Discuss: MyBB 1.2.5 Released - Security Update
#32
I have a question. I have checked member.php from MyBB 1.2.3 (original TAR.GZ) and MyBB 1.2.5 (TAR.GZ).

In file from version 1.2.3 below line 1045 we have:
        $lang->away_note = sprintf($lang->away_note, $memprofile['username']);
        $lang->users_additional_info = sprintf($lang->users_additional_info, $memprofile['username']);
        $lang->users_signature = sprintf($lang->users_signature, $memprofile['username']);
        $lang->send_user_email = sprintf($lang->send_user_email, $memprofile['username']);

        if(!empty($memprofile['awayreason']))
        {
                $awayreason = $memprofile['awayreason'];
        }
        else
        {
                $awayreason = $lang->away_no_reason;
        }
In member.php from 1.2.5 we have only:
        $lang->away_note = sprintf($lang->away_note, $memprofile['username']);
        $lang->users_additional_info = sprintf($lang->users_additional_info, $memprofile['username']);
        $lang->users_signature = sprintf($lang->users_signature, $memprofile['username']);
        $lang->send_user_email = sprintf($lang->send_user_email, $memprofile['username']);
This change is not present in patch file mybb_124_xss_fix.txt (http://community.mybboard.net/showthread.php?tid=18301). Why? Which file is correct?
www.kozik.net.pl
- So... Maybe you shouldn't have hacked it.
- And why don't you try not breathing. Hurts, dunnit. (userfriendly.org)


Messages In This Thread
RE: Discuss: MyBB 1.2.5 Released - Security Update - by koziolek - 2007-04-17, 09:04 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)