+-----------------------------------------------+
| MyBB 1.2.x Vulnerability Fix                  |
|   Manual Patch Instructions                   |
|                                               |
| Please note:                                  |
|  This is a temporary patch for MyBB 1.2.x     |
|  boads to protect against a new security      |
|  vulnerability before boards upgrade to       |
|  MyBB 1.2.7                                   |
|                                               |
|  This patch should only be applied to boards  |
|  running MyBB 1.2.x                           |
|                                               |
+-----------------------------------------------+

---------------------------
1. search.php
---------------------------

Find:
--
$order = strtolower($mybb->input['order']); 
$sortby = $mybb->input['sortby'];
--

REPLACE with:
--
$order = strtolower(htmlspecialchars($mybb->input['order'])); 
$sortby = htmlspecialchars($mybb->input['sortby']);
--

ALL DONE