+--------------------------------------------------------------------------------+ | MyBB 1.1.4 to 1.1.5 Patch File | | (c) 2006 MyBB Group. | | | | This patch file fixes security issues in regards to MyBB 1.1.4 | | | | Please follow the instructions documented to manually patch your board | | to MyBB 1.1.5 | +--------------------------------------------------------------------------------+ ------------------------ 1. inc/class_core.php ------------------------ Find: -- var $clean_variables = array ( "int" => array("tid", "pid", "uid", "eid", "pmid", "sid") ); -- REPLACE with: -- var $clean_variables = array ( "int" => array("tid", "pid", "uid", "eid", "pmid", "sid", "aid") ); -- ------------------------ 2. inc/functions_post.php ------------------------ Find: -- if(strpos($url, "www.") === 0) { $fullurl = "http://".$fullurl; } if(strpos($url, "ftp.") === 0) { $fullurl = "ftp://".$fullurl; } if(strpos($fullurl, "://") === false) { $fullurl = "http://".$fullurl; } -- REPLACE with: -- if(!preg_match("#[a-z0-9]+://#i", $fullurl)) { $fullurl = "http://".$fullurl; } -- ------------------------ 3. inc/functions_upload.php ------------------------ Find: -- function remove_attachment($pid, $posthash, $aid) { global $db, $mybb; -- UNDER it add: -- $aid = intval($aid); $posthash = addslashes($posthash); -- Find: -- function remove_attachments($pid, $posthash="") { global $db, $mybb; -- UNDER it add: -- $posthash = addslashes($posthash); -- ------------------------ 4. inc/class_session.php ------------------------ NOTE: This only seems to affect some boards - some versions seemed to be shipping with the patched code already. If you cannot find the code below, it is safe to say your board is already patched. Find: -- $this->load_user($logon[0], $logon[1]); -- Replace with: -- $this->load_user(intval($logon[0]), $logon[1]); -- ------------------------ 5. editpost.php ------------------------ Find: -- $newpost = array( "subject" => addslashes($mybb->input['subject']), "icon" => $mybb->input['icon'], ); -- REPLACE with: -- $newpost = array( "subject" => addslashes($mybb->input['subject']), "icon" => intval($mybb->input['icon']), ); -- ------------------------ 6. newreply.php ------------------------ Find: -- if($mybb->input['posthash']) { $db->query("UPDATE ".TABLE_PREFIX."attachments SET pid='$pid' WHERE posthash='".$mybb->input['posthash']."'"); } -- REPLACE with: -- if($mybb->input['posthash']) { $db->query("UPDATE ".TABLE_PREFIX."attachments SET pid='$pid' WHERE posthash='".addslashes($mybb->input['posthash'])."'"); } -- ------------------------ 7. usercp.php ------------------------ Find: -- $query = $db->query("SELECT * FROM ".TABLE_PREFIX."usergroups WHERE gid='".intval($mybb->input['joingroup'])."'"); $usergroup = $db->fetch_array($query); if($usergroup['type'] != 4 && $usergroup['type'] != 3) { error($lang->cannot_join_group); } -- REPLACE with: -- $mybb->input['joingroup'] = intval($mybb->input['joingroup']); $query = $db->query("SELECT * FROM ".TABLE_PREFIX."usergroups WHERE gid='".intval($mybb->input['joingroup'])."'"); $usergroup = $db->fetch_array($query); if(($usergroup['type'] != 4 && $usergroup['type'] != 3) || !$usergroup['gid']) { error($lang->cannot_join_group); } -- ------------------------ 8. archive/global.php ------------------------ Find: -- // Lets pretend we're a level higher chdir('./../'); -- UNDER it Add: -- define("KILL_GLOBALS", 1); -- ------------------------ 9. inc/functions.php (Version number change - optional) ------------------------ Find: -- $mybboard['internalver'] = "1.1.4"; $mybboard['vercode'] = "114"; -- REPLACE with: -- $mybboard['internalver'] = "1.1.5"; $mybboard['vercode'] = "115"; -- ALL DONE.