+--------------------------------------------------------------------------------+ | MyBB 1.2.14 - Security Update Patch File | | (c) 2008 MyBB Group. | | | | This patch file fixes some medium and low risk issues in MyBB 1.2.14 | | | | Please follow the instructions documented to manually patch your board. | +--------------------------------------------------------------------------------+ =============== 1. misc.php =============== Find: -- $editor = htmlspecialchars($mybb->input['editor']); -- Replace with: -- $editor = addslashes(htmlentities($mybb->input['editor'])); -- =============== 2. inc/functions.php =============== Find: -- return md5($mybb->config['hostname'].$mybb->config['username'].$mybb->config['password']); -- Replace with: -- return md5($mybb->config['hostname'].$mybb->config['username'].md5($mybb->config['password'])); -- =============== 4. moderation.php =============== -- Find: -- $info .= "$lang->thread ".$modaction['tsubject']."
"; -- Replace with: -- $info .= "$lang->thread ".htmlspecialchars_uni($modaction['tsubject'])."
"; -- ALSO Find: -- $info .= "$lang->post ".$modaction['psubject'].""; -- Replace with: -- $info .= "$lang->post ".htmlspecialchars_uni($modaction['psubject']).""; -- ALSO Find: -- $custommod->execute(intval($mybb->input['action']), $tids); -- Add before: -- if(!is_moderator_by_tids($tids)) { error_no_permission(); } -- ALSO Find: -- $ret = $custommod->execute(intval($mybb->input['action']), $tid); -- Add before: -- if(!is_moderator_by_tids($tid)) { error_no_permission(); } ALL DONE