+--------------------------------------------------------------------------------+
| MyBB 1.2.14 - Security Update Patch File                                       |
| (c) 2008 MyBB Group.                                                           |
|                                                                                |
| This patch file fixes some medium and low risk issues in MyBB 1.2.14           |
|                                                                                |
| Please follow the instructions documented to manually patch your board.        |
+--------------------------------------------------------------------------------+

===============
1. announcements.php
===============

Find:
--
		$lang->forum_announcement = sprintf($lang->forum_announcement, $announcementarray['subject']);
--

Replace with:
--
		$lang->forum_announcement = sprintf($lang->forum_announcement, htmlspecialchars_uni($announcementarray['subject']));
--

===============
2. inc/functions.php
===============

Find:
--
	function join_usergroup($uid, $joingroup)
	{
		global $db;
--

Add After:
--
		$uid = intval($uid);
--

Also Find:
--
	function leave_usergroup($uid, $leavegroup)
	{
		global $db, $mybb;
--

Add After:
--
		$uid = intval($uid);
--

Also Find:
--
		elseif(isset($_ENV['QUERY_STRING']))
		{
			$location = "?".$_ENV['QUERY_STRING'];
		}
	}
--

Add After:
--
	$location = htmlspecialchars_uni($location);
--

Also Find:
--
	$addloc[] = $var.'='.$_POST[$var];
--

Replace with:
--
	$addloc[] = urlencode($var).'='.urlencode($_POST[$var]);
--

================
3. inc/datahandlers/post.php
================

Find:
--
	$query = $db->simple_select(TABLE_PREFIX."posts", "pid", "pid='{$post['replyto']}'");
--

Replace with:
--
	$query = $db->simple_select(TABLE_PREFIX."posts", "pid", "pid='".intval($post['replyto'])."'");
--

===============
4. polls.php
===============

Find:
--
	$votesql .= "('".$poll['pid']."','".$mybb->user['uid']."','$voteoption','$now')";

--

Replace with:
--
	$votesql .= "('".$poll['pid']."','".$mybb->user['uid']."','".$db->escape_string($voteoption)."','$now')";
--

===============
5. attachments.php
===============

Find:
--
	if($ext == "txt" || $ext == "htm" || $ext == "html" || $ext == "pdf")
--

Replace with:
--
	if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false && strpos($attachment['filetype'], "image") === false)
--

===============
6. usercp.php
===============

Find:
--
	$aids = $db->escape_string(implode(",", $mybb->input['attachments']));
--

Replace with:
--
	$aids = implode(',', array_map('intval', $mybb->input['attachments']));
--

ALL DONE