Advertisement:

Navigation

Readme

This patch file will update your forum to SMF 1.0.8.

File Edits

./index.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.7 *
Replace With: [Select]
* Software Version: SMF 1.0.8 *
Operation #2
Find: [Select]
$forum_version = 'SMF 1.0.7';
Replace With: [Select]
$forum_version = 'SMF 1.0.8';

./changelog.txt

Operation #1
Find: [Select]
SMF 1.0.7 29 March 2006
Replace With: [Select]
SMF 1.0.8 21 August 2006
================================================================================
August 2006
--------------------------------------------------------------------------------
! Some message table values weren't stored properly. (Post.php)
! Fixed unset not working properly in all cases due to a vulnerability in PHP. (QueryString.php, Profile.php, Post.php)


July 2006
--------------------------------------------------------------------------------
! Block page requests attempting to modify the $GLOBALS variable. (QueryString.php)


================================================================================
April 2006
--------------------------------------------------------------------------------
! Added checking to the topic, board, and action REQUEST parameters to ensure they are not arrays prior to processing (QueryString.php)


SMF 1.0.7 29 March 2006

./Sources/Post.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.6 *
Replace With: [Select]
* Software Version: SMF 1.0.8 *
Operation #2
Find: [Select]
      $context['icon'] = preg_replace('~[\./\\\\*:"<>]~', '', $_REQUEST['icon']);
Replace With: [Select]
      $context['icon'] = preg_replace('~[\./\\\\*\':"<>]~', '', $_REQUEST['icon']);
Operation #3
Find: [Select]
         $_POST['guestname'] = $row['posterName'];
         $_POST['email'] = $row['posterEmail'];
Replace With: [Select]
         $_POST['guestname'] = addslashes($row['posterName']);
         $_POST['email'] = addslashes($row['posterEmail']);

Operation #4
Find: [Select]
            unset($_POST['options'][$k]);
Replace With: [Select]
            unset($_POST['options'][$k], $_POST['options'][$k]);
Operation #5
Find: [Select]
      $_POST['guestname'] = $user_info['username'];
      $_POST['email'] = $user_info['email'];
Replace With: [Select]
      $_POST['guestname'] = addslashes($user_info['username']);
      $_POST['email'] = addslashes($user_info['email']);

Operation #6
Find: [Select]
   $_POST['icon'] = preg_replace('~[\./\\\\*:"<>]~', '', $_POST['icon']);
Replace With: [Select]
   $_POST['icon'] = preg_replace('~[\./\\\\*\':"<>]~', '', $_POST['icon']);

./Sources/Profile.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.6 *
Replace With: [Select]
* Software Version: SMF 1.0.8 *
Operation #2
Find: [Select]
               unset($_POST['additionalGroups'][$i]);
Replace With: [Select]
               unset($_POST['additionalGroups'][$i], $_POST['additionalGroups'][$i]);

./Sources/QueryString.php

Operation #1
Find: [Select]
* Software Version: SMF 1.0.7 *
Replace With: [Select]
* Software Version: SMF 1.0.8 *
Operation #2
Find: [Select]
   unset($GLOBALS['HTTP_POST_VARS']);
   unset($GLOBALS['HTTP_POST_FILES']);
Replace With: [Select]
   unset($GLOBALS['HTTP_POST_VARS'], $GLOBALS['HTTP_POST_VARS']);
   unset($GLOBALS['HTTP_POST_FILES'], $GLOBALS['HTTP_POST_FILES']);

   // These keys shouldn't be set...ever.
   if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
      die('Invalid request variable.');

   // Same goes for numeric keys.
   foreach (array_merge(array_keys($_REQUEST), array_keys($_COOKIE), array_keys($_FILES)) as $key)
      if (is_numeric($key))
         die('Invalid request variable.');

Operation #3
Find: [Select]
      // If there's a slash in it, we've got a start value! (old, compatible links.)
Replace With: [Select]
      // Make sure we start with a string
      $_REQUEST['board'] = (string) $_REQUEST['board'];
      
      // If there's a slash in it, we've got a start value! (old, compatible links.)

Operation #4
Find: [Select]
      // Slash means old, beta style, formatting. That's okay though, the link should still work.
Replace With: [Select]
      // Make sure we start with a string
      $_REQUEST['topic'] = (string) $_REQUEST['topic'];
      
      // Slash means old, beta style, formatting. That's okay though, the link should still work.

Operation #5
Find: [Select]
   // Find the user's IP address. (but don't let it give you 'unknown'!)
Replace With: [Select]
   // The action needs to be a string and not an array or anything else   
   if (isset($_REQUEST['action']))
      $_REQUEST['action'] = (string) $_REQUEST['action'];
   if (isset($_GET['action']))
      $_GET['action'] = (string) $_GET['action'];

   // Find the user's IP address. (but don't let it give you 'unknown'!)