Discuss: MyBB 1.2.4 Released - Important Security Update
#51
If you uploaded the 'class_core.php' file it should be working fine.
Try rebuild the Versions cache. Smile

Edit: I should quote people next time, now I look like a fool.
Someone posted that they were getting that they were getting "You are running version 1.2.3 you are not running the newest..." you get the point. ^_^
#52
rh1n0 Wrote:If you uploaded the 'class_core.php' file it should be working fine.
Try rebuild the Versions cache. Smile

Edit: I should quote people next time, now I look like a fool.
Someone posted that they were getting that they were getting "You are running version 1.2.3 you are not running the newest..." you get the point. ^_^

I was gonna reply too because I was trying to quote his post and it wasn't working Toungue
#53
Updated without problems.. didn't have any .php files in my uploads folder. Smile
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#54
Somebody probably already noted it, but the functions.php file causes the Quick Theme bug to rear it's head again (same fix I assume does it this time, haven't been able to try it yet).
Avatar by Rein.
#55
Nothing was changed which will cause the quick theme to fail.
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#56
rillig Wrote:I wonder about the quality of the provided patch:

* Why should a function (get_ip) that has absolutely nothing to do with database access use the function $db->escape_string?
* Why do you leave space characters in the IP address?
* Why is escape_string necessary at all, after you have filtered out everything except [0-9. ]?

Roland

Looking over the REGEX, it allows for digits and decimal points to remain (everything else is replaced by the empty string) - nothing that merits being escaped as long as it's treated as a string.
#57
Great. Thank you very much.


Hopefully this won't delay 1.4. I can't wait for it =D
#58
I have version 1.2.2.
What if I make only the following change on my forum?
Is that enough?

=====================
2. inc/functions.php
=====================

Find:
--
	return $ip;
}
--

ABOVE it add:
--
	global $db;
	$ip = $db->escape_string(preg_replace("#([^.0-9 ]*)#", $ip, ""));
--

=====================
DONE
=====================
#59
PHP_Paul Wrote:What were the file names that you deleted?

I had a Download Section mod installed. For some reason, deleting the files via the interface provided by the mod or the FTP didn't work so I had to write a small script.

I knew the php file was mine cause I always stick my name at the top in a comment, even if it's something like this.
#60
theman80 Wrote:I have version 1.2.2.
What if I make only the following change on my forum?
Is that enough?

=====================
2. inc/functions.php
=====================

Find:
--
	return $ip;
}
--

ABOVE it add:
--
	global $db;
	$ip = $db->escape_string(preg_replace("#([^.0-9 ]*)#", $ip, ""));
--

=====================
DONE
=====================

I would suggest upgrading to MyBB 1.2.3 first - get the changed file at: http://community.mybboard.net/showthread.php?tid=16273 , if you really don't want to upgrade, you can use the attachment in that thread (http://community.mybboard.net/showthread.php?tid=16273) to fix the security issue found in MyBB 1.2.2 and then apply the MyBB 1.2.4 patch.



Forum Jump:


Users browsing this thread: 1 Guest(s)