Advertisement:

Navigation

Readme

This patch file will provide security fixes to your SMF 2.0 forum.

File Edits

./index.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.1

Operation #2
Find: [Select]
$forum_version = 'SMF 2.0';
Replace With: [Select]
$forum_version = 'SMF 2.0.1';

./Sources/Subs-Menu.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.1

./Sources/Subs-Members.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.1

Operation #2
Find: [Select]
create_function('$string', '
$num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;' . (empty($context['utf8']) ? '
return $num < 0x20 ? \'\' : ($num < 0x80 ? chr($num) : \'&#\' . $string . \';\');' : '
Replace With: [Select]
create_function('$string', '
$num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;
if ($num === 0x202E || $num === 0x202D) return \'\'; if (in_array($num, array(0x22, 0x26, 0x27, 0x3C, 0x3E))) return \'&#\' . $num . \';\';' .
(empty($context['utf8']) ? 'return $num < 0x20 ? \'\' : ($num < 0x80 ? chr($num) : \'&#\' . $string . \';\');' : '

./Sources/Load.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.1

Operation #2
Find: [Select]
create_function('$string', '
$num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;
return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num == 0x202E ? \'\' : \'&#\' . $num . \';\';'),
Replace With: [Select]
create_function('$string', '
$num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;
return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num === 0x202E || $num === 0x202D ? \'\' : \'&#\' . $num . \';\';'),

./Sources/ManageMaintenance.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.1

Operation #2
Find: [Select]
$_POST['maxdays'] = (int) $_POST['maxdays'];
if (!empty($_POST['groups']) && $_POST['maxdays'])
Replace With: [Select]
$_POST['maxdays'] = empty($_POST['maxdays']) ? 0 : (int) $_POST['maxdays'];
if (!empty($_POST['groups']) && $_POST['maxdays'] > 0)

./Sources/Subs-Package.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.1

Operation #2
Find: [Select]
// Build an array of parts.
$versions[$id] = array(
'major' => (int) $parts[1],
'minor' => (int) $parts[2],
'patch' => (int) $parts[3],
'type' => empty($parts[4]) ? 'stable' : $parts[4],
'type_major' => (int) $parts[5],
'type_minor' => (int) $parts[6],
'dev' => !empty($parts[7]),
);
Replace With: [Select]
// Build an array of parts.
$versions[$id] = array(
'major' => (int) $parts[1],
'minor' => !empty($parts[2]) ? (int) $parts[2] : 0,
'patch' => !empty($parts[3]) ? (int) $parts[3] : 0,
'type' => empty($parts[4]) ? 'stable' : $parts[4],
'type_major' => !empty($parts[6]) ? (int) $parts[5] : 0,
'type_minor' => !empty($parts[6]) ? (int) $parts[6] : 0,
'dev' => !empty($parts[7]),
);

./Sources/ModerationCenter.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.1

Operation #2
Find: [Select]
$menuOptions = array(
'action' => 'moderate',
);
Replace With: [Select]
$menuOptions = array(
'action' => 'moderate',
'disable_url_session_check' => true,
);