Jump to the post that solved this thread.
Solved: 2 Years, 7 Months, 2 Weeks ago Upgrade to 1.8.18
#11
Solved: 2 Years, 7 Months, 2 Weeks ago
(2018-08-25, 05:27 PM)Wires Wrote: The changes made will be merged into 1.8.19 and released as an Upgrade.

I've been away from home for a long time have been just reading but didn't have the computer to do the update, what would you suggest to nooby users like me, wait for 1.8.19 or do the 1.8.18.... And a question i always wanted to ask but always forgot... how bad are these XSS vulnerabilities.? I have just a small board with a few trustworthy users, can someone wreck it from the outside or for those type of attacks they have to post something as a user?
Reply
#12
Solved: 2 Years, 7 Months, 2 Weeks ago
I would suggest keeping up with MyBB's latest version as much as possible. You're also more than likely to have your forum exploited by a plugin more over the core files.
Plugin Count: I lost count.
Public Plugins are available here.
Official GitHub.
Please do not PM me for support unless asked to.
Reply
#13
Solved: 2 Years, 7 Months, 2 Weeks ago
The PR linked is also only needed if your site uses password protected forums, which not many sites tend to use.
Reply
#14
Solved: 2 Years, 7 Months, 2 Weeks ago
Files modified according to https://github.com/mybb/mybb/pull/3413/files attached.


Attached Files
.zip   fix-3409.zip (Size: 71.61 KB / Downloads: 98)
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#15
Solved: 2 Years, 7 Months, 2 Weeks ago
(2018-08-29, 10:09 PM)Devilshakerz Wrote: Files modified according to https://github.com/mybb/mybb/pull/3413/files attached.

Yes!!

Doing it this way makes my life a bit easier!

Drop and overwrite via FTP!

Thanks to @Devilshakerz
I'm Serpius and You're Not    ¯\_(ツ)_/¯
Deaf Golf
Reply
#16
Solved: 2 Years, 7 Months, 2 Weeks ago
I didn't have any errors when I upgraded to 1.8.18...should I still drop the files Devilshakerz provided or just leave well enough alone?
MyBB 1.8.22 (x4)
7173Mustangs.com, pa2a.org, pazrt.com & paguntalk.com
Reply
#17
Solved: 2 Years, 7 Months, 2 Weeks ago
(2018-08-30, 08:09 PM)RocketFoot Wrote: I didn't have any errors when I upgraded to 1.8.18...should I still drop the files Devilshakerz provided or just leave well enough alone?

It doesn't seem necessary in this case - to our understanding the problem only affects boards with password-protected forums.
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#18
Solved: 2 Years, 7 Months, 2 Weeks ago
I have a live board that i have upgraded without replacing these 5 files. On my test board i had a locked forum.
What goes around comes around
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)