+--------------------------------------------------------------------------------+ | MyBB 1.4.14 - Security Update Patch File | | (c) 2010 MyBB Group. | | | | This patch file fixes two medium risk security issues with 1.4.14 | | | | Please follow the instructions documented to manually patch your board. | +--------------------------------------------------------------------------------+ =============== 1. editpost.php =============== Find: -- // Setup a unique posthash for attachment management $posthash = $post['posthash']; -- Replace with: -- // Setup a unique posthash for attachment management $posthash = htmlspecialchars_uni($post['posthash']); -- =============== 2. newreply.php =============== Find: -- elseif($mybb->input['action'] == "editdraft") { // Drafts have posthashes, too... $posthash = $post['posthash']; } else { $posthash = $mybb->input['posthash']; } -- Replace with: -- elseif($mybb->input['action'] == "editdraft") { // Drafts have posthashes, too... $posthash = htmlspecialchars_uni($post['posthash']); } else { $posthash = htmlspecialchars_uni($mybb->input['posthash']); } -- =============== 3. member.php =============== Find: -- // Redirect to the page where the user came from, but not if that was the login page. if($mybb->input['url'] && !preg_match("/action=login/i", $mybb->input['url'])) { $redirect_url = htmlentities($mybb->input['url']); } elseif($_SERVER['HTTP_REFERER']) { $redirect_url = htmlentities($_SERVER['HTTP_REFERER']); } -- Replace with: -- // Redirect to the page where the user came from, but not if that was the login page. if($_SERVER['HTTP_REFERER'] && strpos($_SERVER['HTTP_REFERER'], "action=login") === false) { $redirect_url = htmlentities($_SERVER['HTTP_REFERER']); } else { $redirect_url = ''; } -- ALL DONE