phpBB

主要修正有這些 :

• Added extra checks to the deletion code in privmsg.php – reported by party_fan
• Fixed XSS issue in IE using the url BBCode
• Fixed admin activation so that you must have administrator rights to activate accounts in this mode – reported by ieure
• Fixed get_username returning wrong row for usernames beginning with numerics – reported by Ptirhiik
• Pass username through phpbb_clean_username within validate_username function – AnthraX101
• Fixed PHP error in message_die function
• Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php – reported by Double_J
• Also fixed above issue in usercp_viewprofile.php
• Fixed incorrect setting of user_level on pending members if a group is granted moderator rights – reported by halochat
• Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages
• Correctly set username on posts when deleting a user from the admin panel

官方公告 在此.
竹貓星球 也已經發出 這篇公告 囉!

2.0.16 有安全性修正 , 而且在最常被存取的 viewtopic.php :

$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", $highlight_match) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));

改為

$message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . str_replace("", "", addslashes($highlight_match)) . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));

更新範圍列表如下 :

• Fixed critical issue with highlighting – Discovered and fix provided by Ron van Daal
• Url descriptions able to be wrapped over more than one line again
• Fixed bug with eAccelerator in admin_ug_auth.php
• Check new_forum_id for existence in modcp.php – alessnet
• Prevent uploading avatars with no dimensions – Xpert
• Fixed bug in usercp_register.php, forcing avatar file removal without updating avatar informations within the database – HenkPoley
• Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set

官方公告 在此 .
竹貓星球 也發出了 這篇公告 .

先貼 2.0.13 跟 2.0.14 的變動 :

• Hardened author and keyword search a bit to not allow very server intensive searches
• Fixed full path disclosure in bad word parsing
• Resetting complete userdata array in session code if authentication fails
• Fixed bug in moderator control panel where certain parameters could lead to an “error creating new session” sql error
• Fixed bug in session code where empty page ids could lead to an “error creating new session” sql error
• Fixed html handling in signatures if html is turned off globally
• Fixed install.php problem with PHP5 register_long_arrays option turned off
• Fixed potential issues with styling system
• Added correct class to login_body template file
• Removed file db/oracle.php from package
• Removed version number from message body page in /admin (if user is not an admin) – mikelbeck
• Fixed case-sensitivity issues in postgres7.php – R45

2.0.15 修正了安全性問題, includes/bbcode.php 的這段 :

{
   global $lang, $bbcode_tpl;

下面加進這行 :

$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1:", $text);

另外是這段 :

 */
function make_clickable($text)
{

下面加進這行 :

$text = preg_replace("#(script|about|applet|activex|chrome):#is", "\1:", $text);

所以總共有這些變動 :

• Fixed moderator status removal in groupcp.php
• Removed newlines after ?> on some files – Thoul
• Added admin re-authentication (admin needs to login seperatly to access the ACP) – backported from Olympus
• Fixed vulnerability in url/bbcode handling functions – PapaDos and Paul/Zhen-Xjell from CastleCops
• Fixed issue in admin/admin_forums.php
• Suppressed warning message for fsockopen in /includes/smtp.php – Thoul
• Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) – Exy
• Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
• Updated the readme file
• Added one new language variable
• Added general error if accessing profile for a non-existent user
• Changed session id generation to be more unique – Henno Joosep
• Fixed bug in highlight code to escape characters correctly
• Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
• Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
• Fixed bypassing of validate_username on registration – Yen
• Empty url/img bbcodes no longer get parsed

竹貓星球 也有這兩篇公告 :
[2005/04/25] phpBB 2.0.14 安全性修正版(包含更新檔)
[2005/05/08] phpBB 2.0.15 安全性修正版本

主要修正 2.0.12 的兩個錯誤, 引用自 官方公告 :

• includes/sessions.php 修正 :

  if( $sessiondata["autologinid"] == $auto_login_key )

  改為

  if( $sessiondata["autologinid"] === $auto_login_key )

• viewtopic.php 修正 :

  $message = str_replace(""", """, substr(preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "preg_replace("#\b(" . $highlight_match . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));

  改為

  $message = str_replace(""", """, substr(@preg_replace("#(\>(((?>([^>< ]+|(?R)))*)\<))#se", "@preg_replace("#\b(" . $highlight_match . ")\b#i", "<span style="color:#" . $theme["fontcolor3"] . ""><b>\1</b>", "\0")", ">" . $message . "< "), 1, -1));

另外也可以參閱 竹貓星球 的 [公告] phpBB 2.0.13 正式釋出(安全性更新) .

2.0.12 主要修正了 2.0.11 的安全性問題, 包括 SQL injection .
( phpBB 怎麼好像還是沒完全跳脫這個地雷呀?! )

2.0.12 跟 2.0.11 的變動如下 ( 引用自 phpBB 官方公告 ) :

• Added confirm table to admin_db_utilities.php
• Prevented full path display on critical messages
• Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug – AnthraX101
• Added exclude list to unsetting globals (if register_globals is on) – SpoofedExistence
• Fixed arbitrary file disclosure vulnerability in avatar handling functions – AnthraX101
• Fixed arbitrary file unlink vulnerability in avatar handling functions -AnthraX101
• Removed version number from powered by line
• Merged database update files to update_to_latest.php file
• Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101″s discovery)
• Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug – matrix_killer

不過官方丟到 SourceForge 上的檔案好像都是壞的, 竹貓星球 則是貼出了他們自己的 mirror (引用自 [公告] phpBB 2.0.12 正式釋出(安全性更新) ) :

• phpBB 2.0.12 完整下載：適合完整安裝！
• phpBB 2.0.12 升級下載：適合各個版本升級安裝！
• phpBB 2.0.12 修正下載：適合版本升級修正安裝！

另外, 竹貓星球 還釋出 phpBB 2.0.12 的 繁體中文語系檔 .