+-----------------------------------------------+ | MyBB 1.8.x Vulnerability Fix | | Manual Patch Instructions | | | | Please note: | | This is a temporary patch for MyBB 1.8.x | | boads to protect against a new security | | vulnerability before boards upgrade to | | MyBB 1.2.8 | | | | This patch should only be applied to boards | | running MyBB 1.1.x | | | +-----------------------------------------------+ --------------------------- 1. misc.php --------------------------- Find: -- if(!$mybb->input['imtype']) { error($lang->error_invalidimtype); } -- REPLACE with: -- if($mybb->input['imtype'] != "aim" && $mybb->input['imtype'] != "icq" && $mybb->input['imtype'] != "msn" && $mybb->input['imtype'] != "yahoo") { error($lang->error_invalidimtype); } -- --------------------------- 2. private.php --------------------------- Find: -- $plugins->run_hooks("private_do_export_start"); -- ABOVE it add: -- if($mybb->input['exporttype'] != "csv" && $mybb->input['exporttype'] != "text" && $mybb->input['exporttype'] != "html") { exit; } --