This patch file will provide important security fixes to your SMF 2.0.10 forum.

File Edits ALT + Click to collapse all the operations

./index.php

Find: Select

* @version 2.0.10
Replace With: Select

* @version 2.0.11
Find: Select

$forum_version = 'SMF 2.0.10';
Replace With: Select

$forum_version = 'SMF 2.0.11';

./Sources/Load.php

Find: Select
@version 2.0.10
Replace With: Select
@version 2.0.11
Find: Select
list ($id_member, $password) = @unserialize($_COOKIE[$cookiename]);
Replace With: Select
list ($id_member, $password) = safe_unserialize($_COOKIE[$cookiename]);
Find: Select
list ($id_member, $password, $login_span) = @unserialize($_SESSION['login_' . $cookiename]);
Replace With: Select
list ($id_member, $password, $login_span) = safe_unserialize($_SESSION['login_' . $cookiename]);

./Sources/LogInOut.php

Find: Select
@version 2.0.7
Replace With: Select
@version 2.0.11
Find: Select
list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
Replace With: Select
list (, , $timeout) = safe_unserialize($_COOKIE[$cookiename]);
Find: Select
list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
Replace With: Select
list (, , $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);

./Sources/ManageMembers.php

Find: Select
@version 2.0
Replace With: Select
@version 2.0.11
Find: Select
$_POST += @unserialize(base64_decode($_REQUEST['params']));
Replace With: Select
$_POST += safe_unserialize(base64_decode($_REQUEST['params']));

./Sources/Modlog.php

Find: Select
@version 2.0.7
Replace With: Select
@version 2.0.11
Find: Select
$search_params = @unserialize($search_params);
Replace With: Select
$search_params = safe_unserialize($search_params);

./Sources/Packages.php

Find: Select
@version 2.0.10
Replace With: Select
@version 2.0.11
Find: Select
$potententialTrees = unserialize(base64_decode($_GET['back_look']));
Replace With: Select
$potententialTrees = safe_unserialize(base64_decode($_GET['back_look']));
Find: Select
$_POST['permStatus'] = unserialize(base64_decode($_POST['toProcess']));
Replace With: Select
$_POST['permStatus'] = safe_unserialize(base64_decode($_POST['toProcess']));
Find: Select
$context['directory_list'] = isset($_POST['dirList']) ? unserialize(base64_decode($_POST['dirList'])) : array();
Replace With: Select
$context['directory_list'] = isset($_POST['dirList']) ? safe_unserialize(base64_decode($_POST['dirList'])) : array();
Find: Select
$context['special_files'] = unserialize(base64_decode($_POST['specialFiles']));
Replace With: Select
$context['special_files'] = safe_unserialize(base64_decode($_POST['specialFiles']));

./Sources/Subs-Auth.php

Find: Select
@version 2.0.9
Replace With: Select
@version 2.0.11
Find: Select
$array = @unserialize($_COOKIE[$cookiename]);
Replace With: Select
$array = safe_unserialize($_COOKIE[$cookiename]);

./Sources/Subs-Editor.php

Find: Select
@version 2.0.8
Replace With: Select
@version 2.0.11
Find: Select
$context['search_param'] = isset($_REQUEST['search_param']) ? unserialize(base64_decode($_REQUEST['search_param'])) : array();
Replace With: Select
$context['search_param'] = isset($_REQUEST['search_param']) ? safe_unserialize(base64_decode($_REQUEST['search_param'])) : array();

./Sources/Subs-OpenID.php

Find: Select
@version 2.0
Replace With: Select
@version 2.0.11
Find: Select
$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
Replace With: Select
$context['openid_save_fields'] = isset($_GET['sf']) ? safe_unserialize(base64_decode($_GET['sf'])) : array();

./Sources/Subs.php

Find: Select
@version 2.0.8
Replace With: Select
@version 2.0.11
Find: Select
void remove_integration_function(string hook, string function)
- removes the given function from the given hook.
- does nothing if the functions is not available.
Replace With: Select
void remove_integration_function(string hook, string function)
- removes the given function from the given hook.
- does nothing if the functions is not available.

array safe_unserialize(string data)
- sanitizes input before unserializing string.
Find: Select
function return_chr__preg_callback($matches)
{
return chr($matches[1]);
}
Replace With: Select
function return_chr__preg_callback($matches)
{
return chr($matches[1]);
}

function safe_unserialize($data)
{
// There's no reason input should contain an object,
// user is up to no good...
if (preg_match('/(^|;|{|})O:([0-9]|\+|\-)+/', $data) === 0)
return @unserialize($data);
}
Advertisement: