+--------------------------------------------------------------------------------+
| MyBB 1.4 - Security Update Patch File                                          |
| (c) 2008 MyBB Group.                                                           |
|                                                                                |
| This patch file fixes some medium and low risk issues in MyBB 1.4              |
|                                                                                |
| Please follow the instructions documented to manually patch your board.        |
+--------------------------------------------------------------------------------+

===============
1. misc.php
===============

Find:
--
		$editor = htmlspecialchars($mybb->input['editor']);
--

Replace with:
--
		$editor = addslashes(htmlentities($mybb->input['editor']));
--

===============
2. usercp2.php
===============

Find:
--
		$url = $mybb->input['referrer'];
--

Replace with:
--
		$url = htmlspecialchars_uni(addslashes($mybb->input['referrer']));
--


===============
3. inc/functions_online.php
===============

--
Find:
--
			$user_activity['location'] = $location;
--

Replace with:
--
			$user_activity['location'] = htmlspecialchars_uni($location);
--


===============
4. moderation.php
===============

--
Find:
--
			$info .= "<strong>$lang->thread</strong> <a href=\"".get_thread_link($modaction['tid'])."\">".$modaction['tsubject']."</a><br />";
--

Replace with:
--
			$info .= "<strong>$lang->thread</strong> <a href=\"".get_thread_link($modaction['tid'])."\">".htmlspecialchars_uni($modaction['tsubject'])."</a><br />";

--
ALSO Find:
--
			$info .= "<strong>$lang->post</strong> <a href=\"".get_post_link($modaction['pid'])."#pid".$modaction['pid']."\">".$modaction['psubject']."</a>";
--

Replace with:
--
			$info .= "<strong>$lang->post</strong> <a href=\"".get_post_link($modaction['pid'])."#pid".$modaction['pid']."\">".htmlspecialchars_uni($modaction['psubject'])."</a>";

--
ALSO Find:
--
			$custommod->execute(intval($mybb->input['action']), $tids);
--

Add before:
--
			if(!is_moderator_by_tids($tids))
			{
				error_no_permission();
			}
--
ALSO Find:
--
			$ret = $custommod->execute(intval($mybb->input['action']), $tid);
--

Add before:
--
			if(!is_moderator_by_tids($tid))
			{
				error_no_permission();
			}

===============
5. inc/class_core.php (Version number change)
===============

Find:
--
/**
 * The friendly version number of MyBB we're running.
 *
 * @var string
 */
var $version = "1.4";

/**
 * The version code of MyBB we're running.
 *
 * @var integer
 */
var $version_code = 1400;
--

Replace with:
--
/**
 * The friendly version number of MyBB we're running.
 *
 * @var string
 */
var $version = "1.4.1";

/**
 * The version code of MyBB we're running.
 *
 * @var integer
 */
var $version_code = 1401;
--

ALL DONE