Discuss: MyBB 1.4.3 Released - Security Update
#21
(10-28-2008, 04:13 AM)labrocca Wrote:  Well...didn't mean to imply you would forget them but I didn't see a bug list so I was wondering why they weren't included.I was sort of expecting a maintenance release as a lot of bugs are getting marked as fixed recently.

Due to unfortunate circumstances this release had to be pushed out swiftly...
#22
This user has been denied support. This user has been denied support.
Well...still hoping to bang out as much as possible these coming days to maybe speed along a maintenance release with some solid bug fixes. I get a lot of feedback on other forums and I know with each maintenance release Mybb comes ever so much closer to perfection.
#23
Nice update guys!
It says the update came out October 28 but it's still the 27th...
An error has occured...
#24
(10-28-2008, 05:19 AM)danrulz98 Wrote:  Nice update guys!
It says the update came out October 28 but it's still the 27th...
Take into consideration time zones of different people.
#25
my first update @ the magic world of myBB.

Thanks
#26
This user has been denied support. This user has been denied support.
(10-28-2008, 05:36 AM)tempo Wrote:  my first update @ the magic world of myBB.

Thanks

Presto Chango 1.4.3 Oh!

Yea..that easy.
#27
Hmm... it didn't say whether the upgrader was required?
#28
(10-28-2008, 07:19 AM)hamster Wrote:  Hmm... it didn't say whether the upgrader was required?
Then no, it isn't required.

If the download doesn't contain an /install folder then there is no need to run the upgrade script.
#29
(10-28-2008, 07:25 AM)rh1n0 Wrote:  Then no, it isn't required.

If the download doesn't contain an /install folder then there is no need to run the upgrade script.

Ok cool Smile
#30
Hi,
In MyBB 1.2.14 in "attachment.php" there is not this line that we must patch it!

PHP Code:
if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false && strpos($attachment['filetype'], "image") === false

It is all content of "attachment.php" in MyBB 1.2.14:

PHP Code:
<?php
/**
 * MyBB 1.2
 * Copyright  2006 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/eula.html
 *
 * $Id: attachment.php 3595 2008-01-09 00:10:57Z Tikitiki $
 */

define("IN_MYBB"1);

require_once 
"./global.php";

// Find the AID we're looking for
if($mybb->input['thumbnail'])
{
    
$aid intval($mybb->input['thumbnail']);
}
else
{
    
$aid intval($mybb->input['aid']);
}

$plugins->run_hooks("attachment_start");

$pid intval($mybb->input['pid']);

// Select attachment data from database
if($aid)
{
    
$query $db->simple_select(TABLE_PREFIX."attachments""*""aid='{$aid}'");
}
else
{
    
$query $db->simple_select(TABLE_PREFIX."attachments""*""pid='{$pid}'");
}
$attachment $db->fetch_array($query);
$pid $attachment['pid'];

$post get_post($pid);
$thread get_thread($post['tid']);

if(!
$thread['tid'] && !$mybb->input['thumbnail'])
{
    
error($lang->error_invalidthread);
}
$fid $thread['fid'];

// Get forum info
$forum get_forum($fid);

// Permissions
$forumpermissions forum_permissions($fid);

// No Permission page if user cannot view or download attachments in this forum (if not calling the thumbnail)
if(($forumpermissions['canview'] == "no" || $forumpermissions['candlattachments'] == "no") && !$mybb->input['thumbnail'])
{
    
error_no_permission();
}

// Error if attachment is invalid or not visible
if(!$attachment['aid'] || !$attachment['attachname'] || (is_moderator($fid) == 'no' && $attachment['visible'] != 1))
{
    
error($lang->error_invalidattachment);
}

if(!
$mybb->input['thumbnail']) // Only increment the download count if this is not a thumbnail
{
    
$attachupdate = array(
        
"downloads" => $attachment['downloads']+1,
    );
    
$db->update_query(TABLE_PREFIX."attachments"$attachupdate"aid='{$attachment['aid']}'");
}
$attachment['filename'] = rawurlencode($attachment['filename']);

$plugins->run_hooks("attachment_end");

if(
$mybb->input['thumbnail'])
{
    
$ext get_extension($attachment['thumbnail']);
    switch(
$ext)
    {
        case 
"gif":
            
$type "image/gif";
            break;
        case 
"bmp":
            
$type "image/bmp";
            break;
        case 
"png":
            
$type "image/png";
            break;
        case 
"jpg":
        case 
"jpeg":
        case 
"jpe":
            
$type "image/jpeg";
            break;
        default:
            
$type "image/unknown";
            break;
    }
    
header("Content-disposition: filename={$attachment['filename']}");
    
header("Content-type: ".$type);
    
$thumb $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
    
header("Content-length: ".@filesize($thumb));
    echo 
file_get_contents($thumb);
}
else
{
    
$ext get_extension($attachment['filename']);
    if(
$ext == "txt" || $ext == "htm" || $ext == "html" || $ext == "pdf")
    {
        
header("Content-disposition: attachment; filename={$attachment['filename']}");
    }
    else
    {
        
header("Content-disposition: inline; filename={$attachment['filename']}");
    }    
    
header("Content-type: {$attachment['filetype']}");
    
header("Content-length: {$attachment['filesize']}");
    echo 
file_get_contents($mybb->settings['uploadspath']."/".$attachment['attachname']);
}
?>

Thank you.


Forum Jump:


Users browsing this thread: 1 Guest(s)