Upgraded to phpBB v 2.0.8

[Vextor]

I upgraded this board to phpBB v 2.0.8. The update is supposed to have security patches. I installed this manually, so it took some time. I am pretty sure none of the installed mods were affected. Let me know if you detect any problems.

[Deleted User 1]

I think there's some problems with your installation. Below is better code that will fix some security holes your current code will not cover.




1.



FIND - Line 105
Code:


$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];

for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}

$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = $HTTP_POST_VARS[$forum_auth_fields[$i]];


REPLACE WITH
Code:


$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];

for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}

if (is_array($simple_ary))
{
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);



* admin/admin_forums.php



1.




FIND - Line 60
Code:


$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];


AFTER, ADD
Code:


$mode = htmlspecialchars($mode);



* admin/admin_groups.php



1.




FIND - Line 55
Code:


$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];


AFTER, ADD
Code:


$mode = htmlspecialchars($mode);



* admin/admin_ranks.php



1.




FIND - Line 43
Code:


$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];


AFTER, ADD
Code:


$mode = htmlspecialchars($mode);



* admin/admin_smilies.php



1.




FIND - Line 62
Code:


$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];


AFTER, ADD
Code:


$mode = htmlspecialchars($mode);


2.



FIND - Line 319
Code:


$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];


AFTER, ADD
Code:


$smiley_id = intval($smiley_id);


3.



FIND - Line 340
Code:


$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];


AFTER, ADD
Code:


$smiley_id = intval($smiley_id);



* admin/admin_styles.php



1.




FIND - Line 61
Code:


$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];


AFTER, ADD
Code:


$mode = htmlspecialchars($mode);


2.



FIND - Line 492
Code:


$style_id = $HTTP_GET_VARS['style_id'];


REPLACE WITH
Code:


$style_id = intval($HTTP_GET_VARS['style_id']);


3.



FIND - Line 707
Code:


WHERE template_name = '$template_name'";


REPLACE WITH
Code:


WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";



* admin/admin_ug_auth.php



1.




FIND - Line 60
Code:


$user_id = intval($user_id);
$group_id = intval($group_id);


AFTER, ADD
Code:


$adv = intval($adv);
$mode = htmlspecialchars($mode);



* admin/admin_user_ban.php



1.




FIND - Line 280
Code:


$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];


REPLACE WITH
Code:


$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);


2.



FIND - Line 293
Code:


$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];


REPLACE WITH
Code:


$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);


3.



FIND - Line 306
Code:


$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];


REPLACE WITH
Code:


$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);



* admin/admin_users.php



1.




FIND - Line 52
Code:


$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];


AFTER, ADD
Code:


$mode = htmlspecialchars($mode);


2.



FIND - Line 842
Code:


$category = $HTTP_POST_VARS['avatarcategory'];


REPLACE WITH
Code:


$category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);



* admin/admin_words.php



1.




FIND - Line 44
Code:


$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];


AFTER, ADD
Code:


$mode = htmlspecialchars($mode);


2.



FIND - Line 67
Code:


$word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;


REPLACE WITH
Code:


$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;


3.



FIND - Line 117
Code:


$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;


REPLACE WITH
Code:


$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;


4.



FIND - Line 154
Code:


if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];


AFTER, ADD
Code:


$word_id = intval($word_id);



* admin/pagestart.php



1.




FIND - Line 59
Code:


redirect($url);


REPLACE WITH
Code:


redirect("index.$phpEx?sid=" . $userdata['session_id']);



* includes/bbcode.php



1.




FIND - Line 284
Code:


$text = preg_replace("#\[img\]((ht|f)tp://)([^\r\n\t<"]*?)\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);


REPLACE WITH
Code:


$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&="\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);



* includes/functions_search.php



1.




FIND - Line 201
Code:


$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)';
break;
case 'mssql':


AFTER, ADD
Code:


case 'mssql-odbc':


2.



FIND - Line 226
Code:


VALUES $value_sql";
break;
case 'mssql':


AFTER, ADD
Code:


case 'mssql-odbc':



* includes/usercp_register.php



1.




FIND - Line 180
Code:


$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );


REPLACE WITH
Code:


$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );