Advertisement:

Navigation

Readme

This patch file will fix several security issues for your SMF 1.1.19 forum.

File Edits

./index.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.19 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

$forum_version = 'SMF 1.1.19';
Replace With: [Select]

$forum_version = 'SMF 1.1.20';

./Sources/PackageGet.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.12 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

            $package['href'] = $url . '/' . $package['filename'];
            $package['name'] = htmlspecialchars($package['name']);
Replace With: [Select]

            $package['href'] = $url . '/' . $package['filename'];

./Sources/Subs-Package.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.12 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

      // Ignore errors with borked installed.list's.
      list ($name, $file, $id, $version) = array_pad(explode('|^|', $installed_mods[$i]), 4, '');
Replace With: [Select]

      // Ignore errors with borked installed.list's.
      $info = array_pad(explode('|^|', $installed_mods[$i]), 4, '');      

      list ($name, $file, $id, $version) = htmlspecialchars__recursive($info);

Operation #3
Find: [Select]

      $data .= trim($packageInfo['name']) . '|^|' . trim($packageInfo['filename']) . '|^|' . trim($packageInfo['id']) . '|^|' . trim($packageInfo['version']) . "\n";
Replace With: [Select]

      $keys = array('name', 'filename', 'id', 'version');
      foreach($keys as $key)
      {
         // Yay for variable variables...
         ${"package_$key"} = trim(un_htmlspecialchars($packageInfo[$key]));
      }
      $data .= $package_name . '|^|' . $package_filename . '|^|' . $package_id . '|^|' . $package_version . "\n";

Operation #4
Find: [Select]

   $package = $packageInfo->to_array();
   $package['xml'] = $packageInfo;
   $package['filename'] = $gzfilename;
Replace With: [Select]

   $package = $packageInfo->to_array();
   $package = htmlspecialchars__recursive($package);
   $package['xml'] = $packageInfo;   
   $package['filename'] = $gzfilename;

   // Don't want to mess with code...
   $types = array('install', 'uninstall', 'upgrade');
   foreach($types as $type)
   {
      if (isset($package[$type]['code']))
      {
         $package[$type]['code'] = un_htmlspecialchars($package[$type]['code']);
      }
   }

./Sources/Packages.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.16 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

         if (!empty($action['parse_bbc']))
            $context['package_readme'] = parse_bbc($context['package_readme']);
Replace With: [Select]

         if (!empty($action['parse_bbc']))
         {
            $context['package_readme'] = preg_replace('~\[[/]?html\]~i', '', $context['package_readme']);
            $context['package_readme'] = parse_bbc($context['package_readme']);
         }

./Sources/Post.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.11 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

   if (isset($_REQUEST['preview']))
      return Post();
Replace With: [Select]

   if (isset($_REQUEST['preview']))
   {
      checkSession();
      return Post();
   }

./Sources/Subs-Auth.php

Operation #1
Find: [Select]

* Software Version: SMF 1.1.19 *
Replace With: [Select]

* Software Version: SMF 1.1.20 *

Operation #2
Find: [Select]

   global $txt, $mtitle, $mmessage, $context;
Replace With: [Select]

   global $txt, $mtitle, $mmessage, $context, $func;

Operation #3
Find: [Select]

   $context['title'] = &$mtitle;
Replace With: [Select]

   $context['title'] = $func['htmlspecialchars']($mtitle);