+--------------------------------------------------------------------------------+ | MyBB 1.1.1 to 1.1.2 Patch File | | (c) 2006 MyBB Group. | | | | This patch file fixes several security related issues in regards to MyBB 1.1.1 | | | | Please follow the instructions documented to manually patch your board | | to MyBB 1.1.2 | +--------------------------------------------------------------------------------+ ===================== 1. member.php ===================== Find: -- $newemail = array( "email" => $activation['misc'], ); -- Replace with: -- $newemail = array( "email" => addslashes($activation['misc']), ); -- ===================== 2. admin/users.php ===================== Find: (Perform this step TWICE - there are two instances of the code below) -- "allownotices" => $mybb->input['allownotices'], "hideemail" => $mybb->input['hideemail'], "emailnotify" => $mybb->input['emailnotify'], "invisible" => $mybb->input['invisible'], "style" => $mybb->input['style'], "timezone" => addslashes($mybb->input['timezoneoffset']), "receivepms" => $mybb->input['receivepms'], "pmpopup" => $mybb->input['pmpopup'], "pmnotify" => $mybb->input['pmnotify'], -- Replace with: -- "allownotices" => addslashes($mybb->input['allownotices']), "hideemail" => addslashes($mybb->input['hideemail']), "emailnotify" => addslashes($mybb->input['emailnotify']), "invisible" => addslashes($mybb->input['invisible']), "style" => addslashes($mybb->input['style']), "timezone" => addslashes($mybb->input['timezoneoffset']), "receivepms" => addslashes($mybb->input['receivepms']), "pmpopup" =>addslashes( $mybb->input['pmpopup']), "pmnotify" => addslashes($mybb->input['pmnotify']), -- Find: -- "gid" => $mybb->input['gid'], "bantime" => $mybb->input['liftafter'], -- Replace with: -- "gid" => intval($mybb->input['gid']), "bantime" => addslashes($mybb->input['liftafter']), -- Find: -- "gid" => $mybb->input['gid'], "oldgroup" => $user['usergroup'], "dateline" => time(), "bantime" => $mybb->input['liftafter'], -- Replace with: -- "gid" => intval($mybb->input['gid']), "oldgroup" => $user['usergroup'], "dateline" => time(), "bantime" => addslashes($mybb->input['liftafter']), -- Find: -- if(!$searchop['perpage']) { $searchop['perpage'] = "30"; } -- ABOVE it add: -- $searchop['page'] = intval($searchop['page']); $searchop['perpage'] = intval($searchop['perpage']); -- ===================== 3. admin/settings.php ===================== Find: -- $db->query("UPDATE ".TABLE_PREFIX."settings SET value='$val' WHERE sid='$key'"); -- ABOVE it add: -- $key = intval($key); -- Find: (Perform this step TWICE - there are two instances of the code below) -- "optionscode" => $mybb->input['type'], -- Replace with: -- "optionscode" => addslashes($mybb->input['type']), -- Find: -- while(list($sid, $order) = each($mybb->input['disporder'])) { $db->query("UPDATE ".TABLE_PREFIX."settings SET disporder='$order' WHERE sid='$sid'"); } while(list($gid, $order) = each($mybb->input['dispordercats'])) { $db->query("UPDATE ".TABLE_PREFIX."settinggroups SET disporder='$order' WHERE gid='$gid'"); } -- Replace with: -- foreach($mybb->input['disporder'] as $sid => $order) { $db->query("UPDATE ".TABLE_PREFIX."settings SET disporder='".intval($order)."' WHERE sid='".intval($sid)."'"); } foreach($mybb->input['dispordercats'] as $gid => $order) { $db->query("UPDATE ".TABLE_PREFIX."settinggroups SET disporder='".intval($order)."' WHERE gid='".intval($gid)."'"); } -- ===================== 4. admin/adminfunctions.php ===================== Find: -- $db->query("INSERT INTO ".TABLE_PREFIX."adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES ('".$mybbadmin['uid']."','".$now."','".$scriptname."','".$mybb->input['action']."','".$querystring."','".$ipaddress."')"); -- Replace with: -- $db->query("INSERT INTO ".TABLE_PREFIX."adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES ('".$mybbadmin['uid']."','".$now."','".$scriptname."','".addslashes($mybb->input['action'])."','".addslashes($querystring)."','".$ipaddress."')"); -- ===================== 5. admin/templates.php ===================== Find: -- $db->query("DELETE FROM ".TABLE_PREFIX."templates WHERE title=''"); -- UNDER it add: -- $mybb->input['tid'] = intval($mybb->input['tid']); $mybb->input['setid'] = intval($mybb->input['setid']); $mybb->input['expand'] = intval($mybb->input['expand']); $mybb->input['sid2'] = intval($mybb->input['sid2']); $mybb->input['sid'] = intval($mybb->input['sid']); -- Find: -- if($mybb->input['title']) { $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='-2'"); $template = $db->fetch_array($query); } -- Replace with: -- if($mybb->input['title']) { $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes($mybb->input['title'])."' AND sid='-2'"); $template = $db->fetch_array($query); } -- Find: -- $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='".$mybb->input['sid1']."'"); $template1 = $db->fetch_array($query); $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='".$mybb->input['sid2']."'"); $template2 = $db->fetch_array($query); -- Replace with: -- $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes($mybb->input['title'])."' AND sid='".$mybb->input['sid1']."'"); $template1 = $db->fetch_array($query); $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes($mybb->input['title'])."' AND sid='".$mybb->input['sid2']."'"); $template2 = $db->fetch_array($query); -- ===================== 6. admin/forumpermissions.php ===================== Find: -- $sqlarray = array( "canview" => $mybb->input['canview'], "candlattachments" => $mybb->input['candlattachments'], "canpostthreads" => $mybb->input['canpostthreads'], "canpostreplys" => $mybb->input['canpostreplys'], "canpostattachments" => $mybb->input['canpostattachments'], "canratethreads" => $mybb->input['canratethreads'], "caneditposts" => $mybb->input['caneditposts'], "candeleteposts" => $mybb->input['candeleteposts'], "candeletethreads" => $mybb->input['candeletethreads'], "caneditattachments" => $mybb->input['caneditattachments'], "canpostpolls" => $mybb->input['canpostpolls'], "canvotepolls" => $mybb->input['canvotepolls'], "cansearch" => $mybb->input['cansearch'], ); -- Replace with: -- $sqlarray = array( "canview" => addslashes($mybb->input['canview']), "candlattachments" => addslashes($mybb->input['candlattachments']), "canpostthreads" => addslashes($mybb->input['canpostthreads']), "canpostreplys" => addslashes($mybb->input['canpostreplys']), "canpostattachments" => addslashes($mybb->input['canpostattachments']), "canratethreads" => addslashes($mybb->input['canratethreads']), "caneditposts" => addslashes($mybb->input['caneditposts']), "candeleteposts" => addslashes($mybb->input['candeleteposts']), "candeletethreads" => addslashes($mybb->input['candeletethreads']), "caneditattachments" => addslashes($mybb->input['caneditattachments']), "canpostpolls" => addslashes($mybb->input['canpostpolls']), "canvotepolls" => addslashes($mybb->input['canvotepolls']), "cansearch" => addslashes($mybb->input['cansearch']), ); -- ===================== 7. admin/smilies.php ===================== Find: (Perform this step TWICE - there are two instances of the code below) -- "showclickable" => $mybb->input['showclickable'] -- Replace with: -- "showclickable" =>addslashes( $mybb->input['showclickable']) -- Find: -- $db->query("DELETE FROM ".TABLE_PREFIX."smilies WHERE sid='".$mybb->input['sid']."'"); -- Replace with: -- $db->query("DELETE FROM ".TABLE_PREFIX."smilies WHERE sid='".intval($mybb->input['sid'])."'"); -- ===================== 8. admin/usergroups.php ===================== Find: -- // Load language packs for this section global $lang; $lang->load("usergroups"); -- ABOVE it add: -- $mybb->input['gid'] = intval($mybb->input['gid']); -- Find: -- $grouparray = array( "type" => $mybb->input['type'], "title" => addslashes($mybb->input['title']), "description" => addslashes($mybb->input['description']), "namestyle" => addslashes($mybb->input['namestyle']), "usertitle" => addslashes($mybb->input['usertitle']), "stars" => intval($mybb->input['ustars']), "starimage" => addslashes($mybb->input['starimage']), "image" => addslashes($mybb->input['image']), "isbannedgroup" => $mybb->input['isbannedgroup'], "canview" => $mybb->input['canview'], "canviewprofiles" => $mybb->input['canviewprofiles'], "candlattachments" => $mybb->input['candlattachments'], "canpostthreads" => $mybb->input['canpostthreads'], "canpostreplys" => $mybb->input['canpostreplys'], "canpostattachments" => $mybb->input['canpostattachments'], "canratethreads" => $mybb->input['canratethreads'], "caneditposts" => $mybb->input['caneditposts'], "candeleteposts" => $mybb->input['candeleteposts'], "candeletethreads" => $mybb->input['candeletethreads'], "caneditattachments" => $mybb->input['caneditattachments'], "canpostpolls" => $mybb->input['canpostpolls'], "canvotepolls" => $mybb->input['canvotepolls'], "canusepms" => $mybb->input['canusepms'], "cansendpms" => $mybb->input['cansendpms'], "cantrackpms" => $mybb->input['cantrackpms'], "candenypmreceipts" => $mybb->input['candenypmreceipts'], "pmquota" => $mybb->input['pmquota'], "cansendemail" => $mybb->input['cansendemail'], "canviewmemberlist" => $mybb->input['canviewmemberlist'], "canviewcalendar" => $mybb->input['canviewcalendar'], "canaddpublicevents" => $mybb->input['canaddpublicevents'], "canaddprivateevents" => $mybb->input['canaddprivateevents'], "canviewonline" => $mybb->input['canviewonline'], "canviewwolinvis" => $mybb->input['canviewwolinvis'], "canviewonlineips" => $mybb->input['canviewonlineips'], "cancp" => $mybb->input['cancp'], "issupermod" => $mybb->input['issupermod'], "cansearch" => $mybb->input['cansearch'], "canusercp" => $mybb->input['canusercp'], "canuploadavatars" => $mybb->input['canuploadavatars'], "canratemembers" => $mybb->input['canratemembers'], "canchangename" => $mybb->input['canchangename'], "showforumteam" => $mybb->input['showforumteam'], "usereputationsystem" => $mybb->input['usereputationsystem'], "cangivereputations" => $mybb->input['cangivereputations'], "reputationpower" => $mybb->input['reputationpower'], "maxreputationsday" => $mybb->input['maxreputationsday'], "candisplaygroup" => $mybb->input['candisplaygroup'], "attachquota" => $mybb->input['attachquota'], "cancustomtitle" => $mybb->input['cancustomtitle'] ); $db->insert_query(TABLE_PREFIX."usergroups", $grouparray); -- Replace with: -- $grouparray = array( "type" => addslashes($mybb->input['type']), "title" => addslashes($mybb->input['title']), "description" => addslashes($mybb->input['description']), "namestyle" => addslashes($mybb->input['namestyle']), "usertitle" => addslashes($mybb->input['usertitle']), "stars" => intval($mybb->input['ustars']), "starimage" => addslashes($mybb->input['starimage']), "image" => addslashes($mybb->input['image']), "isbannedgroup" => addslashes($mybb->input['isbannedgroup']), "canview" => addslashes($mybb->input['canview']), "canviewprofiles" => addslashes($mybb->input['canviewprofiles']), "candlattachments" => addslashes($mybb->input['candlattachments']), "canpostthreads" => addslashes($mybb->input['canpostthreads']), "canpostreplys" => addslashes($mybb->input['canpostreplys']), "canpostattachments" => addslashes($mybb->input['canpostattachments']), "canratethreads" => addslashes($mybb->input['canratethreads']), "caneditposts" => addslashes($mybb->input['caneditposts']), "candeleteposts" => addslashes($mybb->input['candeleteposts']), "candeletethreads" => addslashes($mybb->input['candeletethreads']), "caneditattachments" => addslashes($mybb->input['caneditattachments']), "canpostpolls" => addslashes($mybb->input['canpostpolls']), "canvotepolls" => addslashes($mybb->input['canvotepolls']), "canusepms" => addslashes($mybb->input['canusepms']), "cansendpms" => addslashes($mybb->input['cansendpms']), "cantrackpms" => addslashes($mybb->input['cantrackpms']), "candenypmreceipts" => addslashes($mybb->input['candenypmreceipts']), "pmquota" => addslashes($mybb->input['pmquota']), "cansendemail" => addslashes($mybb->input['cansendemail']), "canviewmemberlist" => addslashes($mybb->input['canviewmemberlist']), "canviewcalendar" => addslashes($mybb->input['canviewcalendar']), "canaddpublicevents" => addslashes($mybb->input['canaddpublicevents']), "canaddprivateevents" => addslashes($mybb->input['canaddprivateevents']), "canviewonline" => addslashes($mybb->input['canviewonline']), "canviewwolinvis" => addslashes($mybb->input['canviewwolinvis']), "canviewonlineips" => addslashes($mybb->input['canviewonlineips']), "cancp" => addslashes($mybb->input['cancp']), "issupermod" => addslashes($mybb->input['issupermod']), "cansearch" => addslashes($mybb->input['cansearch']), "canusercp" => addslashes($mybb->input['canusercp']), "canuploadavatars" => addslashes($mybb->input['canuploadavatars']), "canratemembers" => addslashes($mybb->input['canratemembers']), "canchangename" => addslashes($mybb->input['canchangename']), "showforumteam" => addslashes($mybb->input['showforumteam']), "usereputationsystem" => addslashes($mybb->input['usereputationsystem']), "cangivereputations" => addslashes($mybb->input['cangivereputations']), "reputationpower" => addslashes($mybb->input['reputationpower']), "maxreputationsday" => addslashes($mybb->input['maxreputationsday']), "candisplaygroup" => addslashes($mybb->input['candisplaygroup']), "attachquota" => addslashes($mybb->input['attachquota']), "cancustomtitle" => addslashes($mybb->input['cancustomtitle']) ); $db->insert_query(TABLE_PREFIX."usergroups", $grouparray); -- Find: -- $grouparray = array( "type" => $mybb->input['type'], "title" => addslashes($mybb->input['title']), "description" => addslashes($mybb->input['description']), "namestyle" => addslashes($mybb->input['namestyle']), "usertitle" => addslashes($mybb->input['usertitle']), "stars" => intval($mybb->input['ustars']), "starimage" => addslashes($mybb->input['starimage']), "image" => addslashes($mybb->input['image']), "isbannedgroup" => $mybb->input['isbannedgroup'], "canview" => $mybb->input['canview'], "canviewprofiles" => $mybb->input['canviewprofiles'], "candlattachments" => $mybb->input['candlattachments'], "canpostthreads" => $mybb->input['canpostthreads'], "canpostreplys" => $mybb->input['canpostreplys'], "canpostattachments" => $mybb->input['canpostattachments'], "canratethreads" => $mybb->input['canratethreads'], "caneditposts" => $mybb->input['caneditposts'], "candeleteposts" => $mybb->input['candeleteposts'], "candeletethreads" => $mybb->input['candeletethreads'], "caneditattachments" => $mybb->input['caneditattachments'], "canpostpolls" => $mybb->input['canpostpolls'], "canvotepolls" => $mybb->input['canvotepolls'], "canusepms" => $mybb->input['canusepms'], "cansendpms" => $mybb->input['cansendpms'], "cantrackpms" => $mybb->input['cantrackpms'], "candenypmreceipts" => $mybb->input['candenypmreceipts'], "pmquota" => $mybb->input['pmquota'], "cansendemail" => $mybb->input['cansendemail'], "canviewmemberlist" => $mybb->input['canviewmemberlist'], "canviewcalendar" => $mybb->input['canviewcalendar'], "canaddpublicevents" => $mybb->input['canaddpublicevents'], "canaddprivateevents" => $mybb->input['canaddprivateevents'], "canviewonline" => $mybb->input['canviewonline'], "canviewwolinvis" => $mybb->input['canviewwolinvis'], "canviewonlineips" => $mybb->input['canviewonlineips'], "cancp" => $mybb->input['cancp'], "issupermod" => $mybb->input['issupermod'], "cansearch" => $mybb->input['cansearch'], "canusercp" => $mybb->input['canusercp'], "canuploadavatars" => $mybb->input['canuploadavatars'], "canratemembers" => $mybb->input['canratemembers'], "canchangename" => $mybb->input['canchangename'], "showforumteam" => $mybb->input['showforumteam'], "usereputationsystem" => $mybb->input['usereputationsystem'], "cangivereputations" => $mybb->input['cangivereputations'], "reputationpower" => $mybb->input['reputationpower'], "maxreputationsday" => $mybb->input['maxreputationsday'], "candisplaygroup" => $mybb->input['candisplaygroup'], "attachquota" => $mybb->input['attachquota'], "cancustomtitle" => $mybb->input['cancustomtitle'] ); $db->update_query(TABLE_PREFIX."usergroups", $grouparray, "gid='".$mybb->input['gid']."'"); -- Replace with: -- $grouparray = array( "type" => addslashes($mybb->input['type']), "title" => addslashes($mybb->input['title']), "description" => addslashes($mybb->input['description']), "namestyle" => addslashes($mybb->input['namestyle']), "usertitle" => addslashes($mybb->input['usertitle']), "stars" => intval($mybb->input['ustars']), "starimage" => addslashes($mybb->input['starimage']), "image" => addslashes($mybb->input['image']), "isbannedgroup" => addslashes($mybb->input['isbannedgroup']), "canview" => addslashes($mybb->input['canview']), "canviewprofiles" => addslashes($mybb->input['canviewprofiles']), "candlattachments" => addslashes($mybb->input['candlattachments']), "canpostthreads" => addslashes($mybb->input['canpostthreads']), "canpostreplys" => addslashes($mybb->input['canpostreplys']), "canpostattachments" => addslashes($mybb->input['canpostattachments']), "canratethreads" => addslashes($mybb->input['canratethreads']), "caneditposts" => addslashes($mybb->input['caneditposts']), "candeleteposts" => addslashes($mybb->input['candeleteposts']), "candeletethreads" => addslashes($mybb->input['candeletethreads']), "caneditattachments" => addslashes($mybb->input['caneditattachments']), "canpostpolls" => addslashes($mybb->input['canpostpolls']), "canvotepolls" => addslashes($mybb->input['canvotepolls']), "canusepms" => addslashes($mybb->input['canusepms']), "cansendpms" => addslashes($mybb->input['cansendpms']), "cantrackpms" => addslashes($mybb->input['cantrackpms']), "candenypmreceipts" => addslashes($mybb->input['candenypmreceipts']), "pmquota" => addslashes($mybb->input['pmquota']), "cansendemail" => addslashes($mybb->input['cansendemail']), "canviewmemberlist" => addslashes($mybb->input['canviewmemberlist']), "canviewcalendar" => addslashes($mybb->input['canviewcalendar']), "canaddpublicevents" => addslashes($mybb->input['canaddpublicevents']), "canaddprivateevents" => addslashes($mybb->input['canaddprivateevents']), "canviewonline" => addslashes($mybb->input['canviewonline']), "canviewwolinvis" => addslashes($mybb->input['canviewwolinvis']), "canviewonlineips" => addslashes($mybb->input['canviewonlineips']), "cancp" => addslashes($mybb->input['cancp']), "issupermod" => addslashes($mybb->input['issupermod']), "cansearch" => addslashes($mybb->input['cansearch']), "canusercp" => addslashes($mybb->input['canusercp']), "canuploadavatars" => addslashes($mybb->input['canuploadavatars']), "canratemembers" => addslashes($mybb->input['canratemembers']), "canchangename" => addslashes($mybb->input['canchangename']), "showforumteam" => addslashes($mybb->input['showforumteam']), "usereputationsystem" => addslashes($mybb->input['usereputationsystem']), "cangivereputations" => addslashes($mybb->input['cangivereputations']), "reputationpower" => addslashes($mybb->input['reputationpower']), "maxreputationsday" => addslashes($mybb->input['maxreputationsday']), "candisplaygroup" => addslashes($mybb->input['candisplaygroup']), "attachquota" => addslashes($mybb->input['attachquota']), "cancustomtitle" => addslashes($mybb->input['cancustomtitle']) ); $db->update_query(TABLE_PREFIX."usergroups", $grouparray, "gid='".$mybb->input['gid']."'"); -- ===================== 9. inc/functions.php ===================== Find: -- $mybboard['internalver'] = "1.1.1"; $mybboard['vercode'] = "111"; -- Replace with: -- $mybboard['internalver'] = "1.1.2"; $mybboard['vercode'] = "112"; --