Loading...
HOME
 |
Bugs Found In Phpbb 2.0.13 - PhpBB 2.0.14 released to fix them | ||
Discussion by bureX with 8 Replies.
Last Update: April 21, 2005, 5:44 pm | |||
 |
|||
 |
 |
|
 |
 |
| Reply / Comment | New Discussion / Topic | Share / Bookmark | E-Mail a Friend |
 |
|
|
Recently, a few exploits were made for phpBB 2.0.13 (like this one):
http://lists.virus.org/bugtraq-0503/msg00109.html
And some bugs were noticed as well (like this one):
http://www.addict3d.org/index.php?page=vie...ecurity&ID=3563
And so, the phpBB team has released a new version of phpBB - 2.0.14. Here is the e-mail that I have received from their mailing list:
phpBB Group announces the release of phpBB 2.0.14, the "We know we are (not) furry" edition. This release addresses some bugfixes as well as fixing some minor non-critical security issues. All issues not reported to us before being released are not credited to the founder, as usual.
As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page (http://www.phpbb.com/downloads.php). As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release.
Patch Files contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Hardened author and keyword search a bit to not allow very server intensive searches
- Fixed full path disclosure in bad word parsing
- Resetting complete userdata array in session code if authentication fails
- Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error
- Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error
- Fixed html handling in signatures if html is turned off globally
- Fixed install.php problem with PHP5 register_long_arrays option turned off
- Fixed potential issues with styling system
- Added correct class to login_body template file
- Removed file db/oracle.php from package.
- Removed version number from message body page in /admin (if user is not an admin) - mikelbeck
- Fixed case-sensitivity issues in postgres7.php - R45
As always, our Code Changes Tutorial will be soon available too for those with heavily modded boards.
I have installed it, and it is working properly.
http://lists.virus.org/bugtraq-0503/msg00109.html
And some bugs were noticed as well (like this one):
http://www.addict3d.org/index.php?page=vie...ecurity&ID=3563
And so, the phpBB team has released a new version of phpBB - 2.0.14. Here is the e-mail that I have received from their mailing list:
QUOTE (phpBB list)
Hi everyone,phpBB Group announces the release of phpBB 2.0.14, the "We know we are (not) furry" edition. This release addresses some bugfixes as well as fixing some minor non-critical security issues. All issues not reported to us before being released are not credited to the founder, as usual.
As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page (http://www.phpbb.com/downloads.php). As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release.
Patch Files contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Hardened author and keyword search a bit to not allow very server intensive searches
- Fixed full path disclosure in bad word parsing
- Resetting complete userdata array in session code if authentication fails
- Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error
- Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error
- Fixed html handling in signatures if html is turned off globally
- Fixed install.php problem with PHP5 register_long_arrays option turned off
- Fixed potential issues with styling system
- Added correct class to login_body template file
- Removed file db/oracle.php from package.
- Removed version number from message body page in /admin (if user is not an admin) - mikelbeck
- Fixed case-sensitivity issues in postgres7.php - R45
As always, our Code Changes Tutorial will be soon available too for those with heavily modded boards.
I have installed it, and it is working properly.
So how can i update my forum?? coz it's pre-installed in trap17 disk space.. anyone?? can help..??
It's very simple!
1) Download the changed files from the phpBB website...
( http://www.phpbb.com/downloads.php )
2) You will find a bunch of folders in the ZIP file that you have downloaded.
The folder names will be like "X.X.XX_to_2.0.14", where X.X.XX is your current phpBB forum version (2.0.13 for example)...
3) Extract that folder and simply copy it's contents into your Trap17 forum folder (usually it is located in: "/publicHTML/forum"), confirm the replacing of the files when you are prompted to do so!
4) You will find 4 more folders in the ZIP file that you have downloaded ("install", "contrib", "docs" and "cache")... Copy them also in your forum folder, and replace any files if asked.
5) Open your browser (don't close your FTP client yet, you will need it) and open your forum URL with "/install/update_to_latest.php" added on the end, kind of like this:
"your_host_name.trap17.com/forum/install/update_to_latest.php"
6) When phpBB notifies you that you have successfully completed the update process, delete the "install" and "contrib" directories from your forum folder! (If you don't, phpBB will notify you that this is necessary log when you log on to your forum).
1) Download the changed files from the phpBB website...
( http://www.phpbb.com/downloads.php )
2) You will find a bunch of folders in the ZIP file that you have downloaded.
The folder names will be like "X.X.XX_to_2.0.14", where X.X.XX is your current phpBB forum version (2.0.13 for example)...
3) Extract that folder and simply copy it's contents into your Trap17 forum folder (usually it is located in: "/publicHTML/forum"), confirm the replacing of the files when you are prompted to do so!
4) You will find 4 more folders in the ZIP file that you have downloaded ("install", "contrib", "docs" and "cache")... Copy them also in your forum folder, and replace any files if asked.
5) Open your browser (don't close your FTP client yet, you will need it) and open your forum URL with "/install/update_to_latest.php" added on the end, kind of like this:
"your_host_name.trap17.com/forum/install/update_to_latest.php"
6) When phpBB notifies you that you have successfully completed the update process, delete the "install" and "contrib" directories from your forum folder! (If you don't, phpBB will notify you that this is necessary log when you log on to your forum).
It's weird... when I installed the new version, it redirects me every time to the install.php even when I deleted the install and contrib folder... 
What's that all about some ftp-ing the config.php?
What's that all about some ftp-ing the config.php?
Hmmm... That's very strange!
You should try doing the update again! phpBB has NEVER redirected me back to the install.php file. But, how can it redirect you to the install.php file when you deleted the "install" folder (or, is it redirecting you, but you receive a 404 - file not found error)?
You should try doing the update again! phpBB has NEVER redirected me back to the install.php file. But, how can it redirect you to the install.php file when you deleted the "install" folder (or, is it redirecting you, but you receive a 404 - file not found error)?
That's strange. I recently updated my site from 2.0.13 to 2.0.14 without any probs.
I think the best advice is to just re-do it like bureX said.
I think the best advice is to just re-do it like bureX said.
Yeah, I heard about those 5 days after 2.0.13 came out, I am always to lazy to notify phpBB group. If anyone feels like alerting them for faster exploit fixes Google search "phpBB current version here exploit" after every release, every exploit since 2.0.11 I have found with Google several weeks before the fix...
Same here, too lazy to message them about it, they should have waited and tested it some more before releasing so many new versions this soon.
Bad advertisement for users, I'll rather wait now till phpBB 2.0.250 comes out
Bad advertisement for users, I'll rather wait now till phpBB 2.0.250 comes out
I am working on a forum software, I want to make it as bug free as I can, I think that have clean, precise, and effective code is very attactive, possibly even more so than having great features is.
Don't you think so? And really think about it, secure, fast, and easy to understand versus great features, easy to hack, and hard to understand...
Don't you think so? And really think about it, secure, fast, and easy to understand versus great features, easy to hack, and hard to understand...
|
|
|
|
|
|
| Reply / Comment | New Discussion / Topic | Share / Bookmark | E-Mail a Friend |
Similar Topics:
Phpbb Mods That You Should Get For ...
List Of Free Games
My Experiences In Action Games
 Ebay Scam That Could Have Happened if i fell for it and had ebay (1)
|
(6) Another Firefox Security Update Firefox v1.0.3 
|
Healthy Body = Functional Body. Hollywood Look Side Effect: Healthy Function
