SMF 1.0.8 to 1.0.9

Navigation

Readme

This patch file will upgrade SMF 1.0.8 to 1.0.9 in order to fix a vulnerability that was found in SMF.

File Edits

./index.php

Operation #1

Find: [Select]

* Software Version: SMF 1.0.8 *

Replace With: [Select]

* Software Version: SMF 1.0.9 *

Operation #2

Find: [Select]

$forum_version = 'SMF 1.0.8';

Replace With: [Select]

$forum_version = 'SMF 1.0.9';

./changelog.txt

Operation #1

Find: [Select]

SMF 1.0.8 21 August 2006

Replace With: [Select]

SMF 1.0.9                                                        29 October 2006
================================================================================
October 2006
--------------------------------------------------------------------------------
 ! Fixed the page title on the user account deletion confirmation page. (Profile.php)
 ! Some search parameters weren't being sanatized when accessing a previous search, leading to a potential XSS vulnerability (Search.php)
 ! Minor typo in PlushSearch2 prevented "user" search parameter from being remembered when trying to access a previous search (Search.php)
 ! Make sure to clean all strings when registering a new member. (Register.php)

SMF 1.0.8                                                         21 August 2006

./Sources/Search.php

Operation #1

Find: [Select]

* Software Version: SMF 1.0.7 *

Replace With: [Select]

* Software Version: SMF 1.0.9 *

Operation #2

Find: [Select]

	if (isset($context['search_params']['userspec']))
		$context['search_params']['userspec'] = htmlspecialchars(stripslashes($context['search_params']['userspec']));

Add After: [Select]

	if (!empty($context['search_params']['searchtype']))
		$context['search_params']['searchtype'] = 2;
	if (!empty($context['search_params']['minage']))
		$context['search_params']['minage'] = (int) $context['search_params']['minage'];
	if (!empty($context['search_params']['maxage']))
		$context['search_params']['maxage'] = (int) $context['search_params']['maxage'];

	$context['search_params']['show_complete'] = !empty($context['search_params']['show_complete']);
	$context['search_params']['subject_only'] = !empty($context['search_params']['subject_only']);

Operation #3

Find: [Select]

if (!empty($search_params['user_spec']) || (!empty($_REQUEST['userspec']) && $_REQUEST['userspec'] != '*'))

Replace With: [Select]

if (!empty($search_params['userspec']) || (!empty($_REQUEST['userspec']) && $_REQUEST['userspec'] != '*'))

./Sources/Profile.php

Operation #1

Find: [Select]

* Software Version: SMF 1.0.8 *

Replace With: [Select]

* Software Version: SMF 1.0.9 *

Operation #2

Find: [Select]

global $txt, $context, $ID_MEMBER;

Replace With: [Select]

global $txt, $context, $ID_MEMBER, $user_profile;

Operation #3

Find: [Select]

$context['page_title'] = $txt['deleteAccount'] . ': ' . $txt[144];

Replace With: [Select]

$context['page_title'] = $txt['deleteAccount'] . ': ' . $user_profile[$memID]['realName'];

./Sources/Register.php

Operation #1

Find: [Select]

* Software Version: SMF 1.0.3 *

Replace With: [Select]

* Software Version: SMF 1.0.9 *

Operation #2

Find: [Select]

$register_vars[$var] = '\'' . $_POST[$var] . '\'';

Replace With: [Select]

$register_vars[$var] = '\'' . htmlspecialchars($_POST[$var]) . '\'';

News:

SMF 1.0.8 to 1.0.9

Navigation

Search

Readme

File Edits

./index.php

./changelog.txt

./Sources/Search.php

./Sources/Profile.php

./Sources/Register.php