MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Miscellaneous Archive > Old Announcements > Announcements Discussion > Discuss: MyBB 1.4.3 Released - Security Update
Full Version: Discuss: MyBB 1.4.3 Released - Security Update
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7

Ryan Gordon

2008-10-28, 05:05 AM
(2008-10-28, 04:13 AM)labrocca Wrote: [ -> ]Well...didn't mean to imply you would forget them but I didn't see a bug list so I was wondering why they weren't included.I was sort of expecting a maintenance release as a lot of bugs are getting marked as fixed recently.

Due to unfortunate circumstances this release had to be pushed out swiftly...

User 2877

2008-10-28, 05:08 AM
Well...still hoping to bang out as much as possible these coming days to maybe speed along a maintenance release with some solid bug fixes. I get a lot of feedback on other forums and I know with each maintenance release Mybb comes ever so much closer to perfection.

danrulz98

2008-10-28, 05:19 AM
Nice update guys!
It says the update came out October 28 but it's still the 27th...

Ryan Loos

2008-10-28, 05:36 AM
(2008-10-28, 05:19 AM)danrulz98 Wrote: [ -> ]Nice update guys!
It says the update came out October 28 but it's still the 27th...
Take into consideration time zones of different people.

tempo

2008-10-28, 05:36 AM
my first update @ the magic world of myBB.

Thanks

User 2877

2008-10-28, 05:38 AM
(2008-10-28, 05:36 AM)tempo Wrote: [ -> ]my first update @ the magic world of myBB.

Thanks

Presto Chango 1.4.3 Oh!

Yea..that easy.

hamster

2008-10-28, 07:19 AM
Hmm... it didn't say whether the upgrader was required?

Ryan Loos

2008-10-28, 07:25 AM
(2008-10-28, 07:19 AM)hamster Wrote: [ -> ]Hmm... it didn't say whether the upgrader was required?
Then no, it isn't required.

If the download doesn't contain an /install folder then there is no need to run the upgrade script.

hamster

2008-10-28, 07:42 AM
(2008-10-28, 07:25 AM)rh1n0 Wrote: [ -> ]Then no, it isn't required.

If the download doesn't contain an /install folder then there is no need to run the upgrade script.

Ok cool Smile

SaeedGh

2008-10-28, 08:32 AM
Hi,
In MyBB 1.2.14 in "attachment.php" there is not this line that we must patch it!

if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false && strpos($attachment['filetype'], "image") === false)

It is all content of "attachment.php" in MyBB 1.2.14:

<?php
/**
 * MyBB 1.2
 * Copyright  2006 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/eula.html
 *
 * $Id: attachment.php 3595 2008-01-09 00:10:57Z Tikitiki $
 */

define("IN_MYBB", 1);

require_once "./global.php";

// Find the AID we're looking for
if($mybb->input['thumbnail'])
{
	$aid = intval($mybb->input['thumbnail']);
}
else
{
	$aid = intval($mybb->input['aid']);
}

$plugins->run_hooks("attachment_start");

$pid = intval($mybb->input['pid']);

// Select attachment data from database
if($aid)
{
	$query = $db->simple_select(TABLE_PREFIX."attachments", "*", "aid='{$aid}'");
}
else
{
	$query = $db->simple_select(TABLE_PREFIX."attachments", "*", "pid='{$pid}'");
}
$attachment = $db->fetch_array($query);
$pid = $attachment['pid'];

$post = get_post($pid);
$thread = get_thread($post['tid']);

if(!$thread['tid'] && !$mybb->input['thumbnail'])
{
	error($lang->error_invalidthread);
}
$fid = $thread['fid'];

// Get forum info
$forum = get_forum($fid);

// Permissions
$forumpermissions = forum_permissions($fid);

// No Permission page if user cannot view or download attachments in this forum (if not calling the thumbnail)
if(($forumpermissions['canview'] == "no" || $forumpermissions['candlattachments'] == "no") && !$mybb->input['thumbnail'])
{
	error_no_permission();
}

// Error if attachment is invalid or not visible
if(!$attachment['aid'] || !$attachment['attachname'] || (is_moderator($fid) == 'no' && $attachment['visible'] != 1))
{
	error($lang->error_invalidattachment);
}

if(!$mybb->input['thumbnail']) // Only increment the download count if this is not a thumbnail
{
	$attachupdate = array(
		"downloads" => $attachment['downloads']+1,
	);
	$db->update_query(TABLE_PREFIX."attachments", $attachupdate, "aid='{$attachment['aid']}'");
}
$attachment['filename'] = rawurlencode($attachment['filename']);

$plugins->run_hooks("attachment_end");

if($mybb->input['thumbnail'])
{
	$ext = get_extension($attachment['thumbnail']);
	switch($ext)
	{
		case "gif":
			$type = "image/gif";
			break;
		case "bmp":
			$type = "image/bmp";
			break;
		case "png":
			$type = "image/png";
			break;
		case "jpg":
		case "jpeg":
		case "jpe":
			$type = "image/jpeg";
			break;
		default:
			$type = "image/unknown";
			break;
	}
	header("Content-disposition: filename={$attachment['filename']}");
	header("Content-type: ".$type);
	$thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
	header("Content-length: ".@filesize($thumb));
	echo file_get_contents($thumb);
}
else
{
	$ext = get_extension($attachment['filename']);
	if($ext == "txt" || $ext == "htm" || $ext == "html" || $ext == "pdf")
	{
		header("Content-disposition: attachment; filename={$attachment['filename']}");
	}
	else
	{
		header("Content-disposition: inline; filename={$attachment['filename']}");
	}	
	header("Content-type: {$attachment['filetype']}");
	header("Content-length: {$attachment['filesize']}");
	echo file_get_contents($mybb->settings['uploadspath']."/".$attachment['attachname']);
}
?>

Thank you.
Pages: 1 2 3 4 5 6 7
MyBB Community Forums > Community Archive > Archived Forums > Miscellaneous Archive > Old Announcements > Announcements Discussion > Discuss: MyBB 1.4.3 Released - Security Update