SMF 2.0.12 to 2.0.13

GitHub

News:

Bored? Looking to kill some time? Want to chat with other SMF users? Join us in IRC chat or Discord

Advertisement:

SMF 2.0.12 to 2.0.13

Navigation

Readme

This patch will provide important security and bug fixes to your 2.0.12 forum.

Changelog
=========
index.php
- Updated version to 2.0.13

Sources/Calendar.php
- Updated version to 2.0.12

Sources/ManagePosts.php
- Updated version to 2.0.12

Sources/Display.php
- Updated version to 2.0.12

Sources/Subscriptions-PayPal.php
- Updated version to 2.0.12

Sources/Themes.php
- Updated version to 2.0.13
- Added session check.

Sources/LogInOut.php
- Updated version to 2.0.13
- Added sanitization to $_REQUEST['u']

Sources/Reminder.php
- Updated version to 2.0.13
- Check and sinitization for $_POST['user']
- Isset $_REQUEST['uid'] if ! then $_REQUEST['uid'] = 0

Sources/PackageGet.php (Special thanks to Q)
- Updated version to 2.0.13
- Added sanitization of package site
- Added session check

Sources/Subs-Post.php
- Updated version to 2.0.13
- Rollback of 2.0.12 empty BBC

Sources/Subs.php
- Updated version to 2.0.13
- Remove some limits in safe_unserialize()

Special Thanks
- Q

File Edits

./index.php

Operation #1

* @version 2.0.12

Replace With: [Select]

* @version 2.0.13

Operation #2

$forum_version = 'SMF 2.0.12';

Replace With: [Select]

$forum_version = 'SMF 2.0.13';

./Sources/Calendar.php

Operation #1

@version 2.0.11

Replace With: [Select]

@version 2.0.12

./Sources/ManagePosts.php

Operation #1

@version 2.0

Replace With: [Select]

@version 2.0.12

./Sources/Display.php

Operation #1

@version 2.0.11

Replace With: [Select]

@version 2.0.12

./Sources/Subscriptions-PayPal.php

Operation #1

@version 2.0.10

Replace With: [Select]

@version 2.0.12

This operation isn't vital to the installation of this mod.

./Sources/Themes.php

Operation #1

@version 2.0.12

Replace With: [Select]

@version 2.0.13

Operation #2

$context[$context['admin_menu_name']]['current_subsection'] = 'edit';

Replace With: [Select]

checkSession();

	$context[$context['admin_menu_name']]['current_subsection'] = 'edit';

./Sources/LogInOut.php

Operation #1

@version 2.0.12

Replace With: [Select]

@version 2.0.13

Operation #2

global $txt, $context, $scripturl;

Replace With: [Select]

global $txt, $context, $scripturl, $smcFunc;

Operation #3

$context['default_username'] = &$_REQUEST['u'];

Replace With: [Select]

$context['default_username'] = isset($_REQUEST['u']) ? preg_replace('~&amp;#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', $smcFunc['htmlspecialchars']($_REQUEST['u'])) : '';

./Sources/Reminder.php

Operation #1

@version 2.0.4

Replace With: [Select]

@version 2.0.13

Operation #2

// Coming with a known ID?

Replace With: [Select]

$_POST['user'] = isset($_POST['user']) ? $smcFunc['htmlspecialchars']($_POST['user']) : '';
	$_REQUEST['uid'] = (int) isset($_REQUEST['uid']) ? $_REQUEST['uid'] : 0;

	// Coming with a known ID?

./Sources/PackageGet.php

Operation #1

@version 2.0.9

Replace With: [Select]

@version 2.0.13

Operation #2

$authorhompage = $thisPackage->fetch('website');

Replace With: [Select]

$authorhompage = $smcFunc['htmlspecialchars']($thisPackage->fetch('website'));

Operation #3

// Setup the correct template, even though I'll admit we ain't downloading ;)

Replace With: [Select]

checkSession();

	// Setup the correct template, even though I'll admit we ain't downloading ;)

./Sources/Subs-Post.php

Operation #1

@version 2.0.12

Replace With: [Select]

@version 2.0.13

This operation isn't vital to the installation of this mod.

Operation #2


	$message = preg_replace_callback('~\[nobbc\](.+?)\[/nobbc\]~is', 'nobbc__preg_callback', $message);

	// Remove empty bbc.
	$message = preg_replace('~\[([^\]=\s]+)[^\]]*\](?' . '>\s|(?R))*?\[/\1\]\s?~i', '', $message);

Replace With: [Select]


	$message = preg_replace_callback('~\[nobbc\](.+?)\[/nobbc\]~is', 'nobbc__preg_callback', $message);

./Sources/Subs.php

Operation #1

@version 2.0.12

Replace With: [Select]

@version 2.0.13

This operation isn't vital to the installation of this mod.

Operation #2

// Input exceeds 4096.
	if(strlen($str) > 4096)
		return false;

	// Input  is not a string.

Replace With: [Select]

// Input is not a string.

This operation isn't vital to the installation of this mod.

Operation #3

case 3: // In array, expecting value or another array.
				if($type == 'a')
				{
					// Array nesting exceeds 3.
					if(count($stack) >= 3)
						return false;

Replace With: [Select]

case 3: // In array, expecting value or another array.
				if($type == 'a')
				{

This operation isn't vital to the installation of this mod.

Operation #4

case 0:
				if($type == 'a')
				{
					// Array nesting exceeds 3.
					if(count($stack) >= 3)
						return false;

Replace With: [Select]

case 0:
				if($type == 'a')
				{

This operation isn't vital to the installation of this mod.

Operation #5

if($type == 'i' || $type == 's')
				{
					// Array size exceeds 256.
					if(count($list) >= 256)
						return false;

					// Array size exceeds expected length.

Replace With: [Select]

if($type == 'i' || $type == 's')
				{
					// Array size exceeds expected length.

This operation isn't vital to the installation of this mod.

Copyright © 2017 Simple Machines. All Rights Reserved.
XHTML
RSS
WAP2

Page created in 0.086 seconds with 8 queries.
Page served by: 10.0.100.135 (10.0.100.111)