Advertisement:

Navigation

Readme

This patch file will provide important security fixes to your SMF 2.0.10 forum.

File Edits

./index.php

Operation #1
Find: [Select]

* @version 2.0.10
Replace With: [Select]

* @version 2.0.11

Operation #2
Find: [Select]

$forum_version = 'SMF 2.0.10';
Replace With: [Select]

$forum_version = 'SMF 2.0.11';

./Sources/Load.php

Operation #1
Find: [Select]
@version 2.0.10
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
list ($id_member, $password) = @unserialize($_COOKIE[$cookiename]);
Replace With: [Select]
list ($id_member, $password) = safe_unserialize($_COOKIE[$cookiename]);
Operation #3
Find: [Select]
list ($id_member, $password, $login_span) = @unserialize($_SESSION['login_' . $cookiename]);
Replace With: [Select]
list ($id_member, $password, $login_span) = safe_unserialize($_SESSION['login_' . $cookiename]);

./Sources/LogInOut.php

Operation #1
Find: [Select]
@version 2.0.7
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
Replace With: [Select]
list (, , $timeout) = safe_unserialize($_COOKIE[$cookiename]);
Operation #3
Find: [Select]
list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
Replace With: [Select]
list (, , $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);

./Sources/ManageMembers.php

Operation #1
Find: [Select]
@version 2.0
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
$_POST += @unserialize(base64_decode($_REQUEST['params']));
Replace With: [Select]
$_POST += safe_unserialize(base64_decode($_REQUEST['params']));

./Sources/Modlog.php

Operation #1
Find: [Select]
@version 2.0.7
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
$search_params = @unserialize($search_params);
Replace With: [Select]
$search_params = safe_unserialize($search_params);

./Sources/Packages.php

Operation #1
Find: [Select]
@version 2.0.10
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
$potententialTrees = unserialize(base64_decode($_GET['back_look']));
Replace With: [Select]
$potententialTrees = safe_unserialize(base64_decode($_GET['back_look']));
Operation #3
Find: [Select]
$_POST['permStatus'] = unserialize(base64_decode($_POST['toProcess']));
Replace With: [Select]
$_POST['permStatus'] = safe_unserialize(base64_decode($_POST['toProcess']));
Operation #4
Find: [Select]
$context['directory_list'] = isset($_POST['dirList']) ? unserialize(base64_decode($_POST['dirList'])) : array();
Replace With: [Select]
$context['directory_list'] = isset($_POST['dirList']) ? safe_unserialize(base64_decode($_POST['dirList'])) : array();
Operation #5
Find: [Select]
$context['special_files'] = unserialize(base64_decode($_POST['specialFiles']));
Replace With: [Select]
$context['special_files'] = safe_unserialize(base64_decode($_POST['specialFiles']));

./Sources/Subs-Auth.php

Operation #1
Find: [Select]
@version 2.0.9
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
$array = @unserialize($_COOKIE[$cookiename]);
Replace With: [Select]
$array = safe_unserialize($_COOKIE[$cookiename]);

./Sources/Subs-Editor.php

Operation #1
Find: [Select]
@version 2.0.8
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
$context['search_param'] = isset($_REQUEST['search_param']) ? unserialize(base64_decode($_REQUEST['search_param'])) : array();
Replace With: [Select]
$context['search_param'] = isset($_REQUEST['search_param']) ? safe_unserialize(base64_decode($_REQUEST['search_param'])) : array();

./Sources/Subs-OpenID.php

Operation #1
Find: [Select]
@version 2.0
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
Replace With: [Select]
$context['openid_save_fields'] = isset($_GET['sf']) ? safe_unserialize(base64_decode($_GET['sf'])) : array();

./Sources/Subs.php

Operation #1
Find: [Select]
@version 2.0.8
Replace With: [Select]
@version 2.0.11
Operation #2
Find: [Select]
   void remove_integration_function(string hook, string function)
      - removes the given function from the given hook.
      - does nothing if the functions is not available.
Replace With: [Select]
   void remove_integration_function(string hook, string function)
      - removes the given function from the given hook.
      - does nothing if the functions is not available.

   array safe_unserialize(string data)
      - sanitizes input before unserializing string.

Operation #3
Find: [Select]
function return_chr__preg_callback($matches)
{
   return chr($matches[1]);
}
Replace With: [Select]
function return_chr__preg_callback($matches)
{
   return chr($matches[1]);
}

function safe_unserialize($data)
{
   // There's no reason input should contain an object,
   // user is up to no good...
   if (preg_match('/(^|;|{|})O:([0-9]|\+|\-)+/', $data) === 0)
      return @unserialize($data);
}