Advertisement:

Navigation

Readme

This patch file will provide security and bug fixes to your SMF 2.0.2 forum.

File Edits

./index.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.2
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3

Operation #2
Find: [Select]
$forum_version = 'SMF 2.0.2';
Replace With: [Select]
$forum_version = 'SMF 2.0.3';

./SSI.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3

Operation #2
Find: [Select]
		SELECT id_first_msg
FROM {db_prefix}topics
WHERE id_board = {int:current_board}' . ($modSettings['postmod_active'] ? '
AND approved = {int:is_approved}' : '') . '
ORDER BY id_first_msg DESC
Replace With: [Select]
		SELECT t.id_first_msg
FROM {db_prefix}topics as t
LEFT JOIN {db_prefix}boards as b ON (b.id_board = t.id_board)
WHERE t.id_board = {int:current_board}' . ($modSettings['postmod_active'] ? '
AND t.approved = {int:is_approved}' : '') . '
AND {query_see_board}
ORDER BY t.id_first_msg DESC

Operation #3
Find: [Select]
function ssi_queryPosts($query_where = '', $query_where_params = array(), $query_limit = '', $query_order = 'm.id_msg DESC', $output_method = 'echo', $limit_body = false)
Replace With: [Select]
function ssi_queryPosts($query_where = '', $query_where_params = array(), $query_limit = 10, $query_order = 'm.id_msg DESC', $output_method = 'echo', $limit_body = false, $override_permissions = false)

Operation #4
Find: [Select]
		' . (empty($query_where) ? '' : 'WHERE ' . $query_where) . '
ORDER BY ' . $query_order . '
' . ($query_limit == '' ? '' : 'LIMIT ' . $query_limit),
array_merge($query_where_params, array(
'current_member' => $user_info['id'],
Replace With: [Select]
		WHERE 1=1 ' . ($override_permissions ? '' : '
AND {query_wanna_see_board}') . ($modSettings['postmod_active'] ? '
AND m.approved = {int:is_approved}' : '') . '
' . (empty($query_where) ? '' : 'AND ' . $query_where) . '
ORDER BY ' . $query_order . '
' . ($query_limit == '' ? '' : 'LIMIT ' . $query_limit),
array_merge($query_where_params, array(
'current_member' => $user_info['id'],
'is_approved' => 1,

./Sources/Modlog.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3

Operation #2
Find: [Select]
					<input type="text" name="search" size="18" value="' . $context['search']['string'] . '" class="input_text" /> <input type="submit" name="is_search" value="' . $txt['modlog_go'] . '" class="button_submit" />
Replace With: [Select]
					<input type="text" name="search" size="18" value="' . $smcFunc['htmlspecialchars']($context['search']['string']) . '" class="input_text" /> <input type="submit" name="is_search" value="' . $txt['modlog_go'] . '" class="button_submit" />

./Sources/Security.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3

Operation #2
Find: [Select]
		if ($good_password || $_POST['admin_hash_pass'] == sha1($user_info['passwd'] . $sc))
{
$_SESSION['admin_time'] = time();
return;
}
Replace With: [Select]
		if ($good_password || $_POST['admin_hash_pass'] == sha1($user_info['passwd'] . $sc))
{
$_SESSION['admin_time'] = time();
unset($_SESSION['request_referer']);
return;
}

Operation #3
Find: [Select]
		if ($good_password || sha1(strtolower($user_info['username']) . $_POST['admin_pass']) == $user_info['passwd'])
{
$_SESSION['admin_time'] = time();
return;
}
Replace With: [Select]
		if ($good_password || sha1(strtolower($user_info['username']) . $_POST['admin_pass']) == $user_info['passwd'])
{
$_SESSION['admin_time'] = time();
unset($_SESSION['request_referer']);
return;
}

Operation #4
Find: [Select]
		$_SESSION['admin_time'] = time();
return;
}

// Need to type in a password for that, man.
Replace With: [Select]
		$_SESSION['admin_time'] = time();
unset($_SESSION['request_referer']);
return;
}

// Better be sure to remember the real referer
if (empty($_SESSION['request_referer']))
$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
elseif (empty($_POST))
unset($_SESSION['request_referer']);
// Need to type in a password for that, man.

Operation #5
Find: [Select]
	$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
Replace With: [Select]
	if (isset($_SESSION['request_referer']))
$referrer = $_SESSION['request_referer'];
else
$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();

./Sources/Subscriptions-PayPal.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3

Operation #2
Find: [Select]
		if (function_exists('curl_init') && $curl = curl_init('http://www.', !empty($modSettings['paidsubs_test']) ? 'sandbox.' : '', 'paypal.com/cgi-bin/webscr'))
{
// Set the post data.
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDSIZE, 0);
curl_setopt($curl, CURLOPT_POSTFIELDS, $requestString);
Replace With: [Select]
		if (function_exists('curl_init') && $curl = curl_init((!empty($modSettings['paidsubs_test']) ? 'https://www.sandbox.' : 'http://www.') . 'paypal.com/cgi-bin/webscr'))
{
// Set the post data.
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDSIZE, 0);
curl_setopt($curl, CURLOPT_POSTFIELDS, $requestString);

curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_FORBID_REUSE, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Host: www.' . (!empty($modSettings['paidsubs_test']) ? 'sandbox.' : '') . 'paypal.com',
'Connection: close'
));

Operation #3
Find: [Select]
			// Setup the headers.
$header = 'POST /cgi-bin/webscr HTTP/1.0' . "\r\n";
$header .= 'Content-Type: application/x-www-form-urlencoded' . "\r\n";
$header .= 'Content-Length: ' . strlen ($requestString) . "\r\n\r\n";

// Open the connection.
$fp = fsockopen('www.' . (!empty($modSettings['paidsubs_test']) ? 'sandbox.' : '') . 'paypal.com', 80, $errno, $errstr, 30);
Replace With: [Select]
			// Setup the headers.
$header = 'POST /cgi-bin/webscr HTTP/1.1' . "\r\n";
$header .= 'Content-Type: application/x-www-form-urlencoded' . "\r\n";
$header .= 'Host: www.' . (!empty($modSettings['paidsubs_test']) ? 'sandbox.' : '') . 'paypal.com' . "\r\n";
$header .= 'Content-Length: ' . strlen ($requestString) . "\r\n";
$header .= 'Connection: close' . "\r\n\r\n";

// Open the connection.
if (!empty($modSettings['paidsubs_test']))
$fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
else
$fp = fsockopen('www.paypal.com', 80, $errno, $errstr, 30);

Operation #4
Find: [Select]
				if (strcmp($this->return_data, 'VERIFIED') == 0)
Replace With: [Select]
				if (strcmp(trim($this->return_data), 'VERIFIED') == 0)

Operation #5
Find: [Select]
		if (strcmp($this->return_data, 'VERIFIED') != 0)
Replace With: [Select]
		if (strcmp(trim($this->return_data), 'VERIFIED') != 0)

Operation #6
Find: [Select]
		if (substr($_POST['txn_type'], 0, 14) == 'subscr_payment')
Replace With: [Select]
		if (substr($_POST['txn_type'], 0, 14) == 'subscr_payment' && $_POST['payment_status'] == 'Completed')

Operation #7
Find: [Select]
		return $_POST['tax'] + $_POST['mc_gross'];
Replace With: [Select]
		return (isset($_POST['tax']) ? $_POST['tax'] : 0) + $_POST['mc_gross'];

./Sources/ManagePaid.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.2
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3

Operation #2
Find: [Select]
			if (is_file($sourcedir .'/'. $file) && preg_match('~Subscriptions-([A-Za-z\d]+)\.php~', $file, $matches))
Replace With: [Select]
			if (is_file($sourcedir .'/'. $file) && preg_match('~^Subscriptions-([A-Za-z\d]+)\.php$~', $file, $matches))

./Sources/QueryString.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3

Operation #2
Find: [Select]
	return preg_replace('~[\x00-\x08\x0B\x0C\x0E-\x19' . ($context['utf8'] ? (@version_compare(PHP_VERSION, '4.3.3') != -1 ? '\x{D800}-\x{DFFF}\x{FFFE}\x{FFFF}' : "\xED\xA0\x80-\xED\xBF\xBF\xEF\xBF\xBE\xEF\xBF\xBF") : '') . ']~' . ($context['utf8'] ? 'u' : ''), '', $string);
Replace With: [Select]
	return preg_replace('~[\x00-\x08\x0B\x0C\x0E-\x19' . ($context['utf8'] ? (@version_compare(PHP_VERSION, '4.3.3') != -1 ? '\x{FFFE}\x{FFFF}' : "\xED\xA0\x80-\xED\xBF\xBF\xEF\xBF\xBE\xEF\xBF\xBF") : '') . ']~' . ($context['utf8'] ? 'u' : ''), '', $string);

./Sources/Load.php

Operation #1
Find: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.2
Replace With: [Select]
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3

Operation #2
Find: [Select]
		if (isset($_REQUEST[session_name()]) && preg_match('~^[A-Za-z0-9]{16,32}$~', $_REQUEST[session_name()]) == 0 && !isset($_COOKIE[session_name()]))
Replace With: [Select]
		if (isset($_REQUEST[session_name()]) && preg_match('~^[A-Za-z0-9,-]{16,32}$~', $_REQUEST[session_name()]) == 0 && !isset($_COOKIE[session_name()]))

Operation #3
Find: [Select]
function sessionRead($session_id)
{
global $smcFunc;

if (preg_match('~^[A-Za-z0-9]{16,32}$~', $session_id) == 0)
Replace With: [Select]
function sessionRead($session_id)
{
global $smcFunc;

if (preg_match('~^[A-Za-z0-9,-]{16,32}$~', $session_id) == 0)

Operation #4
Find: [Select]
function sessionWrite($session_id, $data)
{
global $smcFunc;

if (preg_match('~^[A-Za-z0-9]{16,32}$~', $session_id) == 0)
Replace With: [Select]
function sessionWrite($session_id, $data)
{
global $smcFunc;

if (preg_match('~^[A-Za-z0-9,-]{16,32}$~', $session_id) == 0)

Operation #5
Find: [Select]
function sessionDestroy($session_id)
{
global $smcFunc;

if (preg_match('~^[A-Za-z0-9]{16,32}$~', $session_id) == 0)
Replace With: [Select]
function sessionDestroy($session_id)
{
global $smcFunc;

if (preg_match('~^[A-Za-z0-9,-]{16,32}$~', $session_id) == 0)