Discuss: MyBB 1.2.5 Released - Security Update
#31
Good stuff, I like these updates. Much easier to apply than a whole bugfix release. Then again, I do still have standard code, so how hard can it be?
[Image: sig.php]
The little boat gently drifted across the pond exactly the way a bowling ball wouldn't.
#32
I have a question. I have checked member.php from MyBB 1.2.3 (original TAR.GZ) and MyBB 1.2.5 (TAR.GZ).

In file from version 1.2.3 below line 1045 we have:
        $lang->away_note = sprintf($lang->away_note, $memprofile['username']);
        $lang->users_additional_info = sprintf($lang->users_additional_info, $memprofile['username']);
        $lang->users_signature = sprintf($lang->users_signature, $memprofile['username']);
        $lang->send_user_email = sprintf($lang->send_user_email, $memprofile['username']);

        if(!empty($memprofile['awayreason']))
        {
                $awayreason = $memprofile['awayreason'];
        }
        else
        {
                $awayreason = $lang->away_no_reason;
        }
In member.php from 1.2.5 we have only:
        $lang->away_note = sprintf($lang->away_note, $memprofile['username']);
        $lang->users_additional_info = sprintf($lang->users_additional_info, $memprofile['username']);
        $lang->users_signature = sprintf($lang->users_signature, $memprofile['username']);
        $lang->send_user_email = sprintf($lang->send_user_email, $memprofile['username']);
This change is not present in patch file mybb_124_xss_fix.txt (http://community.mybboard.net/showthread.php?tid=18301). Why? Which file is correct?
www.kozik.net.pl
- So... Maybe you shouldn't have hacked it.
- And why don't you try not breathing. Hurts, dunnit. (userfriendly.org)
#33
koziolek, The member.php attached has a full patch (It gets rid of duplicate code), but we used a simple and as effective manual patch.
#34
Thanks for the update, just installed and everything works perfectly Smile.
#35
You guys rock at this stuff!! Smile


Forum Jump:


Users browsing this thread: 1 Guest(s)