SMF 2.0
SMF 2.0.18 to SMF 2.0.19
SMF 2.0.17 to SMF 2.0.18
SMF 2.0.16 to SMF 2.0.17
SMF 2.0.15 to SMF 2.0.16
SMF 2.0.14 to SMF 2.0.15
SMF 2.0.13 to SMF 2.0.14
SMF 2.0.12 to SMF 2.0.13
SMF 2.0.11 to SMF 2.0.12
SMF 2.0.10 to SMF 2.0.11
SMF 2.0.9 to SMF 2.0.10
SMF 2.0.8 to SMF 2.0.9
SMF 2.0.7 to SMF 2.0.8
SMF 2.0.6 to SMF 2.0.7
SMF 2.0.5 to SMF 2.0.6
SMF 2.0.4 to SMF 2.0.5
SMF 2.0.3 to SMF 2.0.4
SMF 2.0.2 to SMF 2.0.3
SMF 2.0.1 to SMF 2.0.2
SMF 2.0 to SMF 2.0.1
SMF 2.0 RC4 to SMF 2.0 RC4 Security Patch
SMF 2.0 RC1-1 to SMF 2.0 RC1.2
SMF 2.0 RC1 to SMF 2.0 RC1-1
SMF 2.0 Beta 3 to SMF 2.0 Beta 3.1 Public

Update to SMF 2.0.11 - Installation Instructions for 2.0.10

Update to SMF 2.0.11

Readme

This patch file will provide important security fixes to your SMF 2.0.10 forum.

File Edits ALT + Click to collapse all the operations

./index.php

Find: Select

* @version 2.0.10
Replace With: Select

* @version 2.0.11
Find: Select

$forum_version = 'SMF 2.0.10';
Replace With: Select

$forum_version = 'SMF 2.0.11';

./Sources/Load.php

Find: Select
@version 2.0.10
Replace With: Select
@version 2.0.11
Find: Select
list ($id_member, $password) = @unserialize($_COOKIE[$cookiename]);
Replace With: Select
list ($id_member, $password) = safe_unserialize($_COOKIE[$cookiename]);
Find: Select
list ($id_member, $password, $login_span) = @unserialize($_SESSION['login_' . $cookiename]);
Replace With: Select
list ($id_member, $password, $login_span) = safe_unserialize($_SESSION['login_' . $cookiename]);

./Sources/LogInOut.php

Find: Select
@version 2.0.7
Replace With: Select
@version 2.0.11
Find: Select
list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
Replace With: Select
list (, , $timeout) = safe_unserialize($_COOKIE[$cookiename]);
Find: Select
list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
Replace With: Select
list (, , $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);

./Sources/ManageMembers.php

Find: Select
@version 2.0
Replace With: Select
@version 2.0.11
Find: Select
$_POST += @unserialize(base64_decode($_REQUEST['params']));
Replace With: Select
$_POST += safe_unserialize(base64_decode($_REQUEST['params']));

./Sources/Modlog.php

Find: Select
@version 2.0.7
Replace With: Select
@version 2.0.11
Find: Select
$search_params = @unserialize($search_params);
Replace With: Select
$search_params = safe_unserialize($search_params);

./Sources/Packages.php

Find: Select
@version 2.0.10
Replace With: Select
@version 2.0.11
Find: Select
$potententialTrees = unserialize(base64_decode($_GET['back_look']));
Replace With: Select
$potententialTrees = safe_unserialize(base64_decode($_GET['back_look']));
Find: Select
$_POST['permStatus'] = unserialize(base64_decode($_POST['toProcess']));
Replace With: Select
$_POST['permStatus'] = safe_unserialize(base64_decode($_POST['toProcess']));
Find: Select
$context['directory_list'] = isset($_POST['dirList']) ? unserialize(base64_decode($_POST['dirList'])) : array();
Replace With: Select
$context['directory_list'] = isset($_POST['dirList']) ? safe_unserialize(base64_decode($_POST['dirList'])) : array();
Find: Select
$context['special_files'] = unserialize(base64_decode($_POST['specialFiles']));
Replace With: Select
$context['special_files'] = safe_unserialize(base64_decode($_POST['specialFiles']));

./Sources/Subs-Auth.php

Find: Select
@version 2.0.9
Replace With: Select
@version 2.0.11
Find: Select
$array = @unserialize($_COOKIE[$cookiename]);
Replace With: Select
$array = safe_unserialize($_COOKIE[$cookiename]);

./Sources/Subs-Editor.php

Find: Select
@version 2.0.8
Replace With: Select
@version 2.0.11
Find: Select
$context['search_param'] = isset($_REQUEST['search_param']) ? unserialize(base64_decode($_REQUEST['search_param'])) : array();
Replace With: Select
$context['search_param'] = isset($_REQUEST['search_param']) ? safe_unserialize(base64_decode($_REQUEST['search_param'])) : array();

./Sources/Subs-OpenID.php

Find: Select
@version 2.0
Replace With: Select
@version 2.0.11
Find: Select
$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
Replace With: Select
$context['openid_save_fields'] = isset($_GET['sf']) ? safe_unserialize(base64_decode($_GET['sf'])) : array();

./Sources/Subs.php

Find: Select
@version 2.0.8
Replace With: Select
@version 2.0.11
Find: Select
void remove_integration_function(string hook, string function)
- removes the given function from the given hook.
- does nothing if the functions is not available.
Replace With: Select
void remove_integration_function(string hook, string function)
- removes the given function from the given hook.
- does nothing if the functions is not available.

array safe_unserialize(string data)
- sanitizes input before unserializing string.
Find: Select
function return_chr__preg_callback($matches)
{
return chr($matches[1]);
}
Replace With: Select
function return_chr__preg_callback($matches)
{
return chr($matches[1]);
}

function safe_unserialize($data)
{
// There's no reason input should contain an object,
// user is up to no good...
if (preg_match('/(^|;|{|})O:([0-9]|\+|\-)+/', $data) === 0)
return @unserialize($data);
}
Advertisement: