Update to SMF 1.0.8 - Installation Instructions for 1.0.7
Update to SMF 1.0.8
This patch file will update your forum to SMF 1.0.8.
Find: Select
SMF 1.0.7 29 March 2006
Replace With: Select
SMF 1.0.8 21 August 2006
================================================================================
August 2006
--------------------------------------------------------------------------------
! Some message table values weren't stored properly. (Post.php)
! Fixed unset not working properly in all cases due to a vulnerability in PHP. (QueryString.php, Profile.php, Post.php)
July 2006
--------------------------------------------------------------------------------
! Block page requests attempting to modify the $GLOBALS variable. (QueryString.php)
================================================================================
April 2006
--------------------------------------------------------------------------------
! Added checking to the topic, board, and action REQUEST parameters to ensure they are not arrays prior to processing (QueryString.php)
SMF 1.0.7 29 March 2006
Find: Select
$context['icon'] = preg_replace('~[\./\\\\*:"<>]~', '', $_REQUEST['icon']);
Replace With: Select
$context['icon'] = preg_replace('~[\./\\\\*\':"<>]~', '', $_REQUEST['icon']);
Find: Select
$_POST['guestname'] = $row['posterName'];
$_POST['email'] = $row['posterEmail'];
Replace With: Select
$_POST['guestname'] = addslashes($row['posterName']);
$_POST['email'] = addslashes($row['posterEmail']);
Find: Select
unset($_POST['options'][$k]);
Replace With: Select
unset($_POST['options'][$k], $_POST['options'][$k]);
Find: Select
unset($GLOBALS['HTTP_POST_VARS']);
unset($GLOBALS['HTTP_POST_FILES']);
Replace With: Select
unset($GLOBALS['HTTP_POST_VARS'], $GLOBALS['HTTP_POST_VARS']);
unset($GLOBALS['HTTP_POST_FILES'], $GLOBALS['HTTP_POST_FILES']);
// These keys shouldn't be set...ever.
if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
die('Invalid request variable.');
// Same goes for numeric keys.
foreach (array_merge(array_keys($_REQUEST), array_keys($_COOKIE), array_keys($_FILES)) as $key)
if (is_numeric($key))
die('Invalid request variable.');
Find: Select
// If there's a slash in it, we've got a start value! (old, compatible links.)
Replace With: Select
// Make sure we start with a string
$_REQUEST['board'] = (string) $_REQUEST['board'];
// If there's a slash in it, we've got a start value! (old, compatible links.)
Find: Select
// Slash means old, beta style, formatting. That's okay though, the link should still work.
Replace With: Select
// Make sure we start with a string
$_REQUEST['topic'] = (string) $_REQUEST['topic'];
// Slash means old, beta style, formatting. That's okay though, the link should still work.
Find: Select
// Find the user's IP address. (but don't let it give you 'unknown'!)
Replace With: Select
// The action needs to be a string and not an array or anything else
if (isset($_REQUEST['action']))
$_REQUEST['action'] = (string) $_REQUEST['action'];
if (isset($_GET['action']))
$_GET['action'] = (string) $_GET['action'];
// Find the user's IP address. (but don't let it give you 'unknown'!)