SMF 2.0.10 to 2.0.11

Navigation

Readme

This patch file will provide important security fixes to your SMF 2.0.10 forum.

File Edits

./index.php

Operation #1


 * @version 2.0.10

Replace With: [Select]


 * @version 2.0.11

Operation #2

Find: [Select]


$forum_version = 'SMF 2.0.10';

Replace With: [Select]


$forum_version = 'SMF 2.0.11';

./Sources/Load.php

Operation #1

Find: [Select]

@version 2.0.10

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

list ($id_member, $password) = @unserialize($_COOKIE[$cookiename]);

Replace With: [Select]

list ($id_member, $password) = safe_unserialize($_COOKIE[$cookiename]);

Operation #3

Find: [Select]

list ($id_member, $password, $login_span) = @unserialize($_SESSION['login_' . $cookiename]);

Replace With: [Select]

list ($id_member, $password, $login_span) = safe_unserialize($_SESSION['login_' . $cookiename]);

./Sources/LogInOut.php

Operation #1

Find: [Select]

@version 2.0.7

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);

Replace With: [Select]

list (, , $timeout) = safe_unserialize($_COOKIE[$cookiename]);

Operation #3

Find: [Select]

list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);

Replace With: [Select]

list (, , $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);

./Sources/ManageMembers.php

Operation #1

Find: [Select]

@version 2.0

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

$_POST += @unserialize(base64_decode($_REQUEST['params']));

Replace With: [Select]

$_POST += safe_unserialize(base64_decode($_REQUEST['params']));

./Sources/Modlog.php

Operation #1

Find: [Select]

@version 2.0.7

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

$search_params = @unserialize($search_params);

Replace With: [Select]

$search_params = safe_unserialize($search_params);

./Sources/Packages.php

Operation #1

Find: [Select]

@version 2.0.10

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

$potententialTrees = unserialize(base64_decode($_GET['back_look']));

Replace With: [Select]

$potententialTrees = safe_unserialize(base64_decode($_GET['back_look']));

Operation #3

Find: [Select]

$_POST['permStatus'] = unserialize(base64_decode($_POST['toProcess']));

Replace With: [Select]

$_POST['permStatus'] = safe_unserialize(base64_decode($_POST['toProcess']));

Operation #4

Find: [Select]

$context['directory_list'] = isset($_POST['dirList']) ? unserialize(base64_decode($_POST['dirList'])) : array();

Replace With: [Select]

$context['directory_list'] = isset($_POST['dirList']) ? safe_unserialize(base64_decode($_POST['dirList'])) : array();

Operation #5

Find: [Select]

$context['special_files'] = unserialize(base64_decode($_POST['specialFiles']));

Replace With: [Select]

$context['special_files'] = safe_unserialize(base64_decode($_POST['specialFiles']));

./Sources/Subs-Auth.php

Operation #1

Find: [Select]

@version 2.0.9

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

$array = @unserialize($_COOKIE[$cookiename]);

Replace With: [Select]

$array = safe_unserialize($_COOKIE[$cookiename]);

./Sources/Subs-Editor.php

Operation #1

Find: [Select]

@version 2.0.8

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

$context['search_param'] = isset($_REQUEST['search_param']) ? unserialize(base64_decode($_REQUEST['search_param'])) : array();

Replace With: [Select]

$context['search_param'] = isset($_REQUEST['search_param']) ? safe_unserialize(base64_decode($_REQUEST['search_param'])) : array();

./Sources/Subs-OpenID.php

Operation #1

Find: [Select]

@version 2.0

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();

Replace With: [Select]

$context['openid_save_fields'] = isset($_GET['sf']) ? safe_unserialize(base64_decode($_GET['sf'])) : array();

./Sources/Subs.php

Operation #1

Find: [Select]

@version 2.0.8

Replace With: [Select]

@version 2.0.11

Operation #2

Find: [Select]

	void remove_integration_function(string hook, string function)
		- removes the given function from the given hook.
		- does nothing if the functions is not available.

Replace With: [Select]

	void remove_integration_function(string hook, string function)
		- removes the given function from the given hook.
		- does nothing if the functions is not available.

	array safe_unserialize(string data)
		- sanitizes input before unserializing string.

Operation #3

Find: [Select]

function return_chr__preg_callback($matches)
{
	return chr($matches[1]);
}

Replace With: [Select]

function return_chr__preg_callback($matches)
{
	return chr($matches[1]);
}

function safe_unserialize($data)
{
	// There's no reason input should contain an object,
	// user is up to no good...
	if (preg_match('/(^|;|{|})O:([0-9]|\+|\-)+/', $data) === 0)
		return @unserialize($data);
}

News:

SMF 2.0.10 to 2.0.11

Navigation

Search

Readme

File Edits

./index.php

./Sources/Load.php

./Sources/LogInOut.php

./Sources/ManageMembers.php

./Sources/Modlog.php

./Sources/Packages.php

./Sources/Subs-Auth.php

./Sources/Subs-Editor.php

./Sources/Subs-OpenID.php

./Sources/Subs.php