phpBB 2.0.16 released !

2.0.16 有安全性修正 , 而且在最常被存取的 viewtopic.php :

$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", $highlight_match) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));

改為

$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", addslashes($highlight_match)) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));

更新範圍列表如下 :

  • Fixed critical issue with highlighting – Discovered and fix provided by Ron van Daal
  • Url descriptions able to be wrapped over more than one line again
  • Fixed bug with eAccelerator in admin_ug_auth.php
  • Check new_forum_id for existence in modcp.php – alessnet
  • Prevent uploading avatars with no dimensions – Xpert
  • Fixed bug in usercp_register.php, forcing avatar file removal without updating avatar informations within the database – HenkPoley
  • Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set

官方公告 在此 .
竹貓星球 也發出了 這篇公告 .