+--------------------------------------------------------------------------------+ | MyBB 1.6.2 - Security Update Patch File | | (c) 2010 MyBB Group. | | | | This patch file fixes security issues with 1.6.2. | | | | Please follow the instructions documented to manually patch your board. | +--------------------------------------------------------------------------------+ =============== 1. inc/functions_search.php =============== In the "privatemessage_perform_search_mysql" function Find: -- // If this word is a search operator set the boolean if($i % 2 && ($word == "and" || $word == "or")) { $boolean = $word; } -- Replace with: -- // If this word is a search operator set the boolean if($i % 2 && ($word == "and" || $word == "or")) { if($i <= 1) { if($search['subject'] && $search['message'] && $subject_lookin == " AND (") { // We're looking for anything, check for a subject lookin continue; } elseif($search['subject'] && !$search['message'] && $subject_lookin == " AND (") { // Just in a subject? continue; } elseif(!$search['subject'] && $search['message'] && $message_lookin == " {$string} (") { // Just in a message? continue; } } $boolean = $word; } -- Find: -- // Add phrase to search query $subject_lookin .= " $boolean LOWER(subject) LIKE '%{$phrase}%'"; if($search['message'] == 1) { $message_lookin .= " $boolean LOWER(message) LIKE '%{$phrase}%'"; } } $inquote = !$inquote; -- Replace with: -- // Add phrase to search query $subject_lookin .= " $boolean LOWER(subject) LIKE '%{$phrase}%'"; if($search['message'] == 1) { $message_lookin .= " $boolean LOWER(message) LIKE '%{$phrase}%'"; } } // Check to see if we have any search terms and not a malformed SQL string $error = false; if($search['subject'] && $search['message'] && $subject_lookin == " AND (") { // We're looking for anything, check for a subject lookin $error = true; } elseif($search['subject'] && !$search['message'] && $subject_lookin == " AND (") { // Just in a subject? $error = true; } elseif(!$search['subject'] && $search['message'] && $message_lookin == " {$string} (") { // Just in a message? $error = true; } if($error == true) { // There are no search keywords to look for $lang->error_minsearchlength = $lang->sprintf($lang->error_minsearchlength, $mybb->settings['minsearchword']); error($lang->error_minsearchlength); } $inquote = !$inquote; -- In the "perform_search_mysql" function Find: -- // If this word is a search operator set the boolean if($i % 2 && ($word == "and" || $word == "or")) { $boolean = $word; } -- Replace with: -- // If this word is a search operator set the boolean if($i % 2 && ($word == "and" || $word == "or")) { if($i <= 1 && $subject_lookin == " AND (") { continue; } $boolean = $word; } -- Find: -- // Add phrase to search query $subject_lookin .= " $boolean LOWER(t.subject) LIKE '%{$phrase}%'"; if($search['postthread'] == 1) { $message_lookin .= " $boolean LOWER(p.message) LIKE '%{$phrase}%'"; } } $inquote = !$inquote; -- Replace with: -- // Add phrase to search query $subject_lookin .= " $boolean LOWER(t.subject) LIKE '%{$phrase}%'"; if($search['postthread'] == 1) { $message_lookin .= " $boolean LOWER(p.message) LIKE '%{$phrase}%'"; } } if($subject_lookin == " AND (") { // There are no search keywords to look for $lang->error_minsearchlength = $lang->sprintf($lang->error_minsearchlength, $mybb->settings['minsearchword']); error($lang->error_minsearchlength); } $inquote = !$inquote; -- =============== 2. forumdisplay.php =============== Find: -- $lang->rss_discovery_forum = $lang->sprintf($lang->rss_discovery_forum, htmlspecialchars_uni(strip_tags($foruminfo['name']))); -- Add above: -- $post_code_string = ''; if($mybb->user['uid']) { $post_code_string = "&my_post_key=".$mybb->post_code; } -- =============== 3. index.php =============== Find: -- eval("\$boardstats = \"".$templates->get("index_boardstats")."\";"); -- Add above: -- $post_code_string = ''; if($mybb->user['uid']) { $post_code_string = "&my_post_key=".$mybb->post_code; } -- =============== 4. misc.php =============== Find: -- if($mybb->input['action'] == "markread") { if($mybb->input['fid']) { $mybb->input['fid'] = intval($mybb->input['fid']); $validforum = get_forum($mybb->input['fid']); -- Replace with: -- if($mybb->input['action'] == "markread") { if($mybb->user['uid'] && verify_post_check($mybb->input['my_post_key'], true) !== true) { // Protect our user's unread forums from CSRF error($lang->invalid_post_code); } if($mybb->input['fid']) { $mybb->input['fid'] = intval($mybb->input['fid']); $validforum = get_forum($mybb->input['fid']); -- =============== 5. showthread.php =============== Find: -- $forum_read = my_get_array_cookie("forumread", $fid); -- Replace with: -- $forum_read = intval(my_get_array_cookie("forumread", $fid)); -- Find: -- $readcookie = $threadread = my_get_array_cookie("threadread", $thread['tid']); -- Replace with: -- $readcookie = $threadread = intval(my_get_array_cookie("threadread", $thread['tid'])); -- Find: -- $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline > '{$lastread}'", $options); -- Replace with: -- $lastread = intval($lastread); $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline > '{$lastread}'", $options); -- =============== 6. jscripts/general.js =============== Find: -- new Ajax.Request('misc.php?action=markread&fid='+fid+'&ajax=1' -- Replace with: -- new Ajax.Request('misc.php?action=markread&fid='+fid+'&ajax=1&my_post_key='+my_post_key -- =============== 7. inc/class_core.php =============== Find: -- public $version = "1.6.2"; -- Replace with: -- public $version = "1.6.3"; -- Find: -- public $version_code = 1602; -- Replace with: -- public $version_code = 1603; -- ALL DONE