September 25, 2021, 09:14:48 AM

News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord


This patch file will provide security fixes to your SMF 2.0 RC4 forum.

File Edits ALT + Click to collapse all the operations

./SSI.php

Find: Select
// Load the stuff like the menu bar, etc.
if (isset($ssi_layers))
Replace With: Select
// Do we allow guests in here?
if (empty($ssi_guest_access) && empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && basename($_SERVER['PHP_SELF']) != 'SSI.php')
{
require_once($sourcedir . '/Subs-Auth.php');
KickGuest();
obExit(null, true);
}

// Load the stuff like the menu bar, etc.
if (isset($ssi_layers))
Find: Select
if (isset($_GET['ssi_function']) && function_exists('ssi_' . $_GET['ssi_function']))
Replace With: Select
if (isset($_GET['ssi_function']) && function_exists('ssi_' . $_GET['ssi_function']) && (!empty($modSettings['allow_guestAccess']) || !$user_info['is_guest']))

./ssi_examples.php

Find: Select
// Include the SSI file.
require(dirname(__FILE__) . '/SSI.php');
Replace With: Select
/* Define $ssi_guest_access variable just before including SSI.php to handle guest access to your script.
false: (default) fallback to forum setting
true: allow guest access to the script regardless
*/
$ssi_guest_access = false;

// Include the SSI file.
require(dirname(__FILE__) . '/SSI.php');

./Sources/Load.php

Find: Select
// If we no longer have the member maybe they're being all hackey, stop brute force!
if (!$id_member || !empty($user_settings['passwd_flood']))
Replace With: Select
// If we no longer have the member maybe they're being all hackey, stop brute force!
if (!$id_member)

./Sources/ManageNews.php

Find: Select
if (trim($news) == '')
unset($_POST['news'][$i]);
else
preparsecode($_POST['news'][$i]);
Replace With: Select
if (trim($news) == '')
unset($_POST['news'][$i]);
else
{
$_POST['news'][$i] = $smcFunc['htmlspecialchars']($_POST['news'][$i], ENT_QUOTES);
preparsecode($_POST['news'][$i]);
}
Find: Select
'unparsed' => $smcFunc['htmlspecialchars'](un_preparsecode($line)),
Replace With: Select
'unparsed' => un_preparsecode($line),

./Sources/QueryString.php

Find: Select
// Now make absolutely sure it's a number.
$board = (int) $_REQUEST['board'];
Replace With: Select
// Now make absolutely sure it's a number.
$board = (int) $_REQUEST['board'];
$_REQUEST['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
Find: Select
// There should be a $_REQUEST['start'], some at least. If you need to default to other than 0, use $_GET['start'].
if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0)
Replace With: Select
// There should be a $_REQUEST['start'], some at least. If you need to default to other than 0, use $_GET['start'].
if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647)

./Sources/Search.php

Find: Select
if ($createTemporary)
$main_query['parameters']['id_search'] = $_SESSION['search_cache']['id_search'];
Replace With: Select
if (!$createTemporary)
$main_query['parameters']['id_search'] = $_SESSION['search_cache']['id_search'];
Find: Select
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}' . ($createTemporary ? 'tmp_' : '') . 'log_search_topics AS lst ON (lst.id_topic = t.id_topic)
' . (empty($modSettings['search_max_results']) ? '' : '
LIMIT ' . ($modSettings['search_max_results'] - $_SESSION['search_cache']['num_results'])),
Replace With: Select
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}' . ($createTemporary ? 'tmp_' : '') . 'log_search_topics AS lst ON (lst.id_topic = t.id_topic)'
. ($createTemporary ? '' : 'WHERE lst.id_search = {int:id_search}')
. (empty($modSettings['search_max_results']) ? '' : '
LIMIT ' . ($modSettings['search_max_results'] - $_SESSION['search_cache']['num_results'])),

./Sources/Subs.php

Find: Select
// Save whether $start was less than 0 or not.
$start_invalid = $start < 0;
Replace With: Select
// Save whether $start was less than 0 or not.
$start = (int) $start;
$start_invalid = $start < 0;

./Sources/Who.php

This operation isn't vital to the installation of this mod.
Find: Select
'mods' => array(
Replace With: Select
'mods' => array(
'SMF 2.0 RC4 Security Patch',

./Themes/default/Packages.template.php

Find: Select
window.smfVersion = "', $context['forum_version'], '";
Replace With: Select
window.smfVersion = "', $context['forum_version'], '";
window.smfRC4patch = true;

./Themes/default/languages/index.english.php

This operation isn't vital to the installation of this mod.
Find: Select
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank" class="new_win">SMF &copy; 2006&ndash;2010, Simple Machines LLC</a>';
Replace With: Select
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank" class="new_win">SMF &copy; 2006&ndash;2011, Simple Machines LLC</a>';

./Themes/default/languages/Admin.english.php

This operation isn't vital to the installation of this mod.
Find: Select
$txt['admin_news_desc'] = 'Please place one news item per box. Some BBC tags, such as <span title="Are you bold?">[b]</span>, <span title="I tall icks!!">[i]</span> and <span title="Brackets are great, no?">[u]</span> are allowed in your news, as well as smileys and HTML. Clear a news item\'s text box to remove it.';
Replace With: Select
$txt['admin_news_desc'] = 'Please place one news item per box. BBC tags, such as <span title="Are you bold?">[b]</span>, <span title="I tall icks!!">[i]</span> and <span title="Brackets are great, no?">[u]</span> are allowed in your news, as well as smileys. Clear a news item\'s text box to remove it.';
Advertisement: