+--------------------------------------------------------------------------------+
| MyBB 1.4.2 - Security Update Patch File                                          |
| (c) 2008 MyBB Group.                                                           |
|                                                                                |
| This patch file fixes some medium and low risk issues in MyBB 1.4.2              |
|                                                                                |
| Please follow the instructions documented to manually patch your board.        |
+--------------------------------------------------------------------------------+

===============
1. inc/functions.php
===============

Find:
--
	echo "alert('{$message}');\n";
--

Replace with:
--
	echo 'alert("'.addslashes($message).'");';
--

Also Find:
--
	echo "window.location = '{$url}';\n";
--

Replace with:
--
	echo 'window.location = "'.addslashes($url).'";\n';
--

===============
2. editpost.php
===============

Find:
--
		$url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->input['numpolloptions'];
--

Replace with:
--
		$url = "polls.php?action=newpoll&tid=$tid&polloptions=".intval($mybb->input['numpolloptions']);
--

===============
3. attachment.php
===============

Find:
--
			if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false && strpos($attachment['filetype'], "image") === false)
--

Replace with:
--
		if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false)
--
===============
4. inc/functions_upload.php
===============

Find:
--
	$filename = "post_".$mybb->user['uid']."_".TIME_NOW.".attach";
--

Replace with:
--
	$filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(uniqid(rand(), true)).".attach";
--
================
5. modcp.php
================

Find:
--
	$page_url .= "&amp;{$field}=".htmlspecialchars_uni($mybb->input[$field]);
--

ADD AFTER:
--
	$mybb->input[$field] = htmlspecialchars_uni($mybb->input[$field]);
--
================
6. inc/class_parser.php
================

Find:
--
	$custom_mycode[$key]['regex'] = "#".$mycode['regex']."#si";
--

ADD BEFORE:
--
	$mycode['regex'] = str_replace("\x0", "", $mycode['regex']);
--

===============
7. inc/class_core.php (Version number change)
===============

Find:
--
/**
 * The friendly version number of MyBB we're running.
 *
 * @var string
 */
var $version = "1.4.2";

/**
 * The version code of MyBB we're running.
 *
 * @var integer
 */
var $version_code = 1402;
--

Replace with:
--
/**
 * The friendly version number of MyBB we're running.
 *
 * @var string
 */
var $version = "1.4.3";

/**
 * The version code of MyBB we're running.
 *
 * @var integer
 */
var $version_code = 1403;
--

ALL DONE