September 25, 2021, 08:32:49 AM

News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord


This patch file will fix several security issues for your SMF 1.1.19 forum.

File Edits ALT + Click to collapse all the operations

./index.php

Find: Select

* Software Version: SMF 1.1.19 *
Replace With: Select

* Software Version: SMF 1.1.20 *
Find: Select

$forum_version = 'SMF 1.1.19';
Replace With: Select

$forum_version = 'SMF 1.1.20';

./Sources/PackageGet.php

Find: Select

* Software Version: SMF 1.1.12 *
Replace With: Select

* Software Version: SMF 1.1.20 *
Find: Select

$package['href'] = $url . '/' . $package['filename'];
$package['name'] = htmlspecialchars($package['name']);
Replace With: Select

$package['href'] = $url . '/' . $package['filename'];

./Sources/Subs-Package.php

Find: Select

* Software Version: SMF 1.1.12 *
Replace With: Select

* Software Version: SMF 1.1.20 *
Find: Select

// Ignore errors with borked installed.list's.
list ($name, $file, $id, $version) = array_pad(explode('|^|', $installed_mods[$i]), 4, '');
Replace With: Select

// Ignore errors with borked installed.list's.
$info = array_pad(explode('|^|', $installed_mods[$i]), 4, '');

list ($name, $file, $id, $version) = htmlspecialchars__recursive($info);
Find: Select

$data .= trim($packageInfo['name']) . '|^|' . trim($packageInfo['filename']) . '|^|' . trim($packageInfo['id']) . '|^|' . trim($packageInfo['version']) . "\n";
Replace With: Select

$keys = array('name', 'filename', 'id', 'version');
foreach($keys as $key)
{
// Yay for variable variables...
${"package_$key"} = trim(un_htmlspecialchars($packageInfo[$key]));
}
$data .= $package_name . '|^|' . $package_filename . '|^|' . $package_id . '|^|' . $package_version . "\n";
Find: Select

$package = $packageInfo->to_array();
$package['xml'] = $packageInfo;
$package['filename'] = $gzfilename;
Replace With: Select

$package = $packageInfo->to_array();
$package = htmlspecialchars__recursive($package);
$package['xml'] = $packageInfo;
$package['filename'] = $gzfilename;

// Don't want to mess with code...
$types = array('install', 'uninstall', 'upgrade');
foreach($types as $type)
{
if (isset($package[$type]['code']))
{
$package[$type]['code'] = un_htmlspecialchars($package[$type]['code']);
}
}

./Sources/Packages.php

Find: Select

* Software Version: SMF 1.1.16 *
Replace With: Select

* Software Version: SMF 1.1.20 *
Find: Select

if (!empty($action['parse_bbc']))
$context['package_readme'] = parse_bbc($context['package_readme']);
Replace With: Select

if (!empty($action['parse_bbc']))
{
$context['package_readme'] = preg_replace('~\[[/]?html\]~i', '', $context['package_readme']);
$context['package_readme'] = parse_bbc($context['package_readme']);
}

./Sources/Post.php

Find: Select

* Software Version: SMF 1.1.11 *
Replace With: Select

* Software Version: SMF 1.1.20 *
Find: Select

if (isset($_REQUEST['preview']))
return Post();
Replace With: Select

if (isset($_REQUEST['preview']))
{
checkSession();
return Post();
}

./Sources/Subs-Auth.php

Find: Select

* Software Version: SMF 1.1.19 *
Replace With: Select

* Software Version: SMF 1.1.20 *
Find: Select

global $txt, $mtitle, $mmessage, $context;
Replace With: Select

global $txt, $mtitle, $mmessage, $context, $func;
Find: Select

$context['title'] = &$mtitle;
Replace With: Select

$context['title'] = $func['htmlspecialchars']($mtitle);
Advertisement: