Advertisement:

Navigation

Readme

This patch file will provide security and bug fixes to your SMF 2.0.5 forum.

File Edits

./index.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.5
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]

$forum_version = 'SMF 2.0.5';
Replace With: [Select]

$forum_version = 'SMF 2.0.6';

Operation #3
Find: [Select]
// Register an error handler.
Replace With: [Select]
// Emit some headers for some modicum of protection against nasties.
if (!headers_sent())
{
// Future versions will make some of this configurable. This is primarily a 'safe' configuration for most cases for now.
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
}

// Register an error handler.

./Sources/Profile-Modify.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.2
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
if ($contents != false && $tmpAvatar = fopen($uploadDir . '/avatar_tmp_' . $memID, 'wb'))
{
fwrite($tmpAvatar, $contents);
fclose($tmpAvatar);

$downloadedExternalAvatar = true;
$_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
}
Replace With: [Select]
$new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
if ($contents != false && $tmpAvatar = fopen($new_filename, 'wb'))
{
fwrite($tmpAvatar, $contents);
fclose($tmpAvatar);

$downloadedExternalAvatar = true;
$_FILES['attachment']['tmp_name'] = $new_filename;
}

Operation #3
Find: [Select]
if (!$downloadedExternalAvatar)
{
if (!is_writable($uploadDir))
fatal_lang_error('attachments_no_write', 'critical');

if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $uploadDir . '/avatar_tmp_' . $memID))
fatal_lang_error('attach_timeout', 'critical');

$_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
}
Replace With: [Select]
if (!$downloadedExternalAvatar)
{
if (!is_writable($uploadDir))
fatal_lang_error('attachments_no_write', 'critical');

$new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $new_filename))
fatal_lang_error('attach_timeout', 'critical');

$_FILES['attachment']['tmp_name'] = $new_filename;
}

Operation #4
Find: [Select]
// No size, then it's probably not a valid pic.
if ($sizes === false)
return 'bad_avatar';
Replace With: [Select]
// No size, then it's probably not a valid pic.
if ($sizes === false)
{
@unlink($_FILES['attachment']['tmp_name']);
return 'bad_avatar';
}

Operation #5
Find: [Select]
if (!empty($modSettings['avatar_resize_upload']))
{
// Attempt to chmod it.
@chmod($uploadDir . '/avatar_tmp_' . $memID, 0644);

require_once($sourcedir . '/Subs-Graphics.php');
if (!downloadAvatar($uploadDir . '/avatar_tmp_' . $memID, $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))
return 'bad_avatar';

// Reset attachment avatar data.
$cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
$cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
$cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
}
else
return 'bad_avatar';
Replace With: [Select]
if (!empty($modSettings['avatar_resize_upload']))
{
// Attempt to chmod it.
@chmod($_FILES['attachment']['tmp_name'], 0644);

require_once($sourcedir . '/Subs-Graphics.php');
if (!downloadAvatar($_FILES['attachment']['tmp_name'], $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))
{
@unlink($_FILES['attachment']['tmp_name']);
return 'bad_avatar';
}

// Reset attachment avatar data.
$cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
$cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
$cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
}
else
{
@unlink($_FILES['attachment']['tmp_name']);
return 'bad_avatar';
}

Operation #6
Find: [Select]
if (!checkImageContents($_FILES['attachment']['tmp_name'], !empty($modSettings['avatar_paranoid'])))
{
// It's bad. Try to re-encode the contents?
if (empty($modSettings['avatar_reencode']) || (!reencodeImage($_FILES['attachment']['tmp_name'], $sizes[2])))
return 'bad_avatar';
// We were successful. However, at what price?
$sizes = @getimagesize($_FILES['attachment']['tmp_name']);
// Hard to believe this would happen, but can you bet?
if ($sizes === false)
return 'bad_avatar';
}
Replace With: [Select]
if (!checkImageContents($_FILES['attachment']['tmp_name'], !empty($modSettings['avatar_paranoid'])))
{
// It's bad. Try to re-encode the contents?
if (empty($modSettings['avatar_reencode']) || (!reencodeImage($_FILES['attachment']['tmp_name'], $sizes[2])))
{
@unlink($_FILES['attachment']['tmp_name']);
return 'bad_avatar';
}
// We were successful. However, at what price?
$sizes = @getimagesize($_FILES['attachment']['tmp_name']);
// Hard to believe this would happen, but can you bet?
if ($sizes === false)
{
@unlink($_FILES['attachment']['tmp_name']);
return 'bad_avatar';
}
}

Operation #7
Find: [Select]
// Delete any temporary file.
if (file_exists($uploadDir . '/avatar_tmp_' . $memID))
@unlink($uploadDir . '/avatar_tmp_' . $memID);
Replace With: [Select]
// Delete any temporary file.
if (file_exists($_FILES['attachment']['tmp_name']))
@unlink($_FILES['attachment']['tmp_name']);

Operation #8
Find: [Select]
$value = trim(preg_replace(\'~[\s]~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value));
Replace With: [Select]
$value = trim(preg_replace(\'~[\t\n\r \x0B\0\' . ($context[\'utf8\'] ? ($context[\'server\'][\'complex_preg_chars\'] ? \'\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}\' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : \'\x00-\x08\x0B\x0C\x0E-\x19\xA0\') . \']+~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value));
Operation #9
Find: [Select]
validateUsername($context[\'id_member\'], $value);
Replace With: [Select]
validateUsername($context[\'id_member\'], trim(preg_replace(\'~[\t\n\r \x0B\0\' . ($context[\'utf8\'] ? ($context[\'server\'][\'complex_preg_chars\'] ? \'\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}\' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : \'\x00-\x08\x0B\x0C\x0E-\x19\xA0\') . \']+~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value)));

./Sources/LogInOut.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
// Empty the cookie! (set it in the past, and for id_member = 0)
setLoginCookie(-3600, 0);
Replace With: [Select]
// Empty the cookie! (set it in the past, and for id_member = 0)
setLoginCookie(-3600, 0);

// And some other housekeeping while we're at it.
session_destroy();
if (!empty($user_info['id']))
updateMemberData($user_info['id'], array('password_salt' => substr(md5(mt_rand()), 0, 4)));

./Sources/Register.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]

// Set the options needed for registration.
Replace With: [Select]

// Some of these fields we may not want.
if (!empty($modSettings['registration_fields']))
{
// But we might want some of them if the admin asks for them.
$standard_fields = array('icq', 'msn', 'aim', 'yim', 'location', 'gender');
$reg_fields = explode(',', $modSettings['registration_fields']);

$exclude_fields = array_diff($standard_fields, $reg_fields);

// Website is a little different
if (!in_array('website', $reg_fields))
$exclude_fields = array_merge($exclude_fields, array('website_url', 'website_title'));

// We used to accept signature on registration but it's being abused by spammers these days, so no more.
$exclude_fields[] = 'signature';
}
else
$exclude_fields = array('signature', 'icq', 'msn', 'aim', 'yim', 'location', 'gender', 'website_url', 'website_title');

$possible_strings = array_diff($possible_strings, $exclude_fields);
$possible_ints = array_diff($possible_ints, $exclude_fields);
$possible_floats = array_diff($possible_floats, $exclude_fields);
$possible_bools = array_diff($possible_bools, $exclude_fields);

// Set the options needed for registration.

Operation #3
Find: [Select]
$context['checked_username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}' : "\xC2\xA0") : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $context['checked_username']);
Replace With: [Select]
$context['checked_username'] = preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $context['checked_username']);
Operation #4
Find: [Select]
$_POST['real_name'] = trim(preg_replace('~[\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name']));
Replace With: [Select]
$_POST['real_name'] = trim(preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name']));

./Sources/Subs-Members.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.1
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
$regOptions['username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}' : "\xC2\xA0") : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']);
Replace With: [Select]
$regOptions['username'] = trim(preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']));
Operation #3
Find: [Select]
$reg_errors[] = array('done', sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($regOptions['username'])));
Replace With: [Select]
$reg_errors[] = array('lang', 'profile_error_bad_email');
Operation #4
Find: [Select]
if (!empty($regOptions['check_password_strength']))
Replace With: [Select]
if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '')

./Sources/Profile-Actions.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
// Actually update this member now, as it guarantees the unapproved count can't get corrupted.
Replace With: [Select]
// We need to log that we're doing something.
logAction('approve_member', array('member' => $memID), 'admin');

// Actually update this member now, as it guarantees the unapproved count can't get corrupted.

./Sources/Profile.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
'function' => 'activateAccount',
'sc' => 'get',
'select' => 'summary',
Replace With: [Select]
'function' => 'activateAccount',
'sc' => 'get',

./Sources/QueryString.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
$buffer = preg_replace('/"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&', $buffer);
Replace With: [Select]
$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);

./Sources/Subs.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
"\c6" => 'AE',
Replace With: [Select]
"\xc6" => 'AE',

./Sources/ManageSettings.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
$smcFunc['db_insert']('',
'{db_prefix}log_comments',
array('comment_type' => 'string', 'body' => 'string-65535', 'recipient_name' => 'string-80'),
$questionInserts,
array('id_comment')
);
$count_questions++;
Replace With: [Select]
$smcFunc['db_insert']('',
'{db_prefix}log_comments',
array('comment_type' => 'string', 'body' => 'string-65535', 'recipient_name' => 'string-80'),
$questionInserts,
array('id_comment')
);
$count_questions += count($questionInserts);

./Themes/default/Help.template.php

Operation #1
Find: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]

* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.6

Operation #2
Find: [Select]
($txt['lang_dictionary'] != 'en' ? '/' . $txt['lang_dictionary'] : '')
Replace With: [Select]
($txt['lang_dictionary'] != 'en' && $txt['lang_dictionary'] != 'english' ? '/' . $txt['lang_dictionary'] : '')