Discuss: MyBB 1.4.3 Released - Security Update
#11
Updating my BBs using 1.4, thanks.
#12
This user has been denied support. This user has been denied support.
So is this ONLY a security update? What about the fixes from 1.4.2? Are those still in the queue?
#13
(10-28-2008, 03:53 AM)labrocca Wrote:  So is this ONLY a security update? What about the fixes from 1.4.2? Are those still in the queue?
Of course, they will be fixed in a maintenance release. We won't just forget about people's bug reports and our developer's fixes. Smile
#14
This user has been denied support. This user has been denied support.
Well...didn't mean to imply you would forget them but I didn't see a bug list so I was wondering why they weren't included.I was sort of expecting a maintenance release as a lot of bugs are getting marked as fixed recently.
#15
Am I just late or am I just late LOL, how long this patch been out, just got the email few mins ago.
#16
(10-28-2008, 04:13 AM)labrocca Wrote:  Well...didn't mean to imply you would forget them but I didn't see a bug list so I was wondering why they weren't included.I was sort of expecting a maintenance release as a lot of bugs are getting marked as fixed recently.
In order for us to release a maintenance package we have to test the package extensively to make sure that things were not broken along the way. Meaning it would take longer to patch the security vulnerabilities and we wouldn't want that. Smile
#17
(10-28-2008, 04:16 AM)Demonic Wrote:  Am I just late or am I just late LOL, how long this patch been out, just got the email few mins ago.
Look at the time/date of the original post of the announcement.
#18
Also I think might be small minor error you guys should of modified in the "inc/adminfunctions_template.php"

On line 27 wouldn't you replace:

PHP Code:
$query $db->simple_select("templates""*""title='$title' AND sid='-2'"); 

with

PHP Code:
$query $db->simple_select("templates""*""title='" $db->escape_string($title) . "' AND sid='-2'"); 

Just saying..(No its not a security risk, but it can cause errors if a plugin developer messes up with the title)
#19
Successfully upgraded to Mybb 14.3. , Thanks to the Mybb Developing Team.

Smile Smile
#20
(10-28-2008, 04:22 AM)Demonic Wrote:  Also I think might be small minor error you guys should of modified in the "inc/adminfunctions_template.php"

On line 27 wouldn't you replace:

PHP Code:
$query $db->simple_select("templates""*""title='$title' AND sid='-2'"); 

with

PHP Code:
$query $db->simple_select("templates""*""title='" $db->escape_string($title) . "' AND sid='-2'"); 

Just saying..(No its not a security risk, but it can cause errors if a plugin developer messes up with the title)

A plugin developer can mess up a lot more than that Toungue
Dennis Tsang
http://dennistt.net


Forum Jump:


Users browsing this thread: 1 Guest(s)