phpBB 2.0.9
Date: Monday, July 12 @ 22:43:21 CEST
Topic: Off-Topic


phpBB 2.0.9 was released.
What has changed in this release?

This changelog is included with all archives:


* Fixed one vulnerability in admin_board.php - Xore
* Added checking for proper session id characters to sessions and viewtopic to prevent injections - Bartlomiej Korupczynski
* Fixed injection vulnerabilities possible with linked avatars
* Implemented unsetting globalised variables
* Limited confirm switch to POST variable in posting
* Changed IP code in common.php to prevent IP spoofing
* Updated visual confirmation mod [pre-edited files]
* Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by R45
* Added the ability to link to https/ftps sites using the img bbcode tag
* Fixed user online information in admin/index.php
* Fixed getting group moderator in groupcp.php if running oracle backend - spotted by pakman
* Fixed use of non-existing result variable in modcp (poster_id instead of user_id)
* Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - Matthew C. Kavanagh, Janek Vind
* Fixed problem with SID not delivered to next page in groupcp.php

So now bbtonuke needs to be updated.







This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=2468