Advertisement:

Navigation

Readme

This patch file will fix several security issues for your SMF 1.1.19 forum.

File Edits

./index.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.19 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

$forum_version = 'SMF 1.1.19';
Replace With: [Select]

$forum_version = 'SMF 1.1.20';

./Sources/PackageGet.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.12 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

$package['href'] = $url . '/' . $package['filename'];
$package['name'] = htmlspecialchars($package['name']);
Replace With: [Select]

$package['href'] = $url . '/' . $package['filename'];

./Sources/Subs-Package.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.12 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

// Ignore errors with borked installed.list's.
list ($name, $file, $id, $version) = array_pad(explode('|^|', $installed_mods[$i]), 4, '');
Replace With: [Select]

// Ignore errors with borked installed.list's.
$info = array_pad(explode('|^|', $installed_mods[$i]), 4, '');

list ($name, $file, $id, $version) = htmlspecialchars__recursive($info);

Operation #3
Find: [Select]

$data .= trim($packageInfo['name']) . '|^|' . trim($packageInfo['filename']) . '|^|' . trim($packageInfo['id']) . '|^|' . trim($packageInfo['version']) . "\n";
Replace With: [Select]

$keys = array('name', 'filename', 'id', 'version');
foreach($keys as $key)
{
// Yay for variable variables...
${"package_$key"} = trim(un_htmlspecialchars($packageInfo[$key]));
}
$data .= $package_name . '|^|' . $package_filename . '|^|' . $package_id . '|^|' . $package_version . "\n";

Operation #4
Find: [Select]

$package = $packageInfo->to_array();
$package['xml'] = $packageInfo;
$package['filename'] = $gzfilename;
Replace With: [Select]

$package = $packageInfo->to_array();
$package = htmlspecialchars__recursive($package);
$package['xml'] = $packageInfo;
$package['filename'] = $gzfilename;

// Don't want to mess with code...
$types = array('install', 'uninstall', 'upgrade');
foreach($types as $type)
{
if (isset($package[$type]['code']))
{
$package[$type]['code'] = un_htmlspecialchars($package[$type]['code']);
}
}

./Sources/Packages.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.16 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

if (!empty($action['parse_bbc']))
$context['package_readme'] = parse_bbc($context['package_readme']);
Replace With: [Select]

if (!empty($action['parse_bbc']))
{
$context['package_readme'] = preg_replace('~\[[/]?html\]~i', '', $context['package_readme']);
$context['package_readme'] = parse_bbc($context['package_readme']);
}

./Sources/Post.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.11 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

if (isset($_REQUEST['preview']))
return Post();
Replace With: [Select]

if (isset($_REQUEST['preview']))
{
checkSession();
return Post();
}

./Sources/Subs-Auth.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.19 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

global $txt, $mtitle, $mmessage, $context;
Replace With: [Select]

global $txt, $mtitle, $mmessage, $context, $func;

Operation #3
Find: [Select]

$context['title'] = &$mtitle;
Replace With: [Select]

$context['title'] = $func['htmlspecialchars']($mtitle);