Current time: 08-01-2014, 10:31 PM Hello There, Guest! (LoginRegister)


Discuss: MyBB 1.4.3 Released - Security Update
10-28-2008, 05:05 AM
Post: #21
RE: Discuss: MyBB 1.4.3 Released - Security Update
(10-28-2008 04:13 AM)labrocca Wrote:  Well...didn't mean to imply you would forget them but I didn't see a bug list so I was wondering why they weren't included.I was sort of expecting a maintenance release as a lot of bugs are getting marked as fixed recently.

Due to unfortunate circumstances this release had to be pushed out swiftly...
Visit this user's website Find all posts by this user
10-28-2008, 05:08 AM
Post: #22
RE: Discuss: MyBB 1.4.3 Released - Security Update
This user has been denied support. This user has been denied support.
Well...still hoping to bang out as much as possible these coming days to maybe speed along a maintenance release with some solid bug fixes. I get a lot of feedback on other forums and I know with each maintenance release Mybb comes ever so much closer to perfection.
Visit this user's website Find all posts by this user
10-28-2008, 05:19 AM
Post: #23
RE: Discuss: MyBB 1.4.3 Released - Security Update
Nice update guys!
It says the update came out October 28 but it's still the 27th...

An error has occured...
Visit this user's website Find all posts by this user
10-28-2008, 05:36 AM
Post: #24
RE: Discuss: MyBB 1.4.3 Released - Security Update
(10-28-2008 05:19 AM)danrulz98 Wrote:  Nice update guys!
It says the update came out October 28 but it's still the 27th...
Take into consideration time zones of different people.
Find all posts by this user
10-28-2008, 05:36 AM
Post: #25
RE: Discuss: MyBB 1.4.3 Released - Security Update
my first update @ the magic world of myBB.

Thanks
Visit this user's website Find all posts by this user
10-28-2008, 05:38 AM
Post: #26
RE: Discuss: MyBB 1.4.3 Released - Security Update
This user has been denied support. This user has been denied support.
(10-28-2008 05:36 AM)tempo Wrote:  my first update @ the magic world of myBB.

Thanks

Presto Chango 1.4.3 Oh!

Yea..that easy.
Visit this user's website Find all posts by this user
10-28-2008, 07:19 AM
Post: #27
RE: Discuss: MyBB 1.4.3 Released - Security Update
Hmm... it didn't say whether the upgrader was required?

izFree - Free, Fast and Reliable Hosting with No Ads, PHP 5, MySQL 5!
HUGTHETREES.com - Show your love for the environment by hugging the trees now!
Visit this user's website Find all posts by this user
10-28-2008, 07:25 AM
Post: #28
RE: Discuss: MyBB 1.4.3 Released - Security Update
(10-28-2008 07:19 AM)hamster Wrote:  Hmm... it didn't say whether the upgrader was required?
Then no, it isn't required.

If the download doesn't contain an /install folder then there is no need to run the upgrade script.
Find all posts by this user
10-28-2008, 07:42 AM
Post: #29
RE: Discuss: MyBB 1.4.3 Released - Security Update
(10-28-2008 07:25 AM)rh1n0 Wrote:  Then no, it isn't required.

If the download doesn't contain an /install folder then there is no need to run the upgrade script.

Ok cool Smile

izFree - Free, Fast and Reliable Hosting with No Ads, PHP 5, MySQL 5!
HUGTHETREES.com - Show your love for the environment by hugging the trees now!
Visit this user's website Find all posts by this user
10-28-2008, 08:32 AM (This post was last modified: 10-28-2008 08:53 AM by SaeedGh.)
Post: #30
RE: Discuss: MyBB 1.4.3 Released - Security Update
Hi,
In MyBB 1.2.14 in "attachment.php" there is not this line that we must patch it!

PHP Code:
if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false && strpos($attachment['filetype'], "image") === false

It is all content of "attachment.php" in MyBB 1.2.14:

PHP Code:
<?php
/**
 * MyBB 1.2
 * Copyright  2006 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/eula.html
 *
 * $Id: attachment.php 3595 2008-01-09 00:10:57Z Tikitiki $
 */

define("IN_MYBB"1);

require_once 
"./global.php";

// Find the AID we're looking for
if($mybb->input['thumbnail'])
{
    
$aid intval($mybb->input['thumbnail']);
}
else
{
    
$aid intval($mybb->input['aid']);
}

$plugins->run_hooks("attachment_start");

$pid intval($mybb->input['pid']);

// Select attachment data from database
if($aid)
{
    
$query $db->simple_select(TABLE_PREFIX."attachments""*""aid='{$aid}'");
}
else
{
    
$query $db->simple_select(TABLE_PREFIX."attachments""*""pid='{$pid}'");
}
$attachment $db->fetch_array($query);
$pid $attachment['pid'];

$post get_post($pid);
$thread get_thread($post['tid']);

if(!
$thread['tid'] && !$mybb->input['thumbnail'])
{
    
error($lang->error_invalidthread);
}
$fid $thread['fid'];

// Get forum info
$forum get_forum($fid);

// Permissions
$forumpermissions forum_permissions($fid);

// No Permission page if user cannot view or download attachments in this forum (if not calling the thumbnail)
if(($forumpermissions['canview'] == "no" || $forumpermissions['candlattachments'] == "no") && !$mybb->input['thumbnail'])
{
    
error_no_permission();
}

// Error if attachment is invalid or not visible
if(!$attachment['aid'] || !$attachment['attachname'] || (is_moderator($fid) == 'no' && $attachment['visible'] != 1))
{
    
error($lang->error_invalidattachment);
}

if(!
$mybb->input['thumbnail']) // Only increment the download count if this is not a thumbnail
{
    
$attachupdate = array(
        
"downloads" => $attachment['downloads']+1,
    );
    
$db->update_query(TABLE_PREFIX."attachments"$attachupdate"aid='{$attachment['aid']}'");
}
$attachment['filename'] = rawurlencode($attachment['filename']);

$plugins->run_hooks("attachment_end");

if(
$mybb->input['thumbnail'])
{
    
$ext get_extension($attachment['thumbnail']);
    switch(
$ext)
    {
        case 
"gif":
            
$type "image/gif";
            break;
        case 
"bmp":
            
$type "image/bmp";
            break;
        case 
"png":
            
$type "image/png";
            break;
        case 
"jpg":
        case 
"jpeg":
        case 
"jpe":
            
$type "image/jpeg";
            break;
        default:
            
$type "image/unknown";
            break;
    }
    
header("Content-disposition: filename={$attachment['filename']}");
    
header("Content-type: ".$type);
    
$thumb $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
    
header("Content-length: ".@filesize($thumb));
    echo 
file_get_contents($thumb);
}
else
{
    
$ext get_extension($attachment['filename']);
    if(
$ext == "txt" || $ext == "htm" || $ext == "html" || $ext == "pdf")
    {
        
header("Content-disposition: attachment; filename={$attachment['filename']}");
    }
    else
    {
        
header("Content-disposition: inline; filename={$attachment['filename']}");
    }    
    
header("Content-type: {$attachment['filetype']}");
    
header("Content-length: {$attachment['filesize']}");
    echo 
file_get_contents($mybb->settings['uploadspath']."/".$attachment['attachname']);
}
?>

Thank you.
Find all posts by this user


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication