+-----------------------------------------------+
| MyBB 1.1.8 Security Update                    |
|   Manual Patch Instructions                   |
|                                               |
| Please note:                                  |
|                                               |
|  This patch should only be applied to boards  |
|  running MyBB 1.1.x.                          |
|                                               |
|  Users running these versions of MyBB are     |
|  urged to the latest version of MyBB as the   |
|  support period for the 1.1 series is soon    |
|  to end.                                      |
|                                               |
+-----------------------------------------------+

---------------------------
1. usercp.php
---------------------------

Find:
--
	$plugins->run_hooks("usercp_do_changename_process");
--

ABOVE it add:
--
	$mybb->input['username'] = addslashes($mybb->input['username']);
--


---------------------------
2. inc/class_language.php
---------------------------

Find:
--
	function languageExists($language)
	{
--

UNDER it add:
--
		$language = str_replace(array("/", "\\", ".."), '', trim($language)); 
--

Find:
--
	function setLanguage($language="english", $area="user")
	{
--

UNDER it add:
--
		$language = str_replace(array("/", "\\", ".."), '', trim($language)); 
--

ALL DONE