+--------------------------------------------------------------------------------+ | MyBB 1.2.13 - Security Update Patch File | | (c) 2008 MyBB Group. | | | | This patch file fixes some high and medium risk issues in MyBB 1.2.12 | | | | Please follow the instructions documented to manually patch your board. | +--------------------------------------------------------------------------------+ =============== 1. portal.php =============== Find: -- $attachment['name'] = htmlspecialchars_uni($attachment['name']); -- Replace with: -- $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); -- =============== 2. inc/functions_post.php =============== Find: -- $attachment['name'] = htmlspecialchars_uni($attachment['name']); -- Replace with: -- $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); -- =============== 3. inc/datahandler/user.php =============== -- Find: -- $this->user_update_data['language'] = $user['language']; -- Replace with: -- $this->user_update_data['language'] = $db->escape_string($user['language']); -- =============== 4. inc/class_language.php =============== -- Find BOTH instances: -- $language = str_replace(array("/", "\\", ".."), '', trim($language)); -- Replace with: -- $language = preg_replace("#[^a-z0-9\-_]#i", "", $language); -- =============== 5. inc/class_core.php (Version number change) =============== Find: -- /** * The friendly version number of MyBB we're running. * * @var string */ var $version = "1.2.12"; /** * The version code of MyBB we're running. * * @var integer */ var $version_code = 1212; -- Replace with: -- /** * The friendly version number of MyBB we're running. * * @var string */ var $version = "1.2.13"; /** * The version code of MyBB we're running. * * @var integer */ var $version_code = 1213; -- ALL DONE