/** * MyBB 1.1.7 to 1.1.8 Patch File * (c) 2006 MyBB Group. * * This patch file fixes 3 security issues in regards to MyBB 1.1.7 * * Please follow the instructions documented to manually patch your board * to MyBB 1.1.8. * */ -------------------- 1. inc/functions_upload.php -------------------- Find: -- // Check if this is a valid image or not $img_dimensions = @getimagesize($mybb->settings['avataruploadpath']."/".$filename); -- UNDER it add: -- // Check a list of known MIME types to establish what kind of avatar we're uploading switch(strtolower($avatar['type'])) { case "image/gif": $img_type = 1; break; case "image/jpeg": case "image/x-jpeg": case "image/pjpeg": $img_type = 2; break; case "image/png": case "image/x-png": $img_type = 3; break; default: $img_type = 0; } // Check if the uploaded file type matches the correct image type (returned by getimagesize) if($img_dimensions[2] != $img_type || $img_type == 0) { @unlink($mybb->settings['avataruploadpath']."/".$filename); $ret['error'] = $lang->error_uploadfailed; return $ret; } -- Find: -- // Alls well that ends well? Lets generate a thumbnail (if image) and insert it all in to the database if($ext == "gif" || $ext == "png" || $ext == "jpg" || $ext == "jpeg" || $ext == "jpe") { -- UNDER it add: -- // Check a list of known MIME types to establish what kind of image we're uploading switch(strtolower($file['type'])) { case "image/gif": $img_type = 1; break; case "image/jpeg": case "image/x-jpeg": case "image/pjpeg": $img_type = 2; break; case "image/png": case "image/x-png": $img_type = 3; break; default: $img_type = 0; } // Check if the uploaded file type matches the correct image type (returned by getimagesize) $img_dimensions = @getimagesize($mybb->settings['uploadspath']."/".$filename); if($img_dimensions[2] != $img_type) { @unlink($mybb->settings['uploadspath']."/".$filename); $ret['error'] = $lang->error_uploadfailed; return $ret; } -- -------------------- 2. inc/functions_post.php -------------------- Find: -- $fullurl = $url; // attempt to make a bit of sense out of their url if they dont type it properly if(!preg_match("#[a-z0-9]+://#i", $fullurl)) { $fullurl = "http://".$fullurl; } -- Replace with: -- // attempt to make a bit of sense out of their url if they dont type it properly if(!preg_match("#[a-z0-9]+://#i", $url)) { $url = "http://".$url; } $fullurl = $url; -- -------------------- 3. admin/global.php -------------------- Find: -- echo "