Advertisement:

Navigation

Readme

This patch file will upgrade SMF 1.0.8 to 1.0.9 in order to fix a vulnerability that was found in SMF.

File Edits

./index.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.8 *
Replace With: [Select]
* Software Version: SMF 1.0.9 *
Operation #2
Find: [Select]
$forum_version = 'SMF 1.0.8';
Replace With: [Select]
$forum_version = 'SMF 1.0.9';

./changelog.txt

Operation #1
Find: [Select]
SMF 1.0.8 21 August 2006
Replace With: [Select]
SMF 1.0.9 29 October 2006
================================================================================
October 2006
--------------------------------------------------------------------------------
! Fixed the page title on the user account deletion confirmation page. (Profile.php)
! Some search parameters weren't being sanatized when accessing a previous search, leading to a potential XSS vulnerability (Search.php)
! Minor typo in PlushSearch2 prevented "user" search parameter from being remembered when trying to access a previous search (Search.php)
! Make sure to clean all strings when registering a new member. (Register.php)

SMF 1.0.8 21 August 2006

./Sources/Search.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.7 *
Replace With: [Select]
* Software Version: SMF 1.0.9 *
Operation #2
Find: [Select]
if (isset($context['search_params']['userspec']))
$context['search_params']['userspec'] = htmlspecialchars(stripslashes($context['search_params']['userspec']));
Add After: [Select]
if (!empty($context['search_params']['searchtype']))
$context['search_params']['searchtype'] = 2;
if (!empty($context['search_params']['minage']))
$context['search_params']['minage'] = (int) $context['search_params']['minage'];
if (!empty($context['search_params']['maxage']))
$context['search_params']['maxage'] = (int) $context['search_params']['maxage'];

$context['search_params']['show_complete'] = !empty($context['search_params']['show_complete']);
$context['search_params']['subject_only'] = !empty($context['search_params']['subject_only']);

Operation #3
Find: [Select]
if (!empty($search_params['user_spec']) || (!empty($_REQUEST['userspec']) && $_REQUEST['userspec'] != '*'))
Replace With: [Select]
if (!empty($search_params['userspec']) || (!empty($_REQUEST['userspec']) && $_REQUEST['userspec'] != '*'))

./Sources/Profile.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.8 *
Replace With: [Select]
* Software Version: SMF 1.0.9 *
Operation #2
Find: [Select]
global $txt, $context, $ID_MEMBER;
Replace With: [Select]
global $txt, $context, $ID_MEMBER, $user_profile;
Operation #3
Find: [Select]
$context['page_title'] = $txt['deleteAccount'] . ': ' . $txt[144];
Replace With: [Select]
$context['page_title'] = $txt['deleteAccount'] . ': ' . $user_profile[$memID]['realName'];

./Sources/Register.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.3 *
Replace With: [Select]
* Software Version: SMF 1.0.9 *
Operation #2
Find: [Select]
$register_vars[$var] = '\'' . $_POST[$var] . '\'';
Replace With: [Select]
$register_vars[$var] = '\'' . htmlspecialchars($_POST[$var]) . '\'';