Advertisement:

Navigation

Readme

This patch file will provide security fixes to your SMF 2.0 RC4 forum.

File Edits

./SSI.php

Operation #1
Find: [Select]
// Load the stuff like the menu bar, etc.
if (isset($ssi_layers))
Replace With: [Select]
// Do we allow guests in here?
if (empty($ssi_guest_access) && empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && basename($_SERVER['PHP_SELF']) != 'SSI.php')
{
require_once($sourcedir . '/Subs-Auth.php');
KickGuest();
obExit(null, true);
}

// Load the stuff like the menu bar, etc.
if (isset($ssi_layers))

Operation #2
Find: [Select]
if (isset($_GET['ssi_function']) && function_exists('ssi_' . $_GET['ssi_function']))
Replace With: [Select]
if (isset($_GET['ssi_function']) && function_exists('ssi_' . $_GET['ssi_function']) && (!empty($modSettings['allow_guestAccess']) || !$user_info['is_guest']))

./ssi_examples.php

Operation #1
Find: [Select]
// Include the SSI file.
require(dirname(__FILE__) . '/SSI.php');
Replace With: [Select]
/* Define $ssi_guest_access variable just before including SSI.php to handle guest access to your script.
false: (default) fallback to forum setting
true: allow guest access to the script regardless
*/
$ssi_guest_access = false;

// Include the SSI file.
require(dirname(__FILE__) . '/SSI.php');

./Sources/Load.php

Operation #1
Find: [Select]
// If we no longer have the member maybe they're being all hackey, stop brute force!
if (!$id_member || !empty($user_settings['passwd_flood']))
Replace With: [Select]
// If we no longer have the member maybe they're being all hackey, stop brute force!
if (!$id_member)

./Sources/ManageNews.php

Operation #1
Find: [Select]
if (trim($news) == '')
unset($_POST['news'][$i]);
else
preparsecode($_POST['news'][$i]);
Replace With: [Select]
if (trim($news) == '')
unset($_POST['news'][$i]);
else
{
$_POST['news'][$i] = $smcFunc['htmlspecialchars']($_POST['news'][$i], ENT_QUOTES);
preparsecode($_POST['news'][$i]);
}

Operation #2
Find: [Select]
'unparsed' => $smcFunc['htmlspecialchars'](un_preparsecode($line)),
Replace With: [Select]
'unparsed' => un_preparsecode($line),

./Sources/QueryString.php

Operation #1
Find: [Select]
// Now make absolutely sure it's a number.
$board = (int) $_REQUEST['board'];
Replace With: [Select]
// Now make absolutely sure it's a number.
$board = (int) $_REQUEST['board'];
$_REQUEST['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;

Operation #2
Find: [Select]
// There should be a $_REQUEST['start'], some at least. If you need to default to other than 0, use $_GET['start'].
if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0)
Replace With: [Select]
// There should be a $_REQUEST['start'], some at least. If you need to default to other than 0, use $_GET['start'].
if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647)

./Sources/Search.php

Operation #1
Find: [Select]
if ($createTemporary)
$main_query['parameters']['id_search'] = $_SESSION['search_cache']['id_search'];
Replace With: [Select]
if (!$createTemporary)
$main_query['parameters']['id_search'] = $_SESSION['search_cache']['id_search'];

Operation #2
Find: [Select]
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}' . ($createTemporary ? 'tmp_' : '') . 'log_search_topics AS lst ON (lst.id_topic = t.id_topic)
' . (empty($modSettings['search_max_results']) ? '' : '
LIMIT ' . ($modSettings['search_max_results'] - $_SESSION['search_cache']['num_results'])),
Replace With: [Select]
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}' . ($createTemporary ? 'tmp_' : '') . 'log_search_topics AS lst ON (lst.id_topic = t.id_topic)'
. ($createTemporary ? '' : 'WHERE lst.id_search = {int:id_search}')
. (empty($modSettings['search_max_results']) ? '' : '
LIMIT ' . ($modSettings['search_max_results'] - $_SESSION['search_cache']['num_results'])),

./Sources/Subs.php

Operation #1
Find: [Select]
// Save whether $start was less than 0 or not.
$start_invalid = $start < 0;
Replace With: [Select]
// Save whether $start was less than 0 or not.
$start = (int) $start;
$start_invalid = $start < 0;

./Sources/Who.php

Operation #1
Find: [Select]
'mods' => array(
Replace With: [Select]
'mods' => array(
'SMF 2.0 RC4 Security Patch',
This operation isn't vital to the installation of this mod.

./Themes/default/Packages.template.php

Operation #1
Find: [Select]
window.smfVersion = "', $context['forum_version'], '";
Replace With: [Select]
window.smfVersion = "', $context['forum_version'], '";
window.smfRC4patch = true;

./Themes/default/languages/index.english.php

Operation #1
Find: [Select]
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank" class="new_win">SMF &copy; 2006&ndash;2010, Simple Machines LLC</a>';
Replace With: [Select]
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank" class="new_win">SMF &copy; 2006&ndash;2011, Simple Machines LLC</a>';
This operation isn't vital to the installation of this mod.

./Themes/default/languages/Admin.english.php

Operation #1
Find: [Select]
$txt['admin_news_desc'] = 'Please place one news item per box. Some BBC tags, such as <span title="Are you bold?">[b]</span>, <span title="I tall icks!!">[i]</span> and <span title="Brackets are great, no?">[u]</span> are allowed in your news, as well as smileys and HTML. Clear a news item\'s text box to remove it.';
Replace With: [Select]
$txt['admin_news_desc'] = 'Please place one news item per box. BBC tags, such as <span title="Are you bold?">[b]</span>, <span title="I tall icks!!">[i]</span> and <span title="Brackets are great, no?">[u]</span> are allowed in your news, as well as smileys. Clear a news item\'s text box to remove it.';
This operation isn't vital to the installation of this mod.