There is a mistake in MyBB 1.2.4 patch:
$ip = $db->escape_string(preg_replace("#([^.0-9 ]*)#", $ip, ""));
should be
$ip = $db->escape_string(preg_replace("#([^\.0-9 ]*)#", "", $ip));
If possible it should be:
$ip = preg_replace("#([^\.0-9 ]+)#", "", $ip);
$ip = $db->escape_string(preg_replace("#([\.]{2,})#",'.', $ip ));
Thank you for the patch MyBB Group,
Hi,
The period (.) does not need to be escaped within character classes.
Please see the following for more information:
http://www.regular-expressions.info/charclass.html
Quote:Note that the only special characters or metacharacters inside a character class are the closing bracket (]), the backslash (\), the caret (^) and the hyphen (-). The usual metacharacters are normal characters inside a character class, and do not need to be escaped by a backslash.
Hey Chris, he was mainly pointing out that the last two variables appear swapped. The period wasn't the main point I don't think.
Quote:preg_replace ( mixed $pattern, mixed $replacement, mixed $subject [, int $limit [, int &$count]] )
Yes, the switching places is what I focused.
Thanks for noticing that, I hadn't even noticed it.
The only versions of the files affected were the changed files and manual patching instructions. However due to the escaping forums are completely safe.
I've updated the files accordingly.
Thanks again.
Where would that line be, so I can verify the validity of my installation/upgrade?
No problem, I've done that too.
It's in functions.php around line 1868
So how should the patch be looking by now?
Yes! Do we all need to redo the patch??
Chris said that the forums will stay secure. But I want to update it, though.