phpBB 2.0.9
Date: Monday, July 12 @ 22:43:21 CEST Topic: Off-Topic
phpBB 2.0.9 was released.
What has changed in this release?
This changelog is included with all archives:
* Fixed one vulnerability in admin_board.php - Xore
* Added checking for proper session id characters to sessions and viewtopic to prevent injections - Bartlomiej Korupczynski
* Fixed injection vulnerabilities possible with linked avatars
* Implemented unsetting globalised variables
* Limited confirm switch to POST variable in posting
* Changed IP code in common.php to prevent IP spoofing
* Updated visual confirmation mod [pre-edited files]
* Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by R45
* Added the ability to link to https/ftps sites using the img bbcode tag
* Fixed user online information in admin/index.php
* Fixed getting group moderator in groupcp.php if running oracle backend - spotted by pakman
* Fixed use of non-existing result variable in modcp (poster_id instead of user_id)
* Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - Matthew C. Kavanagh, Janek Vind
* Fixed problem with SID not delivered to next page in groupcp.php
So now bbtonuke needs to be updated.
|
|