+-----------------------------------------------+
| MyBB 1.2.1/1.2 Vulnerability Fix              |
|   Manual Patch Instructions                   |
|                                               |
| Please note:                                  |
|  This is a temporary patch for MyBB 1.2/1.2.1 |
|  boads to protect against 2 new security      |
|  vulnerabilities before boards upgrade to     |
|  MyBB 1.2.2                                   |
|                                               |
|  This patch should only be applied to boards  |
|  running MyBB 1.2.x                           |
|                                               |
+-----------------------------------------------+

---------------------------
1. usercp.php
---------------------------

Find:
--
$query = $db->simple_select(TABLE_PREFIX."users", "username", "LOWER(username)='".strtolower($mybb->input['username'])."'"); 
--

ABOVE it add:
--
$mybb->input['username'] = $db->escape_string($mybb->input['username']);
--


---------------------------
2. inc/class_language.php
---------------------------

Find:
--
	function language_exists($language)
	{
--

UNDER it add:
--
$language = str_replace(array("/", "\\", ".."), '', trim($language)); 
--

Find:
--
	function set_language($language="english", $area="user")
	{
		global $mybb;
--

UNDER it add:
--
$language = str_replace(array("/", "\\", ".."), '', trim($language)); 
--

ALL DONE