MyBB Community Forums

This update only applies to those running 1.02 already. If you are not running 1.02, see this announcement

As much as I hate to do this, it has to be done.

With the previous update we announced, it was noticed that one of the files was missing from the update, and one of the others was an older revision. Partly i'm to blame, and partly to blame is KDiff for not highlighting these changes and using the latest revision of the code.

The affected files are usercp.php and inc/functions_upload.php.

Anyone who has downloaded the 1.02 release from the official site need not worry, as both files were the latest in the 1.02 download.

For other users, we recommend that you upload these files (attached to this post) or use the manual patching instructions (in a post to follow), to update your board immediately.

This past two weeks haven't been the best for us in terms of security related updates so it has prompted us to perform an audit of the code and release any updates we find fixing any problems. We'll try to provide manual patching instructions where possible.

I've also updated the release announcement to contain these modified files.

Any discussion regarding this update can be done in the existing 1.02 update discussion thread.

Regards,
Chris

Manual Patching Instructions

Please follow the following instructions if you wish to manually apply this update to your forums.


1. Open inc/functions_upload.php

Find:

	if(!is_uploaded_file($attachment['tmp_name']))

Above it add:

	$attachment['name'] = addslashes($attachment['name']);

2. Open usercp.php

Find:

	$updatedoptions = array(

Above it add:

	if($mybb->input['threadmode'] != "threaded")
	{
		$mybb->input['threadmode'] = "linear";
	}

All done.