MyBB Community Forums
Discuss: MyBB 1.2.5 Released - Security Update - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Miscellaneous Archive (https://community.mybb.com/forum-140.html)
+----- Forum: Old Announcements (https://community.mybb.com/forum-2.html)
+------ Forum: Announcements Discussion (https://community.mybb.com/forum-31.html)
+------ Thread: Discuss: MyBB 1.2.5 Released - Security Update (/thread-18302.html)

Pages: 1 2 3 4


RE: Discuss: MyBB 1.2.5 Released - Security Update - MrD. - 2007-04-15

Good stuff, I like these updates. Much easier to apply than a whole bugfix release. Then again, I do still have standard code, so how hard can it be?


RE: Discuss: MyBB 1.2.5 Released - Security Update - koziolek - 2007-04-17

I have a question. I have checked member.php from MyBB 1.2.3 (original TAR.GZ) and MyBB 1.2.5 (TAR.GZ).

In file from version 1.2.3 below line 1045 we have:
        $lang->away_note = sprintf($lang->away_note, $memprofile['username']);
        $lang->users_additional_info = sprintf($lang->users_additional_info, $memprofile['username']);
        $lang->users_signature = sprintf($lang->users_signature, $memprofile['username']);
        $lang->send_user_email = sprintf($lang->send_user_email, $memprofile['username']);

        if(!empty($memprofile['awayreason']))
        {
                $awayreason = $memprofile['awayreason'];
        }
        else
        {
                $awayreason = $lang->away_no_reason;
        }
In member.php from 1.2.5 we have only:
        $lang->away_note = sprintf($lang->away_note, $memprofile['username']);
        $lang->users_additional_info = sprintf($lang->users_additional_info, $memprofile['username']);
        $lang->users_signature = sprintf($lang->users_signature, $memprofile['username']);
        $lang->send_user_email = sprintf($lang->send_user_email, $memprofile['username']);
This change is not present in patch file mybb_124_xss_fix.txt (http://community.mybboard.net/showthread.php?tid=18301). Why? Which file is correct?


RE: Discuss: MyBB 1.2.5 Released - Security Update - Ryan Gordon - 2007-04-17

koziolek, The member.php attached has a full patch (It gets rid of duplicate code), but we used a simple and as effective manual patch.


RE: Discuss: MyBB 1.2.5 Released - Security Update - Snake_Doc - 2007-04-18

Thanks for the update, just installed and everything works perfectly Smile.


RE: Discuss: MyBB 1.2.5 Released - Security Update - redhead - 2007-04-20

You guys rock at this stuff!! Smile