Advertisement:
Readme
This patch file will upgrade SMF 1.0.8 to 1.0.9 in order to fix a vulnerability that was found in SMF.
File Edits
./index.php
./changelog.txt
Operation #1
Find: [Select]
SMF 1.0.8 21 August 2006
Replace With: [Select]
SMF 1.0.9 29 October 2006
================================================================================
October 2006
--------------------------------------------------------------------------------
! Fixed the page title on the user account deletion confirmation page. (Profile.php)
! Some search parameters weren't being sanatized when accessing a previous search, leading to a potential XSS vulnerability (Search.php)
! Minor typo in PlushSearch2 prevented "user" search parameter from being remembered when trying to access a previous search (Search.php)
! Make sure to clean all strings when registering a new member. (Register.php)
SMF 1.0.8 21 August 2006
./Sources/Search.php
Operation #1
Find: [Select]
* Software Version: SMF 1.0.7 *
Replace With: [Select]
* Software Version: SMF 1.0.9 *
Operation #2
Find: [Select]
if (isset($context['search_params']['userspec']))
$context['search_params']['userspec'] = htmlspecialchars(stripslashes($context['search_params']['userspec']));
Add After: [Select]
if (!empty($context['search_params']['searchtype']))
$context['search_params']['searchtype'] = 2;
if (!empty($context['search_params']['minage']))
$context['search_params']['minage'] = (int) $context['search_params']['minage'];
if (!empty($context['search_params']['maxage']))
$context['search_params']['maxage'] = (int) $context['search_params']['maxage'];
$context['search_params']['show_complete'] = !empty($context['search_params']['show_complete']);
$context['search_params']['subject_only'] = !empty($context['search_params']['subject_only']);
./Sources/Profile.php
Operation #1
Find: [Select]
* Software Version: SMF 1.0.8 *
Replace With: [Select]
* Software Version: SMF 1.0.9 *