod to code base

Changes since 2.0.9
Fixed deleting of styles in admin_styles.php
Fixed wrong unsetting of variables introduced in phpBB 2.0.9, making the board non-functional for users with specific php.ini settings
Added code to let phpBB work with PHP5 for those having register_long_arrays set to off (default settings) - running phpBB 2.0.x with PHP5 is not supported at http://www.phpbb.com.
Fixed bug in admin_board.php for board settings having single quotes in it
Fixed "search by author" in search.php. Now it is possible to search for users with special chars in their name too
Fixed forum jumpbox propagating session id in moderator control pages
Added check for newlines at redirecting pages, to prevent http response splitting attacks - Ory Segal and Amit Klein
Fixed visual confirmation code. The image was not created due to a wrong regular expression.

Changes since 2.0.8
Fixed one vulnerability in admin_board.php - Xore
Added checking for proper session id characters to sessions and viewtopic to prevent injections - Bartlomiej Korupczynski
Fixed injection vulnerabilities possible with linked avatars
Implemented unsetting globalised variables
Limited confirm switch to POST variable in posting
Changed IP code in common.php to prevent IP spoofing, which might introduce some problems with private IP Ranges showing up. - Wang Products
Updated visual confirmation mod [pre-edited files]
Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by R45
Added the ability to link to https/ftps sites using the img bbcode tag
Fixed user online information in admin/index.php
Fixed getting group moderator in groupcp.php if running oracle backend - spotted by pakman
Fixed use of non-existing result variable in modcp (poster_id instead of user_id)
Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - Matthew C. Kavanagh, Janek Vind
Fixed problem with SID not delivered to next page in groupcp.php
Eric - RomCenter developer
Report bugs here.