+-----------------------------------------------+ | MyBB 1.2.x Vulnerability Fix | | Manual Patch Instructions | | | | Please note: | | This is a temporary patch for MyBB 1.2.x | | boads to protect against 2 new security | | vulnerabilities before boards upgrade to | | MyBB 1.2.3 | | | | This patch should only be applied to boards | | running MyBB 1.2.x | | | +-----------------------------------------------+ --------------------------- 1. private.php --------------------------- Find: -- $post['subject'] = $mybb->input['subject']; -- REPLACE with: -- $post['subject'] = htmlspecialchars_uni($mybb->input['subject']); -- --------------------------- 2. inc/functions_upload.php --------------------------- Find: -- $query = $db->simple_select(TABLE_PREFIX."attachtypes", "*", "extension='$ext'"); -- REPLACE with: -- $query = $db->simple_select(TABLE_PREFIX."attachtypes", "*", "extension='".$db->escape_string($ext)."'"); -- ALL DONE