Forum Upgrade

[KT]

Forum has been upgraded to phpBB 2.0.6 KT

[DiViDeZeRo]

Job well done! Thanks. Any significant changes with this upgrade?

[KT]

Full list of changes since V2.0.2 .. just a Few as you can see ..lol 1.i. Changes since 2.0.5 Fixed sql injection vulnerability in groupcp.php Fixed xss vulnerability in privmsg.php Fixed sql injection vulnerability in search.php Fixed various email issues Fixed registration email bug with Administrator Confirmation used Fixed mass emailer Fixed long post time issue Fixed bug with usernames containing single quotes Fixed word list bug - Word boundaries were not considered Fixed vulnerability in style admin Fixed sql injection vulnerability in viewtopic Fixed vulnerability allowing server side variable access in search - tendor Fixed potential vulnerability in 2.0.5 login username entry - throw away/eomer Fixed sql injection with reset date format field in profile - tendor Fixed several vulnerabilities in modcp - Robert Lavierck Changed whois lookup address within admin index 1.ii. Changes since 2.0.4 Removed user facing session_id checks Fixed user self-activation after deactivation Fixed incorrect functioning of phpbb_realpath Fixed wrong path to database schema files within the upgrade script Fixed double quote problem with username validation Allow & within email addresses Fixed email validation for banned email addresses Removed underline from email domain validation Fixed redirection for sentbox folder, installation and email Fixed poll deletion Fixed Mozilla navigation bar Fixed URL bbcode parsing Fixed database timeouts while searching the forums Fixed wrong email return path in admin mass mailing - netclectic Fixed MS-SQL failures within the update script Fixed memberlist sort order Fixed not showing leading spaces within Code BBCode Fixed problem with adding double quotes to subject titles Remove username input field from profile when user cannot change name Fixed pagination error with highlighting Fixed errors if no smilies are installed Fixed CSS issues with IE 5.2 on MacOS X Fixed missing sid propagation problem within the Moderator Control Panel Fixed language variables within Authentication error output Removed doubled CSS class definitions within input fields Fixed username change within the Administration Panel Added missing <tr> tags to index_body.tpl Added missing username language variable to admin index page Fixed moderator status update if a usergroup got deleted Fixed poll handling upon post edit Fixed remove common words from search table if post get pruned - Nuttzy99 Fixed behaviour on splitting topics if no checkbox is selected Anonymous is no longer displayed within Username dropdown boxes Fixed viewprofile redirection if an invalid mode was specified Fixed fraction settings within determining common words - Novan Prevent admin change usernames to his own within the ACP Activation email is sent to all admins Fixed conversion of & to &amp; in appropriate cases Fixed display of "greater than topics per page" announcements preventing display of normal posts Added variable checks to database backup and restore screen Prevented pm popup window from resetting after visiting avatar gallery Fixed special character handling with word censor Added SID to jumpbox Fixed problems with usernames using html special chars Added GMT + 13 to English lang_main, all translators are encouraged to do likewise Deleted doubled 'U_MEMBERLIST' assignment from page_header.php Fixed wrong display of Signature Checkbox while editing Private Message Fixed disappearing post text if emoticon was inserted directly after pressing a BBCode button Display correct alt-tag for smilies within postings Prevented the ability to apply BBCode to website contents Fixed maxlength issue with password field in login_body.tpl Fixed possible username duplication issue with validation and username length Fixed split words function to handle additional foreign characters Changed empty email To Field to use a non-disclosure delimiter Fixed wrong language var in install.php - FTP Config screen Fixed alt tag for locked topic images in viewforum_body.tpl Fixed typo in groupcp.php - $lang['Unsub_success'] instead of $lang['Usub_success'] Fixed timezone display Fixed wrong display of author quote tag within profile - Cl1mh4224rd Added deletion of sessions of users whose account is deactivated Added mail header X-MimeOLE to the emailer class Prevent registration if user is logged in or user trying to register again Prevent usage of char(255) in usernames Added check for additional FORWARDED_FOR IP's - cosmos Fixed handling of non-selection of option when voting Fixed potential xss issue with memberslist mode Default English support for visual confirmation - translators are encouraged to support this 1.iii. Changes since 2.0.3 Fixed cross-browser scripting issue with highlight param Back-ported highlighting code from phpBB 2.2 Add session id validation to posting, profile, email, voting - Edwin van Vliet Added {S_HIDDEN_FIELDS} template var to profile_send_email.tpl Added "intval" fix for flood check, may resolve some issues Added missing index to post_id for search_wordmatch Fixed spelling error in search add words preventing use of stopword list Fixed issue with search common words not being run Introduce viewtopic resync patch by Ashe Replace a for n in templating code Fixed ordering in memberslist Fixed group_id sequence issues with pgsql and msaccess Fixed assumption of word censors in user notification Fixed incorrect display of quotes in user management fields Fixed entry of special chars in all profile fields - note this may cause temporary issues Fixed incorrect display of quotes when using avatar gallery Fixed missing username in email sent to users when admin activated Added check for non-empty smiley code and url in smiley admin Prevent display of -- sig seperator in emails when no board sig exists Fixed URL propagated sid issues with jumpbox Fixed wrong mode name check (polldelete) in functions_post Added missing root path to l10n image path check Remove validation of fields when deleting a user Fixed sort mode select box in memberslist to default to current mode Deny inline topic review listing to users without auth_read permissions Prevent display of topic notification checkbox if user cannot read forum Remove incorrect pre-pending of IP to uploaded avatars Fixed deletion of uploaded avatars when changing to remote/gallery Added check for non-blank line during install schema/basic sql ops Added sort ordering to Top Ten poster listing by request Fixed incorrect error report when altering case of username Added jumpbox output to modcp {JUMPBOX} will now work Fixed non-updating of users with MOD levels when deleting a forum Remove email to group moderator when approving new members Fixed non-handling of HTML in poll options Fixed non-deletion of polls when deleting forum and its posts Fixed moved shadow topic from being bumped upon reply Changed field size of timezone to decimal(5,2) where applicable Fixed missing sid append to URL when redirecting to newest reply Fixed missing slashes in private IP preg check Fixed session not setting userdata['user_id'] to ANON as appropriate Added check for non-empty name in disallow admin Fixed validation of SSL website addresses in profile Fixed inability of admins to upload avatars via user admin panel Fixed non-deletion of private message text upon full box overwrite Fixed incorrect error message in smiley admin Fixed incorrect alt-text for "Stop Watching Topic" image Temporary fix for missing lang strings in forum admin - translators should update their packages if not done already Use selected localisation during later stages of installation Fixed non-check of permissions when deleting a topic via Moderator Control Panel Fixed non-update of banlist upon user deletion Check approved users boxes by default in usergroup approve form Fixed non-appending of sid to backup meta refresh Fixed non-notification of no support for certain databases in backup/restore Added $images var to message die global declaration Fixed wrong string, Private_message in Private Messaging Add mail send result to error output Fixed non-appending of sid to Mozilla nav bar menu items Fixed incorrect profile linking from MSNM url in private messaging Grammatical errors in English lang_main fixed - Cluster Allow deletion of avatar and simultaneous upload/linking/gallery selection Fixed non-updating of user rank when changing from special to normal rank in rank admin Changed user topic notification default in schemas to 0 (off) Fixed non-XHTML compliant img tags in privmsg.php Fixed non-deletion of announcements and polls when removing forum contents in forum admin Fixed non-pruning of watched topics table when pruning related topics Enable GET redirect on logout Added check for IE6.x to viewtopic ICQ indicator javascript Fixed empty username quoting with MS-SQL Fixed BBCode url, magic url and img tags to allow most chars beyond domain names Prevent parsing of -ve size values in BBCode size tag Back ported HTML handler from 2.2, this may impact some boards which allow complex HTML - existing parser remains but commented out Fixed parsing of word censors to not censor words within < and > tag delimiters Fixed database utilities failing to backup data with MySQL Fixed signature parsing in User Admin Fixed missing class="post" tags in subSilver Admin templates Fixes for paths under Apache2 Added wrap text with tag support for posting in Mozilla 1.1+ Fixed use of missing CSS classes in modcp_split, group_info_body, error_body and agreement Fixed ability of users to edit polls even after they have received votes Fixed header Location to be absolute URL as per HTTP 1.1 spec - noted by PhilippK Added additional session_id checks to MCP, topic subscription, PM and similar items Fixed colour select box in posting_body to reset to Default colour after selection Altered PM icon to show new image until messages have been read Fixed incomplete deletion of PMs when removing the associated user Fixed unread and new PM user counters to decrement appropriately in all situations Fixed possible cross-site scripting issue with username search Fixed some problems with gzip in combination with newer PHP versions and Mozilla Fixed wrong maxlength in modcp_split.tpl subject field Fixed inability to edit username of guest poster - vHiker Fixed ability for guests to post with certain registered usernames Fixed various HTML issues to improve XHTML compliance - Daz Fixed missing template var {L_PM} for memberslist - Daz Fixed wrong key name for $images['Topic_un_watch'] - Daz Fixed missing template var {S_WATCH_TOPIC_IMG} for viewtopic - Daz Fixed missing default constraints for post table under MSSQL Fixed incorrect field size for forum pruning - preventing days > 256 Fixed continuing redirect issues for broken web servers, e.g. IIS+CGI PHP Fixed inability to use ftp as a protocol for the [img] tag Fixed incorrect handling of [img] tags containing %20 encoded spaces Added check for . within cookie_name, change to _ if present Added SHOW_ONLINE constant to limit "users online" code operation to index and viewforum Added "temporary" workaround for Apache2 + PHP module ignoring "private" cache header Added workaround for modcp IP lookup and links to Anonymous user profile Fixed broken bbcode parsing of quotes containing bbcode in the "username" Fixed excess slashes in [quote=""] first pass encoding Fixed rendering issue with quote button under Mozilla - Daz Grammatical errors in remaining core lang files fixed - Cluster Fixed bbcode quote breaking when username contained ] before [ Fixed duplicate group_id error during upgrade of users from phpBB 1.x Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x Rejiggled validation code, may eliminate "Username disallowed" issues Fixed differing initial "public" setting of forum permissions between different files Added check for invalid (non-compliant) email addresses to upgrade script Further redirect workarounds for broken servers, please direct further issues to the vendors Added GMT + 13 to English lang_main, all translators are encouraged to do likewise Added switch to default_lang email template if user lang template no longer exists Fixed javascript error when selecting smiley containing a single quote Update users watched topic if a post they made is split into a new topic Fixed situations where email templates contain incorrect or missing subject lines Fixed error when searching for posts and no forums exist Fixed potential SQL vulnerability with marking of private messages - Ulf Harnhammar 1.iv. Changes since 2.0.2 Fixed potential cross-site scripting vulnerability with avatars - Showscout Fixed potential SQL rewrite issue in page header - missing contrib Fixed potential CSS/HTML rewrite on viewing in login - Marc Rees Fixed (hopefully) issue with MS Access and multiple pages

[DiViDeZeRo]

LOL

[SirQUK]

Just a small update then LOL Well done KT and thanx!

[Blade]

Damm KT this is indeed a small fix list........ sigh I have scroll mouse finger now but thanks anyway for this major update

[Roadworker]

I kwew you could do it.. Great job,KT!

[CDR-Zone.COM]