Advertisement:

Navigation

Readme

This patch will provide important security and bug fixes to your 2.0.12 forum.

Changelog
=========
index.php
- Updated version to 2.0.13

Sources/Calendar.php
- Updated version to 2.0.12

Sources/ManagePosts.php
- Updated version to 2.0.12

Sources/Display.php
- Updated version to 2.0.12

Sources/Subscriptions-PayPal.php
- Updated version to 2.0.12

Sources/Themes.php
- Updated version to 2.0.13
- Added session check.

Sources/LogInOut.php
- Updated version to 2.0.13
- Added sanitization to $_REQUEST['u']

Sources/Reminder.php
- Updated version to 2.0.13
- Check and sinitization for $_POST['user']
- Isset $_REQUEST['uid'] if ! then $_REQUEST['uid'] = 0

Sources/PackageGet.php (Special thanks to Q)
- Updated version to 2.0.13
- Added sanitization of package site
- Added session check

Sources/Subs-Post.php
- Updated version to 2.0.13
- Rollback of 2.0.12 empty BBC

Sources/Subs.php
- Updated version to 2.0.13
- Remove some limits in safe_unserialize()

Special Thanks
- Q

File Edits

./index.php

Operation #1
Find: [Select]
* @version 2.0.12
Replace With: [Select]
* @version 2.0.13
Operation #2
Find: [Select]
$forum_version = 'SMF 2.0.12';
Replace With: [Select]
$forum_version = 'SMF 2.0.13';

./Sources/Calendar.php

Operation #1
Find: [Select]
@version 2.0.11
Replace With: [Select]
@version 2.0.12

./Sources/ManagePosts.php

Operation #1
Find: [Select]
@version 2.0
Replace With: [Select]
@version 2.0.12

./Sources/Display.php

Operation #1
Find: [Select]
@version 2.0.11
Replace With: [Select]
@version 2.0.12

./Sources/Subscriptions-PayPal.php

Operation #1
Find: [Select]
@version 2.0.10
Replace With: [Select]
@version 2.0.12
This operation isn't vital to the installation of this mod.

./Sources/Themes.php

Operation #1
Find: [Select]
@version 2.0.12
Replace With: [Select]
@version 2.0.13
Operation #2
Find: [Select]
$context[$context['admin_menu_name']]['current_subsection'] = 'edit';
Replace With: [Select]
checkSession();

$context[$context['admin_menu_name']]['current_subsection'] = 'edit';

./Sources/LogInOut.php

Operation #1
Find: [Select]
@version 2.0.12
Replace With: [Select]
@version 2.0.13
Operation #2
Find: [Select]
global $txt, $context, $scripturl;
Replace With: [Select]
global $txt, $context, $scripturl, $smcFunc;
Operation #3
Find: [Select]
$context['default_username'] = &$_REQUEST['u'];
Replace With: [Select]
$context['default_username'] = isset($_REQUEST['u']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', $smcFunc['htmlspecialchars']($_REQUEST['u'])) : '';

./Sources/Reminder.php

Operation #1
Find: [Select]
@version 2.0.4
Replace With: [Select]
@version 2.0.13
Operation #2
Find: [Select]
// Coming with a known ID?
Replace With: [Select]
$_POST['user'] = isset($_POST['user']) ? $smcFunc['htmlspecialchars']($_POST['user']) : '';
$_REQUEST['uid'] = (int) isset($_REQUEST['uid']) ? $_REQUEST['uid'] : 0;

// Coming with a known ID?

./Sources/PackageGet.php

Operation #1
Find: [Select]
@version 2.0.9
Replace With: [Select]
@version 2.0.13
Operation #2
Find: [Select]
$authorhompage = $thisPackage->fetch('website');
Replace With: [Select]
$authorhompage = $smcFunc['htmlspecialchars']($thisPackage->fetch('website'));
Operation #3
Find: [Select]
// Setup the correct template, even though I'll admit we ain't downloading ;)
Replace With: [Select]
checkSession();

// Setup the correct template, even though I'll admit we ain't downloading ;)

./Sources/Subs-Post.php

Operation #1
Find: [Select]
@version 2.0.12
Replace With: [Select]
@version 2.0.13
This operation isn't vital to the installation of this mod.

Operation #2
Find: [Select]

$message = preg_replace_callback('~\[nobbc\](.+?)\[/nobbc\]~is', 'nobbc__preg_callback', $message);

// Remove empty bbc.
$message = preg_replace('~\[([^\]=\s]+)[^\]]*\](?' . '>\s|(?R))*?\[/\1\]\s?~i', '', $message);
Replace With: [Select]

$message = preg_replace_callback('~\[nobbc\](.+?)\[/nobbc\]~is', 'nobbc__preg_callback', $message);

./Sources/Subs.php

Operation #1
Find: [Select]
@version 2.0.12
Replace With: [Select]
@version 2.0.13
This operation isn't vital to the installation of this mod.

Operation #2
Find: [Select]
// Input exceeds 4096.
if(strlen($str) > 4096)
return false;

// Input is not a string.
Replace With: [Select]
// Input is not a string.
This operation isn't vital to the installation of this mod.

Operation #3
Find: [Select]
case 3: // In array, expecting value or another array.
if($type == 'a')
{
// Array nesting exceeds 3.
if(count($stack) >= 3)
return false;
Replace With: [Select]
case 3: // In array, expecting value or another array.
if($type == 'a')
{
This operation isn't vital to the installation of this mod.

Operation #4
Find: [Select]
case 0:
if($type == 'a')
{
// Array nesting exceeds 3.
if(count($stack) >= 3)
return false;
Replace With: [Select]
case 0:
if($type == 'a')
{
This operation isn't vital to the installation of this mod.

Operation #5
Find: [Select]
if($type == 'i' || $type == 's')
{
// Array size exceeds 256.
if(count($list) >= 256)
return false;

// Array size exceeds expected length.
Replace With: [Select]
if($type == 'i' || $type == 's')
{
// Array size exceeds expected length.
This operation isn't vital to the installation of this mod.