[F] MyBB1.2.4 fix

[vnc]

There is a mistake in MyBB 1.2.4 patch:

$ip = $db->escape_string(preg_replace("#([^.0-9 ]*)#", $ip, ""));

should be

$ip = $db->escape_string(preg_replace("#([^\.0-9 ]*)#", "", $ip));

If possible it should be:

$ip = preg_replace("#([^\.0-9 ]+)#", "", $ip);
$ip = $db->escape_string(preg_replace("#([\.]{2,})#",'.', $ip ));

Thank you for the patch MyBB Group,

[Chris Boulton]

Hi,

The period (.) does not need to be escaped within character classes.

Please see the following for more information: http://www.regular-expressions.info/charclass.html

Note that the only special characters or metacharacters inside a character class are the closing bracket (]), the backslash (\), the caret (^) and the hyphen (-). The usual metacharacters are normal characters inside a character class, and do not need to be escaped by a backslash.

[The Wicked Flea]

Hey Chris, he was mainly pointing out that the last two variables appear swapped. The period wasn't the main point I don't think.

preg_replace ( mixed $pattern, mixed $replacement, mixed $subject [, int $limit [, int &$count]] )

[vnc]

Yes, the switching places is what I focused.

[Chris Boulton]

Thanks for noticing that, I hadn't even noticed it.

The only versions of the files affected were the changed files and manual patching instructions. However due to the escaping forums are completely safe.

I've updated the files accordingly.

Thanks again.

[The Wicked Flea]

Where would that line be, so I can verify the validity of my installation/upgrade?

No problem, I've done that too.

[Ryan Gordon]

It's in functions.php around line 1868

[destroyer]

So how should the patch be looking by now?

[judel]

Yes! Do we all need to redo the patch??

[destroyer]

Chris said that the forums will stay secure. But I want to update it, though.