Advertisement:

Navigation

Readme

This patch file will update your forum to SMF 1.0.8.

File Edits

./index.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.7 *
Replace With: [Select]
* Software Version: SMF 1.0.8 *
Operation #2
Find: [Select]
$forum_version = 'SMF 1.0.7';
Replace With: [Select]
$forum_version = 'SMF 1.0.8';

./changelog.txt

Operation #1
Find: [Select]
SMF 1.0.7 29 March 2006
Replace With: [Select]
SMF 1.0.8 21 August 2006
================================================================================
August 2006
--------------------------------------------------------------------------------
! Some message table values weren't stored properly. (Post.php)
! Fixed unset not working properly in all cases due to a vulnerability in PHP. (QueryString.php, Profile.php, Post.php)


July 2006
--------------------------------------------------------------------------------
! Block page requests attempting to modify the $GLOBALS variable. (QueryString.php)


================================================================================
April 2006
--------------------------------------------------------------------------------
! Added checking to the topic, board, and action REQUEST parameters to ensure they are not arrays prior to processing (QueryString.php)


SMF 1.0.7 29 March 2006

./Sources/Post.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.6 *
Replace With: [Select]
* Software Version: SMF 1.0.8 *
Operation #2
Find: [Select]
$context['icon'] = preg_replace('~[\./\\\\*:"<>]~', '', $_REQUEST['icon']);
Replace With: [Select]
$context['icon'] = preg_replace('~[\./\\\\*\':"<>]~', '', $_REQUEST['icon']);
Operation #3
Find: [Select]
$_POST['guestname'] = $row['posterName'];
$_POST['email'] = $row['posterEmail'];
Replace With: [Select]
$_POST['guestname'] = addslashes($row['posterName']);
$_POST['email'] = addslashes($row['posterEmail']);

Operation #4
Find: [Select]
unset($_POST['options'][$k]);
Replace With: [Select]
unset($_POST['options'][$k], $_POST['options'][$k]);
Operation #5
Find: [Select]
$_POST['guestname'] = $user_info['username'];
$_POST['email'] = $user_info['email'];
Replace With: [Select]
$_POST['guestname'] = addslashes($user_info['username']);
$_POST['email'] = addslashes($user_info['email']);

Operation #6
Find: [Select]
$_POST['icon'] = preg_replace('~[\./\\\\*:"<>]~', '', $_POST['icon']);
Replace With: [Select]
$_POST['icon'] = preg_replace('~[\./\\\\*\':"<>]~', '', $_POST['icon']);

./Sources/Profile.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.6 *
Replace With: [Select]
* Software Version: SMF 1.0.8 *
Operation #2
Find: [Select]
unset($_POST['additionalGroups'][$i]);
Replace With: [Select]
unset($_POST['additionalGroups'][$i], $_POST['additionalGroups'][$i]);

./Sources/QueryString.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.7 *
Replace With: [Select]
* Software Version: SMF 1.0.8 *
Operation #2
Find: [Select]
unset($GLOBALS['HTTP_POST_VARS']);
unset($GLOBALS['HTTP_POST_FILES']);
Replace With: [Select]
unset($GLOBALS['HTTP_POST_VARS'], $GLOBALS['HTTP_POST_VARS']);
unset($GLOBALS['HTTP_POST_FILES'], $GLOBALS['HTTP_POST_FILES']);

// These keys shouldn't be set...ever.
if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
die('Invalid request variable.');

// Same goes for numeric keys.
foreach (array_merge(array_keys($_REQUEST), array_keys($_COOKIE), array_keys($_FILES)) as $key)
if (is_numeric($key))
die('Invalid request variable.');

Operation #3
Find: [Select]
// If there's a slash in it, we've got a start value! (old, compatible links.)
Replace With: [Select]
// Make sure we start with a string
$_REQUEST['board'] = (string) $_REQUEST['board'];

// If there's a slash in it, we've got a start value! (old, compatible links.)

Operation #4
Find: [Select]
// Slash means old, beta style, formatting. That's okay though, the link should still work.
Replace With: [Select]
// Make sure we start with a string
$_REQUEST['topic'] = (string) $_REQUEST['topic'];

// Slash means old, beta style, formatting. That's okay though, the link should still work.

Operation #5
Find: [Select]
// Find the user's IP address. (but don't let it give you 'unknown'!)
Replace With: [Select]
// The action needs to be a string and not an array or anything else
if (isset($_REQUEST['action']))
$_REQUEST['action'] = (string) $_REQUEST['action'];
if (isset($_GET['action']))
$_GET['action'] = (string) $_GET['action'];

// Find the user's IP address. (but don't let it give you 'unknown'!)