+-----------------------------------------------+
| MyBB 1.1.8 Vulnerability Fix                  |
|   Manual Patch Instructions                   |
|                                               |
| Please note:                                  |
|  This is a temporary patch for MyBB 1.1.8     |
|  boads to protect against 2 new security      |
|  vulnerabilities before boards upgrade to     |
|  MyBB 1.2.3                                   |
|                                               |
|  This patch should only be applied to boards  |
|  running MyBB 1.1.8                           |
|                                               |
+-----------------------------------------------+

---------------------------
1. private.php
---------------------------

Find:
--
$post['subject'] = $mybb->input['subject'];
--

REPLACE with:
--
$post['subject'] = htmlspecialchars_uni($mybb->input['subject']);
--


---------------------------
2. inc/functions_upload.php
---------------------------

Find:
--
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."attachtypes WHERE extension='$ext'");
--

REPLACE with:
--
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."attachtypes WHERE extension='".addslashes($ext)."'");
--

ALL DONE