+--------------------------------------------------------------------------------+
| MyBB 1.4.8 - Security Update Patch File                                        |
| (c) 2009 MyBB Group.                                                           |
|                                                                                |
| This patch file fixes one high risk issue and two low risk issues in MyBB 1.4.8|
|                                                                                |
| Please follow the instructions documented to manually patch your board.        |
+--------------------------------------------------------------------------------+

===============
1. inc/functions_upload.php
===============

Find:
--
	if(!preg_match("#(gif|jpg|jpeg|jpe|bmp|png)$#i", $ext))
--

Replace with:
--
	if(!preg_match("#^(gif|jpg|jpeg|jpe|bmp|png)$#i", $ext))
--

===============
2. inc/datahandlers/user.php
===============

Find:
--
	$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username);
--

Replace with:
--
	$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
--

===============
3. xmlhttp.php
===============

Find:
--
	$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username);
--

Replace with:
--
	$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
--

===============
4. admin/modules/config/mycode.php
===============

Find BOTH instances:
--
	'regex' => $db->escape_string($mybb->input['regex']),
--

Replace BOTH with:
--
	'regex' => $db->escape_string(str_replace("\x0", "", $mybb->input['regex'])),
--

Also Find:
--
	$array['actual'] = @preg_replace("#".$regex."#si", $replacement, $test);
--

Replace with:
--
	$array['actual'] = @preg_replace("#".str_replace("\x0", "", $regex)."#si", $replacement, $test);
--

===============
5. inc/class_core.php (Version number change)
===============

Find:
--
/**
 * The friendly version number of MyBB we're running.
 *
 * @var string
 */
var $version = "1.4.8";

/**
 * The version code of MyBB we're running.
 *
 * @var integer
 */
var $version_code = 1408;
--

Replace with:
--
/**
 * The friendly version number of MyBB we're running.
 *
 * @var string
 */
var $version = "1.4.9";

/**
 * The version code of MyBB we're running.
 *
 * @var integer
 */
var $version_code = 1409;
--

ALL DONE