SMF 1.0
SMF 1.0.21 to SMF 1.0.23
SMF 1.0.21 to SMF 1.0.22
SMF 1.0.20 to SMF 1.0.21
SMF 1.0.19 to SMF 1.0.20
SMF 1.0.18 to SMF 1.0.19
SMF 1.0.17 to SMF 1.0.18
SMF 1.0.16 to SMF 1.0.17
SMF 1.0.15 to SMF 1.0.16
SMF 1.0.14 to SMF 1.0.15
SMF 1.0.13 to SMF 1.0.14
SMF 1.0.12 to SMF 1.0.13
SMF 1.0.11 to SMF 1.0.12
SMF 1.0.10 to SMF 1.0.11
SMF 1.0.9 to SMF 1.0.10
SMF 1.0.8 to SMF 1.0.9
SMF 1.0.7 to SMF 1.0.8
SMF 1.0.6 to SMF 1.0.7
SMF 1.0.5 to SMF 1.0.6
SMF 1.0.4 to SMF 1.0.5
SMF 1.0.3 to SMF 1.0.4
SMF 1.0.2 to SMF 1.0.3
SMF 1.0.1 to SMF 1.0.2
SMF 1.0 to SMF 1.0.1

Update to SMF 1.0.9 - Installation Instructions for 1.0.8

Update to SMF 1.0.9

Readme

This patch file will upgrade SMF 1.0.8 to 1.0.9 in order to fix a vulnerability that was found in SMF.

File Edits ALT + Click to collapse all the operations

./index.php

Find: Select
* Software Version: SMF 1.0.8 *
Replace With: Select
* Software Version: SMF 1.0.9 *
Find: Select
$forum_version = 'SMF 1.0.8';
Replace With: Select
$forum_version = 'SMF 1.0.9';

./changelog.txt

Find: Select
SMF 1.0.8 21 August 2006
Replace With: Select
SMF 1.0.9 29 October 2006
================================================================================
October 2006
--------------------------------------------------------------------------------
! Fixed the page title on the user account deletion confirmation page. (Profile.php)
! Some search parameters weren't being sanatized when accessing a previous search, leading to a potential XSS vulnerability (Search.php)
! Minor typo in PlushSearch2 prevented "user" search parameter from being remembered when trying to access a previous search (Search.php)
! Make sure to clean all strings when registering a new member. (Register.php)

SMF 1.0.8 21 August 2006

./Sources/Search.php

Find: Select
* Software Version: SMF 1.0.7 *
Replace With: Select
* Software Version: SMF 1.0.9 *
Find: Select
if (isset($context['search_params']['userspec']))
$context['search_params']['userspec'] = htmlspecialchars(stripslashes($context['search_params']['userspec']));
Add After: Select
if (!empty($context['search_params']['searchtype']))
$context['search_params']['searchtype'] = 2;
if (!empty($context['search_params']['minage']))
$context['search_params']['minage'] = (int) $context['search_params']['minage'];
if (!empty($context['search_params']['maxage']))
$context['search_params']['maxage'] = (int) $context['search_params']['maxage'];

$context['search_params']['show_complete'] = !empty($context['search_params']['show_complete']);
$context['search_params']['subject_only'] = !empty($context['search_params']['subject_only']);
Find: Select
if (!empty($search_params['user_spec']) || (!empty($_REQUEST['userspec']) && $_REQUEST['userspec'] != '*'))
Replace With: Select
if (!empty($search_params['userspec']) || (!empty($_REQUEST['userspec']) && $_REQUEST['userspec'] != '*'))

./Sources/Profile.php

Find: Select
* Software Version: SMF 1.0.8 *
Replace With: Select
* Software Version: SMF 1.0.9 *
Find: Select
global $txt, $context, $ID_MEMBER;
Replace With: Select
global $txt, $context, $ID_MEMBER, $user_profile;
Find: Select
$context['page_title'] = $txt['deleteAccount'] . ': ' . $txt[144];
Replace With: Select
$context['page_title'] = $txt['deleteAccount'] . ': ' . $user_profile[$memID]['realName'];

./Sources/Register.php

Find: Select
* Software Version: SMF 1.0.3 *
Replace With: Select
* Software Version: SMF 1.0.9 *
Find: Select
$register_vars[$var] = '\'' . $_POST[$var] . '\'';
Replace With: Select
$register_vars[$var] = '\'' . htmlspecialchars($_POST[$var]) . '\'';
Advertisement: