| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2 <html> 3 <head> 4 <meta http-equiv="Content-Type" content="text/html"> 5 <meta http-equiv="Content-Style-Type" content="text/css"> 6 <title>phpBB 2.0.x :: Changelog</title> 7 <link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" /> 8 <style type="text/css"> 9 <!-- 10 p,ul,td {font-size:10pt;} 11 .h2 {font-size:15pt;font-weight:bold;color:red} 12 .h3 {font-size:12pt;color:blue} 13 //--> 14 </style> 15 </head> 16 <body bgcolor="#E5E5E5" text="#000000" link="#006699" vlink="#006699"> 17 18 <table width="100%" border="0" cellspacing="0" cellpadding="10" align="center"> 19 <tr> 20 <td class="bodyline"><table width="100%" border="0" cellspacing="0" cellpadding="0"> 21 <tr> 22 <td> 23 24 <table width="100%" border="0" cellspacing="0" cellpadding="0"> 25 <tr> 26 <td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td> 27 <td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.x CHANGELOG</span></td> 28 </tr> 29 </table> 30 31 <!-- BEGIN DOCUMENT --> 32 <ol> 33 <li><a href="#changelog">Changelog</a></li> 34 <ol type="i"> 35 <li><a href="#2022">Changes since 2.0.22</a></li> 36 <li><a href="#2021">Changes since 2.0.21</a></li> 37 <li><a href="#2020">Changes since 2.0.20</a></li> 38 <li><a href="#2019">Changes since 2.0.19</a></li> 39 <li><a href="#2018">Changes since 2.0.18</a></li> 40 <li><a href="#2017">Changes since 2.0.17</a></li> 41 <li><a href="#2016">Changes since 2.0.16</a></li> 42 <li><a href="#2015">Changes since 2.0.15</a></li> 43 <li><a href="#2014">Changes since 2.0.14</a></li> 44 <li><a href="#2013">Changes since 2.0.13</a></li> 45 <li><a href="#2012">Changes since 2.0.12</a></li> 46 <li><a href="#2011">Changes since 2.0.11</a></li> 47 <li><a href="#2010">Changes since 2.0.10</a></li> 48 <li><a href="#209">Changes since 2.0.9</a></li> 49 <li><a href="#208">Changes since 2.0.8</a></li> 50 <li><a href="#207">Changes since 2.0.7</a></li> 51 <li><a href="#206">Changes since 2.0.6</a></li> 52 <li><a href="#205">Changes since 2.0.5</a></li> 53 <li><a href="#204">Changes since 2.0.4</a></li> 54 <li><a href="#203">Changes since 2.0.3</a></li> 55 <li><a href="#202">Changes since 2.0.2</a></li> 56 <li><a href="#201">Changes since 2.0.1</a></li> 57 <li><a href="#200">Changes since 2.0.0</a></li> 58 <li><a href="#final">Changes since RC-4</a></li> 59 <li><a href="#rc4">Changes since RC-3</a></li> 60 <li><a href="#rc3">Changes since RC-2</a></li> 61 <li><a href="#rc2">Changes since RC-1</a></li> 62 <li><a href="#rc1">Changes since RC-1 (pre)</a></li> 63 </ol> 64 <li><a href="#disclaimer">Disclaimer</a></li> 65 </ol> 66 67 <a name="changelog"></a><h2 class="h2"><u>1. Changelog</u></h2> 68 69 <p>This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.</p> 70 71 <a name="2022"></a><h3 class="h3">l.i. Changes since 2.0.22</h3> 72 73 <ul> 74 <li>[Fix] Correctly re-assign group moderator on user deletion (Bug #280)</li> 75 <li>[Fix] Deleting a forum with multiple polls included (Bug #6740)</li> 76 <li>[Fix] Fixed postgresql query for obtaining group moderator in groupcp.php (Bug #6550)</li> 77 <li>[Fix] Selected field on first entry by default for font size within posting_body.tpl (Bug #7124)</li> 78 <li>[Fix] Adjusted maxlength parameters in admin/styles_edit_body.tpl (Bug #81)</li> 79 <li>[Fix] Fixed html output in make_forum_select if no forums present (Bug #436)</li> 80 <li>[Fix] Fixed spelling error(s) in lang_admin.php (Bug #7172, #6978)</li> 81 <li>[Fix] Correctly display censored words in admin panel (Bug #12271)</li> 82 <li>[Fix] Do not allow soft hyphen \xAD in usernames (reported by Bander00)</li> 83 <li>[Fix] Fixed the group permission system's use of array access</li> 84 <li>[Fix] Simple group permissions now work properly</li> 85 <li>[Sec] Fix possible XSRF Vulnerability in private messaging and groups handling</li> 86 <li>[Fix] Fix inability to export smilies (Bug #2265)</li> 87 <li>[Fix] Fixing some problems with PHP5 and register_long_arrays off</li> 88 </ul> 89 90 <a name="2021"></a><h3 class="h3">l.ii. Changes since 2.0.21</h3> 91 92 <ul> 93 <li>[Fix] Check for user's existence prior to showing email form</li> 94 <li>[Fix] New members of moderator groups should always become moderators (Bug #382)</li> 95 <li>[Fix] Proper message when replying to non-existant topics (Bug #459)</li> 96 <li>[Fix] Changed column type of search_array to store more ids (Bug #4058)</li> 97 <li>[Fix] Fixed annoyance with font-size selector (Bug #4612)</li> 98 <li>[Fix] Fix optimize line in database updater (Bug #6186)</li> 99 <li>[Sec] Check for the avatar upload directory reinforced</li> 100 <li>[Sec] Changes to the criteria for "bad" redirection targets - kellanved</li> 101 <li>[Sec] Fixed a non-persistent XSS issue in private messaging</li> 102 <li>[Sec] Fixing possible negative start parameter - SpiderZ.</li> 103 <li>[Sec] Added session checks to various forms - kellanved</li> 104 </ul> 105 106 <a name="2020"></a><h3 class="h3">l.iii. Changes since 2.0.20</h3> 107 108 <ul> 109 <li>[Fix] Changes to random number generator code to explicitly truncate the length of the string</li> 110 <li>[Fix] Quoting on boards with HTML enabled</li> 111 <li>[Fix] Special characters on boards with HTML enabled</li> 112 <li>[Fix] Redirect to list if cancelling deletion of ranks, smilies or word censors</li> 113 <li>[Fix] Missing error message if an inactive user tried to login (Bug #1598)</li> 114 <li>[Fix] Do not alter post counts when just removing a poll (Bug #1602)</li> 115 <li>[Fix] Correct error in removal of old session keys</li> 116 <li>[Fix] Changed filtering of short search terms</li> 117 <li>[Sec] Improved filtering on language selection (also addresses a number of bug reports related to missing languages)</li> 118 <li>[Change] Backported more efficient highlighting code from Olympus</li> 119 <li>[Change] Backported zlib emulation code so that there is only a single confirmation image even if zlib is not available</li> 120 </ul> 121 122 123 <a name="2019"></a><h3 class="h3">l.iv. Changes since 2.0.19</h3> 124 125 <ul> 126 <li>[Fix] Prevent login attempts from incrementing for inactive users</li> 127 <li>[Fix] Do not check maximum login attempts on re-authentication to the admin panel - tomknight</li> 128 <li>[Fix] Regenerate session keys on password change</li> 129 <li>[Fix] retrieving category rows in index.php (Bug #90)</li> 130 <li>[Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)</li> 131 <li>[Fix] Better handling of short usernames within the search (bug #105)</li> 132 <li>[Fix] Send a no-cache header on admin pages as well as normal board pages (Bug #149)</li> 133 <li>[Fix] Apply word censors to the message when quoting it (Bug #405)</li> 134 <li>[Fix] Improved performance of query in admin_groups (Bug #753)</li> 135 <li>[Fix] Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)</li> 136 <li>[Fix] Correct use of default_style config value (Bug #861)</li> 137 <li>[Fix] Replace unneeded unset calls in admin_db_utilities.php - vanderaj</li> 138 <li>[Fix] Improved error handling in modcp.php</li> 139 <li>[Fix] Improved handling of forums to which the user does not have any explicit permissions - vanderaj</li> 140 <li>[Fix] Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions</li> 141 <li>[Fix] Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions</li> 142 <li>[Fix] Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions</li> 143 <li>[Fix] Escape group names in admin_groups.php</li> 144 <li>[Sec] Replace strip_tags with htmlspecialchars in private message subject</li> 145 <li>[Sec] Some changes to HTML handling if enabled</li> 146 <li>[Sec] Escape any special characters in reverse dns - Anthrax101</li> 147 <li>[Sec] Typecast poll id values - Anthrax101</li> 148 <li>[Sec] Added configurable search flood control to reduce the effect of DoS style attacks</li> 149 <li>[Sec] Changed the way we create "random" values for use as keys - chinchilla/Anthrax101</li> 150 <li>[Change] Changed handling of the case where a selected style doesn't exist in the database</li> 151 <li>[Change] Changed handling of topic pruning to improve performance</li> 152 <li>[Change] Changed default forum permissions to only allow registered users to post in new forums</li> 153 </ul> 154 155 156 <a name="2018"></a><h3 class="h3">l.v. Changes since 2.0.18</h3> 157 158 <ul> 159 <li>[Fix] corrected index on session keys table under MS SQL</li> 160 <li>[Fix] added session keys table to backup</li> 161 <li>[Fix] delete session keys entries when deleting user</li> 162 <li>[Fix] changes to support MySQL 5.0</li> 163 <li>[Fix] changes to some of the admin files to improve efficiency and remove a potential error condition when building the menu</li> 164 <li>[Fix] change truncation of username length in usercp_register.php - BFUK</li> 165 <li>[Fix] incorrect path to avatars in admin_users.php (Bug #667)</li> 166 <li>[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez</li> 167 <li>[Fix] fixed captcha for those not having the zlib extension enabled</li> 168 <li>[Change] Placed version information above who is online in admin panel for better visual presence</li> 169 <li>[Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode</li> 170 <li>[Sec] fixed XSS issue if html tags are allowed and enabled</li> 171 <li>[Sec] added configurable maximum login attempts to prevent dictionary attacks</li> 172 </ul> 173 174 175 <a name="2017"></a><h3 class="h3">l.vi. Changes since 2.0.17</h3> 176 177 <ul> 178 <li>[Fix] incorrect handling of password resets if admin activation is enabled (Bug #88)</li> 179 <li>[Fix] wrong topic redirection after login redirect (Bug #94)</li> 180 <li>[Fix] improved handling of username lists in admin_ug_auth.php (Bug #98)</li> 181 <li>[Fix] incorrect removal of bbcode_uid values if bbcode has been turned off (Bug #100)</li> 182 <li>[Fix] correctly preview signature if editing other users posts (Bug #101)</li> 183 <li>[Fix] incorrect alt tag on generated search images in groupcp.php, viewtopic.php and usercp_viewprofile.php (Bug #102)</li> 184 <li>[Fix] consistent forum ordering in all dropdown boxes (Bug #106)</li> 185 <li>[Fix] correctly get compression status in page_tail.php and page_footer_admin.php (Bug #117)</li> 186 <li>[Fix] set page title on summary page of groupcp.php (bug #125)</li> 187 <li>[Fix] correctly test style and avatar in usercp_register.php (bug #129 and #317)</li> 188 <li>[Fix] handling of reactivation notifications if admin activation is enabled (Bug #145)</li> 189 <li>[Fix] handling of both forms of translation information used in language packs (Bug #159)</li> 190 <li>[Fix] key length for activation keys fixed in usercp_sendpassword.php (Bug #171)</li> 191 <li>[Fix] use GENERAL_MESSAGE constant in message_die instead of MESSAGE (Bug #176)</li> 192 <li>[Fix] incorrect handling of move stubs (Bug #179)</li> 193 <li>[Fix] wrong mode_type in memberlist (Bug #187)</li> 194 <li>[Fix] SQL errors when setting maximum PMs to 0 (Bug #188)</li> 195 <li>[Fix] removed unused variable from topic_notify email template (Bug #210)</li> 196 <li>[Fix] removed unset variable from smilies popup window title (Bug #224)</li> 197 <li>[Fix] removed duplicate template assignment from admin_board.php (Bug #226)</li> 198 <li>[Fix] incorrect search link for guest posts in modcp.php (Bug #254)</li> 199 <li>[Fix] all users removed from topics watch table on special occassions (Bug #271)</li> 200 <li>[Fix] correctly check returned value from strpos in append_sid function (Bug #275)</li> 201 <li>[Fix] correctly display username in private message notification (Bug #278)</li> 202 <li>[Fix] fixed "var-by-ref" errors (Bug #322)</li> 203 <li>[Fix] changed redirection to installation (Bug #325)</li> 204 <li>[Fix] added timout of 10 seconds to version check (Bug #348)</li> 205 <li>[Fix] fixed user_level default in postgresql schema file (Bug #444)</li> 206 <li>[Fix] multiple minor HTML issues with subSilver</li> 207 <li>[Change] deprecated the use of some PHP 3 compatability functions in favour of the native equivalents</li> 208 <li>[Change] added 60 days limit for grabbing unread topics in index.php</li> 209 210 <li>[Sec] backport of session keys system from olympus</li> 211 <li>[Sec] fixed email bans to use the same pattern as email validation and allow wildcard domain bans</li> 212 <li>[Sec] fixed validation of topic type when posting</li> 213 <li>[Sec] unset database password once it is no longer needed</li> 214 <li>[Sec] fixed potential to select images outside the specified path as avatars or smilies</li> 215 <li>[Sec] fix globals de-registration code for PHP5 - (Stefan Esser/Matt Kavanagh)</li> 216 <li>[Sec] changed avatar gallery code sections to prevent possible injection points (AnthraX101)</li> 217 <li>[Sec] signature field is not properly sanitised for user input when an error occurs while accessing the avatar gallery (AnthraX101)</li> 218 <li>[Sec] check to_username and ownership when editing a PM (AnthraX101)</li> 219 <li>[Sec] fixed ability to edit PM's you did not send (depablo84)</li> 220 <li>[Sec] compare imagetype on avatar uploading to match the file extension from uploaded file</li> 221 </ul> 222 223 <a name="2016"></a><h3 class="h3">l.vii. Changes since 2.0.16</h3> 224 225 <ul> 226 <li>Added extra checks to the deletion code in privmsg.php - reported by party_fan</li> 227 <li>Fixed XSS issue in IE using the url BBCode</li> 228 <li>Fixed admin activation so that you must have administrator rights to activate accounts in this mode - reported by ieure</li> 229 <li>Fixed get_username returning wrong row for usernames beginning with numerics - reported by Ptirhiik</li> 230 <li>Pass username through phpbb_clean_username within validate_username function - AnthraX101</li> 231 <li>Fixed PHP error in message_die function</li> 232 <li>Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php - reported by Double_J</li> 233 <li>Also fixed above issue in usercp_viewprofile.php</li> 234 <li>Fixed incorrect setting of user_level on pending members if a group is granted moderator rights - reported by halochat</li> 235 <li>Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages</li> 236 <li>Correctly set username on posts when deleting a user from the admin panel</li> 237 </ul> 238 239 <a name="2015"></a><h3 class="h3">l.viii. Changes since 2.0.15</h3> 240 241 <ul> 242 <li>Fixed critical issue with highlighting - <b>Discovered and fix provided by Ron van Daal</b></li> 243 <li>Url descriptions able to be wrapped over more than one line again</li> 244 <li>Fixed bug with eAccelerator in admin_ug_auth.php</li> 245 <li>Check new_forum_id for existence in modcp.php - <b>alessnet</b></li> 246 <li>Prevent uploading avatars with no dimensions - <b>Xpert</b></li> 247 <li>Fixed bug in usercp_register.php, forcing avatar file removal without updating avatar informations within the database - <b>HenkPoley</b></li> 248 <li>Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set</li> 249 </ul> 250 251 <a name="2014"></a><h3 class="h3">l.ix. Changes since 2.0.14</h3> 252 253 <ul> 254 <li>Fixed moderator status removal in groupcp.php</li> 255 <li>Removed newlines after ?> on some files - <b>Thoul</b></li> 256 <li>Added admin re-authentication (admin needs to login seperatly to access the ACP) - backported from Olympus</li> 257 <li>Fixed vulnerability in url/bbcode handling functions - <b>PapaDos and Paul/Zhen-Xjell from CastleCops</b></li> 258 <li>Fixed issue in admin/admin_forums.php</li> 259 <li>Suppressed warning message for fsockopen in /includes/smtp.php - <b>Thoul</b></li> 260 <li>Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) - <b>Exy</b></li> 261 <li>Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)</li> 262 <li>Updated the readme file</li> 263 <li>Added one new language variable</li> 264 <li>Added general error if accessing profile for a non-existent user</li> 265 <li>Changed session id generation to be more unique - <b>Henno Joosep</b></li> 266 <li>Fixed bug in highlight code to escape characters correctly</li> 267 <li>Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.</li> 268 <li>Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file</li> 269 <li>Fixed bypassing of validate_username on registration - Yen</li> 270 <li>Empty url/img bbcodes no longer get parsed</li> 271 </ul> 272 273 <a name="2013"></a><h3 class="h3">l.x. Changes since 2.0.13</h3> 274 275 <ul> 276 <li>Hardened author and keyword search a bit to not allow very server intensive searches</li> 277 <li>Fixed full path disclosure in bad word parsing</li> 278 <li>Resetting complete userdata array in session code if authentication fails</li> 279 <li>Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error</li> 280 <li>Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error</li> 281 <li>Fixed html handling in signatures if html is turned off globally</li> 282 <li>Fixed install.php problem with PHP5 register_long_arrays option turned off</li> 283 <li>Fixed potential issues with styling system</li> 284 <li>Added correct class to login_body template file</li> 285 <li>Removed file db/oracle.php from package</li> 286 <li>Removed version number from message body page in /admin (if user is not an admin) - <b>mikelbeck</b></li> 287 <li>Fixed case-sensitivity issues in postgres7.php - <b>R45</b></li> 288 </ul> 289 290 <a name="2012"></a><h3 class="h3">l.xi. Changes since 2.0.12</h3> 291 292 <ul> 293 <li>Ommitted preg_replace warning in viewtopic due to improper working of preg_quote in PHP - originally reported by matrix_killer, fix submitted by another party</li> 294 <li>Fixed high severity issue in session handling allowing everyone gaining administrator rights. Please update as soon as possible.</li> 295 <li>Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.</li> 296 </ul> 297 298 <a name="2011"></a><h3 class="h3">l.xii. Changes since 2.0.11</h3> 299 300 <ul> 301 <li>Added confirm table to admin_db_utilities.php</li> 302 <li>Prevented full path display on critical messages</li> 303 <li>Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug - <b>AnthraX101</b></li> 304 <li>Added exclude list to unsetting globals (if register_globals is on) - <b>SpoofedExistence</b></li> 305 <li>Fixed arbitrary file disclosure vulnerability in avatar handling functions - <b>AnthraX101</b></li> 306 <li>Fixed arbitrary file unlink vulnerability in avatar handling functions - <b>AnthraX101</b></li> 307 <li>Removed version number from powered by line</li> 308 <li>Merged database update files to update_to_latest.php file</li> 309 <li>Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101's discovery)</li> 310 <li>Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - <b>matrix_killer</b></li> 311 </ul> 312 313 <a name="2010"></a><h3 class="h3">l.xiii. Changes since 2.0.10</h3> 314 315 <ul> 316 <li>Fixed vulnerability in highlighting code (<b>very high severity, please update your installation as soon as possible</b>)</li> 317 <li>Fixed unsetting global vars - <b>Matt Kavanagh</b></li> 318 <li>Fixed XSS vulnerability in username handling - <b>AnthraX101</b></li> 319 <li>Fixed not confirmed sql injection in username handling - <b>warmth</b></li> 320 <li>Added check for empty topic id in topic_review function</li> 321 <li>Added visual confirmation mod to code base</li> 322 </ul> 323 324 <a name="209"></a><h3 class="h3">l.xiv. Changes since 2.0.9</h3> 325 326 <ul> 327 <li>Fixed deleting of styles in admin_styles.php</li> 328 <li>Fixed wrong unsetting of variables introduced in phpBB 2.0.9, making the board non-functional for users with specific php.ini settings</li> 329 <li>Added code to let phpBB work with PHP5 for those having register_long_arrays set to off (default settings) - running phpBB 2.0.x with PHP5 is not supported at http://www.phpbb.com.</li> 330 <li>Fixed bug in admin_board.php for board settings having single quotes in it</li> 331 <li>Fixed "search by author" in search.php. Now it is possible to search for users with special chars in their name too</li> 332 <li>Fixed forum jumpbox propagating session id in moderator control pages</li> 333 <li>Added check for newlines at redirecting pages, to prevent http response splitting attacks - <b>Ory Segal and Amit Klein</b></li> 334 <li>Fixed visual confirmation code. The image was not created due to a wrong regular expression.</li> 335 </ul> 336 337 <a name="208"></a><h3 class="h3">l.xv. Changes since 2.0.8</h3> 338 339 <ul> 340 <li>Fixed one vulnerability in admin_board.php - <b>Xore</b></li> 341 <li>Added checking for proper session id characters to sessions and viewtopic to prevent injections - <b>Bartlomiej Korupczynski</b></li> 342 <li>Fixed injection vulnerabilities possible with linked avatars</li> 343 <li>Implemented unsetting globalised variables</li> 344 <li>Limited confirm switch to POST variable in posting</li> 345 <li>Changed IP code in common.php to prevent IP spoofing, which might introduce some problems with private IP Ranges showing up. - <b>Wang Products</b></li> 346 <li>Updated visual confirmation mod [pre-edited files]</li> 347 <li>Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by <b>R45</b></li> 348 <li>Added the ability to link to https/ftps sites using the img bbcode tag</li> 349 <li>Fixed user online information in admin/index.php</li> 350 <li>Fixed getting group moderator in groupcp.php if running oracle backend - spotted by <b>pakman</b></li> 351 <li>Fixed use of non-existing result variable in modcp (poster_id instead of user_id)</li> 352 <li>Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - <b>Matthew C. Kavanagh, Janek Vind</b></li> 353 <li>Fixed problem with SID not delivered to next page in groupcp.php</li> 354 </ul> 355 356 <a name="207"></a><h3 class="h3">l.xvi. Changes since 2.0.7</h3> 357 358 <ul> 359 <li>Fixed several vulnerabilities in admin pages</li> 360 <li>Fixed sid checking code in admin/pagestart.php</li> 361 <li>Fixed injection vulnerabilities possible with the img bbcode tag</li> 362 <li>Limited allowed images in img bbcode tag to jpg, jpeg, gif and png</li> 363 <li>Fixed redirect problems - 2.0.7a</li> 364 <li>Fixed sql injection vulnerability in search - 2.0.7a</li> 365 <li>Fixed sql injection vulnerability in privmsg - 2.0.8a</li> 366 </ul> 367 368 <a name="206"></a><h3 class="h3">1.xvii. Changes since 2.0.6</h3> 369 370 <ul> 371 <li>Fixed several vulnerabilities in modcp - <b>Robert Lavierck</b></li> 372 <li>Changed whois lookup address within admin index</li> 373 <li>Fixed potential vulnerability in viewtopic postorder - 2.0.6d</li> 374 <li>Updates to cope with Zend Optimizer 2.5 problems - 2.0.6d - <b>jetset</b></li> 375 <li>Force specialcharing of redirect variable in login - <b>Pit</b></li> 376 <li>Fixed potential vulnerability in viewtopic postdays - <b>GulfTech Security Research</b></li> 377 <li>Fixed potential vulnerability in viewforum topicdays - <b>GulfTech Security Research</b></li> 378 <li>Fixed potential vulnerability in modcp</li> 379 <li>Fixed potential vulnerability in avatar gallery</li> 380 </ul> 381 382 <a name="205"></a><h3 class="h3">1.xviii. Changes since 2.0.5</h3> 383 384 <ul> 385 <li>Fixed various email issues</li> 386 <li>Fixed registration email bug with Administrator Confirmation used</li> 387 <li>Fixed mass emailer</li> 388 <li>Fixed long post time issue</li> 389 <li>Fixed bug with usernames containing single quotes</li> 390 <li>Fixed word list bug - Word boundaries were not considered</li> 391 <li>Fixed vulnerability in style admin</li> 392 <li>Fixed sql injection vulnerability in viewtopic</li> 393 <li>Fixed vulnerability allowing server side variable access in search - <b>tendor</b></li> 394 <li>Fixed potential vulnerability in 2.0.5 login username entry - <b>throw away/eomer</b></li> 395 <li>Fixed sql injection with reset date format field in profile - <b>tendor</b></li> 396 </ul> 397 398 <a name="204"></a><h3 class="h3">1.xix. Changes since 2.0.4</h3> 399 400 <ul> 401 <li>Removed user facing session_id checks</li> 402 <li>Fixed user self-activation after deactivation</li> 403 <li>Fixed incorrect functioning of phpbb_realpath</li> 404 <li>Fixed wrong path to database schema files within the upgrade script</li> 405 <li>Fixed double quote problem with username validation</li> 406 <li>Allow & within email addresses</li> 407 <li>Fixed email validation for banned email addresses</li> 408 <li>Removed underline from email domain validation</li> 409 <li>Fixed redirection for sentbox folder, installation and email</li> 410 <li>Fixed poll deletion</li> 411 <li>Fixed Mozilla navigation bar</li> 412 <li>Fixed URL bbcode parsing</li> 413 <li>Fixed database timeouts while searching the forums</li> 414 <li>Fixed wrong email return path in admin mass mailing - <b>netclectic</b></li> 415 <li>Fixed MS-SQL failures within the update script</li> 416 <li>Fixed memberlist sort order</li> 417 <li>Fixed not showing leading spaces within Code BBCode</li> 418 <li>Fixed problem with adding double quotes to subject titles</li> 419 <li>Remove username input field from profile when user cannot change name</li> 420 <li>Fixed pagination error with highlighting</li> 421 <li>Fixed errors if no smilies are installed</li> 422 <li>Fixed CSS issues with IE 5.2 on MacOS X</li> 423 <li>Fixed missing sid propagation problem within the Moderator Control Panel</li> 424 <li>Fixed language variables within Authentication error output</li> 425 <li>Removed doubled CSS class definitions within input fields</li> 426 <li>Fixed username change within the Administration Panel</li> 427 <li>Added missing <tr> tags to index_body.tpl</li> 428 <li>Added missing username language variable to admin index page</li> 429 <li>Fixed moderator status update if a usergroup got deleted</li> 430 <li>Fixed poll handling upon post edit</li> 431 <li>Fixed remove common words from search table if post get pruned - <b>Nuttzy99</b></li> 432 <li>Fixed behaviour on splitting topics if no checkbox is selected</li> 433 <li>Anonymous is no longer displayed within Username dropdown boxes</li> 434 <li>Fixed viewprofile redirection if an invalid mode was specified</li> 435 <li>Fixed fraction settings within determining common words - <b>Novan</b></li> 436 <li>Prevent admin change usernames to his own within the ACP</li> 437 <li>Activation email is sent to all admins</li> 438 <li>Fixed conversion of & to &amp; in appropriate cases</li> 439 <li>Fixed display of "greater than topics per page" announcements preventing display of normal posts</li> 440 <li>Added variable checks to database backup and restore screen</li> 441 <li>Prevented pm popup window from resetting after visiting avatar gallery</li> 442 <li>Fixed special character handling with word censor</li> 443 <li>Added SID to jumpbox</li> 444 <li>Fixed problems with usernames using html special chars</li> 445 <li>Added GMT + 13 to English lang_main, all translators are encouraged to do likewise</li> 446 <li>Deleted doubled 'U_MEMBERLIST' assignment from page_header.php</li> 447 <li>Fixed wrong display of Signature Checkbox while editing Private Message</li> 448 <li>Fixed disappearing post text if emoticon was inserted directly after pressing a BBCode button</li> 449 <li>Display correct alt-tag for smilies within postings</li> 450 <li>Prevented the ability to apply BBCode to website contents</li> 451 <li>Fixed maxlength issue with password field in login_body.tpl</li> 452 <li>Fixed possible username duplication issue with validation and username length</li> 453 <li>Fixed split words function to handle additional foreign characters</li> 454 <li>Changed empty email To Field to use a non-disclosure delimiter</li> 455 <li>Fixed wrong language var in install.php - FTP Config screen</li> 456 <li>Fixed alt tag for locked topic images in viewforum_body.tpl</li> 457 <li>Fixed typo in groupcp.php - $lang['Unsub_success'] instead of $lang['Usub_success']</li> 458 <li>Fixed timezone display</li> 459 <li>Fixed wrong display of author quote tag within profile - <b>Cl1mh4224rd</b></li> 460 <li>Added deletion of sessions of users whose account is deactivated</li> 461 <li>Added mail header X-MimeOLE to the emailer class</li> 462 <li>Prevent registration if user is logged in or user trying to register again</li> 463 <li>Prevent usage of char(255) in usernames</li> 464 <li>Added check for additional FORWARDED_FOR IP's - <b>cosmos</b></li> 465 <li>Fixed handling of non-selection of option when voting</li> 466 <li>Fixed potential xss issue with memberslist mode</li> 467 <li>Default English support for visual confirmation - translators are encouraged to support this</li> 468 </ul> 469 470 <a name="203"></a><h3 class="h3">1.xx. Changes since 2.0.3</h3> 471 472 <ul> 473 <li>Fixed cross-browser scripting issue with highlight param</li> 474 <li>Back-ported highlighting code from phpBB 2.2</li> 475 <li>Add session id validation to posting, profile, email, voting - <b>Edwin van Vliet</b></li> 476 <li>Added {S_HIDDEN_FIELDS} template var to profile_send_email.tpl</li> 477 <li>Added "intval" fix for flood check, may resolve some issues</li> 478 <li>Added missing index to post_id for search_wordmatch</li> 479 <li>Fixed spelling error in search add words preventing use of stopword list</li> 480 <li>Fixed issue with search common words not being run</li> 481 <li>Introduce viewtopic resync patch by Ashe</li> 482 <li>Replace a for n in templating code</li> 483 <li>Fixed ordering in memberslist</li> 484 <li>Fixed group_id sequence issues with pgsql and msaccess</li> 485 <li>Fixed assumption of word censors in user notification</li> 486 <li>Fixed incorrect display of quotes in user management fields</li> 487 <li>Fixed entry of special chars in all profile fields - note this may cause temporary issues</li> 488 <li>Fixed incorrect display of quotes when using avatar gallery</li> 489 <li>Fixed missing username in email sent to users when admin activated</li> 490 <li>Added check for non-empty smiley code and url in smiley admin</li> 491 <li>Prevent display of -- sig seperator in emails when no board sig exists</li> 492 <li>Fixed URL propagated sid issues with jumpbox</li> 493 <li>Fixed wrong mode name check (polldelete) in functions_post</li> 494 <li>Added missing root path to l10n image path check</li> 495 <li>Remove validation of fields when deleting a user</li> 496 <li>Fixed sort mode select box in memberslist to default to current mode</li> 497 <li>Deny inline topic review listing to users without auth_read permissions</li> 498 <li>Prevent display of topic notification checkbox if user cannot read forum</li> 499 <li>Remove incorrect pre-pending of IP to uploaded avatars</li> 500 <li>Fixed deletion of uploaded avatars when changing to remote/gallery</li> 501 <li>Added check for non-blank line during install schema/basic sql ops</li> 502 <li>Added sort ordering to Top Ten poster listing by request</li> 503 <li>Fixed incorrect error report when altering case of username</li> 504 <li>Added jumpbox output to modcp {JUMPBOX} will now work</li> 505 <li>Fixed non-updating of users with MOD levels when deleting a forum</li> 506 <li>Remove email to group moderator when approving new members</li> 507 <li>Fixed non-handling of HTML in poll options</li> 508 <li>Fixed non-deletion of polls when deleting forum and its posts</li> 509 <li>Fixed moved shadow topic from being bumped upon reply</li> 510 <li>Changed field size of timezone to decimal(5,2) where applicable</li> 511 <li>Fixed missing sid append to URL when redirecting to newest reply</li> 512 <li>Fixed missing slashes in private IP preg check</li> 513 <li>Fixed session not setting userdata['user_id'] to ANON as appropriate</li> 514 <li>Added check for non-empty name in disallow admin</li> 515 <li>Fixed validation of SSL website addresses in profile</li> 516 <li>Fixed inability of admins to upload avatars via user admin panel</li> 517 <li>Fixed non-deletion of private message text upon full box overwrite</li> 518 <li>Fixed incorrect error message in smiley admin</li> 519 <li>Fixed incorrect alt-text for "Stop Watching Topic" image</li> 520 <li>Temporary fix for missing lang strings in forum admin - translators should update their packages if not done already</li> 521 <li>Use selected localisation during later stages of installation</li> 522 <li>Fixed non-check of permissions when deleting a topic via Moderator Control Panel</li> 523 <li>Fixed non-update of banlist upon user deletion</li> 524 <li>Check approved users boxes by default in usergroup approve form</li> 525 <li>Fixed non-appending of sid to backup meta refresh</li> 526 <li>Fixed non-notification of no support for certain databases in backup/restore</li> 527 <li>Added $images var to message die global declaration</li> 528 <li>Fixed wrong string, Private_message in Private Messaging</li> 529 <li>Add mail send result to error output</li> 530 <li>Fixed non-appending of sid to Mozilla nav bar menu items</li> 531 <li>Fixed incorrect profile linking from MSNM url in private messaging</li> 532 <li>Grammatical errors in English lang_main fixed - <b>Cluster</b></li> 533 <li>Allow deletion of avatar and simultaneous upload/linking/gallery selection</li> 534 <li>Fixed non-updating of user rank when changing from special to normal rank in rank admin</li> 535 <li>Changed user topic notification default in schemas to 0 (off)</li> 536 <li>Fixed non-XHTML compliant img tags in privmsg.php</li> 537 <li>Fixed non-deletion of announcements and polls when removing forum contents in forum admin</li> 538 <li>Fixed non-pruning of watched topics table when pruning related topics</li> 539 <li>Enable GET redirect on logout</li> 540 <li>Added check for IE6.x to viewtopic ICQ indicator javascript</li> 541 <li>Fixed empty username quoting with MS-SQL</li> 542 <li>Fixed BBCode url, magic url and img tags to allow most chars beyond domain names</li> 543 <li>Prevent parsing of -ve size values in BBCode size tag</li> 544 <li>Back ported HTML handler from 2.2, this may impact some boards which allow complex HTML - existing parser remains but commented out</li> 545 <li>Fixed parsing of word censors to not censor words within < and > tag delimiters</li> 546 <li>Fixed database utilities failing to backup data with MySQL</li> 547 <li>Fixed signature parsing in User Admin</li> 548 <li>Fixed missing class="post" tags in subSilver Admin templates</li> 549 <li>Fixes for paths under Apache2</li> 550 <li>Added wrap text with tag support for posting in Mozilla 1.1+</li> 551 <li>Fixed use of missing CSS classes in modcp_split, group_info_body, error_body and agreement</li> 552 <li>Fixed ability of users to edit polls even after they have received votes</li> 553 <li>Fixed header Location to be absolute URL as per HTTP 1.1 spec - noted by <b>PhilippK</b></li> 554 <li>Added additional session_id checks to MCP, topic subscription, PM and similar items</li> 555 <li>Fixed colour select box in posting_body to reset to Default colour after selection</li> 556 <li>Altered PM icon to show new image until messages have been read</li> 557 <li>Fixed incomplete deletion of PMs when removing the associated user</li> 558 <li>Fixed unread and new PM user counters to decrement appropriately in all situations</li> 559 <li>Fixed possible cross-site scripting issue with username search</li> 560 <li>Fixed some problems with gzip in combination with newer PHP versions and Mozilla</li> 561 <li>Fixed wrong maxlength in modcp_split.tpl subject field</li> 562 <li>Fixed inability to edit username of guest poster - <b>vHiker</b></li> 563 <li>Fixed ability for guests to post with certain registered usernames</li> 564 <li>Fixed various HTML issues to improve XHTML compliance - <b>Daz</b></li> 565 <li>Fixed missing template var {L_PM} for memberslist - <b>Daz</b></li> 566 <li>Fixed wrong key name for $images['Topic_un_watch'] - <b>Daz</b></li> 567 <li>Fixed missing template var {S_WATCH_TOPIC_IMG} for viewtopic - <b>Daz</b></li> 568 <li>Fixed missing default constraints for post table under MSSQL</li> 569 <li>Fixed incorrect field size for forum pruning - preventing days > 256</li> 570 <li>Fixed continuing redirect issues for broken web servers, e.g. IIS+CGI PHP</li> 571 <li>Fixed inability to use ftp as a protocol for the [img] tag</li> 572 <li>Fixed incorrect handling of [img] tags containing %20 encoded spaces</li> 573 <li>Added check for . within cookie_name, change to _ if present</li> 574 <li>Added SHOW_ONLINE constant to limit "users online" code operation to index and viewforum</li> 575 <li>Added "temporary" workaround for Apache2 + PHP module ignoring "private" cache header</li> 576 <li>Added workaround for modcp IP lookup and links to Anonymous user profile</li> 577 <li>Fixed broken bbcode parsing of quotes containing bbcode in the "username"</li> 578 <li>Fixed excess slashes in [quote=""] first pass encoding</li> 579 <li>Fixed rendering issue with quote button under Mozilla - <b>Daz</b></li> 580 <li>Grammatical errors in remaining core lang files fixed - <b>Cluster</b></li> 581 <li>Fixed bbcode quote breaking when username contained ] before [</li> 582 <li>Fixed duplicate group_id error during upgrade of users from phpBB 1.x</li> 583 <li>Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x</li> 584 <li>Rejiggled validation code, may eliminate "Username disallowed" issues</li> 585 <li>Fixed differing initial "public" setting of forum permissions between different files</li> 586 <li>Added check for invalid (non-compliant) email addresses to upgrade script</li> 587 <li>Further redirect workarounds for broken servers, please direct further issues to the vendors</li> 588 <li>Added GMT + 13 to English lang_main, all translators are encouraged to do likewise</li> 589 <li>Added switch to default_lang email template if user lang template no longer exists</li> 590 <li>Fixed javascript error when selecting smiley containing a single quote</li> 591 <li>Update users watched topic if a post they made is split into a new topic</li> 592 <li>Fixed situations where email templates contain incorrect or missing subject lines</li> 593 <li>Fixed error when searching for posts and no forums exist</li> 594 <li>Fixed potential SQL vulnerability with marking of private messages - <b>Ulf Harnhammar</b></li> 595 </ul> 596 597 <a name="202"></a><h3 class="h3">1.xxi. Changes since 2.0.2</h3> 598 599 <ul> 600 <li>Fixed potential cross-site scripting vulnerability with avatars - <b>Showscout</b></li> 601 <li>Fixed potential SQL rewrite issue in page header - <b>missing contrib</b></li> 602 <li>Fixed potential CSS/HTML rewrite on viewing in login - <b>Marc Rees</b></li> 603 <li>Fixed (hopefully) issue with MS Access and multiple pages</li> 604 </ul> 605 606 <a name="201"></a><h3 class="h3">1.xxii. Changes since 2.0.1</h3> 607 608 <ul> 609 <li>Fixed missing "username" lang variable in user admin template</li> 610 <li>Session work around for users behind rotating IPs - <b>vHiker</b></li> 611 <li>Fixed potential session user_id re-write - <b>Ashe</b></li> 612 <li>Fixed potential cross-browser scripting issue with BBCode URLs</li> 613 <li>Fixed potential gallery avatar exploit - <b>Ashe</b></li> 614 <li>Fix sorting of smileys on each function call - <b>Ashe/psoTFX</b></li> 615 <li>Clear topic_mod text output in viewtopic - <b>Lars</b></li> 616 <li>Fix regex for avatar remote urls</li> 617 <li>Fix non-updating of user post counts when deleting whole topics</li> 618 <li>Increase time limit when sending topic reply notifications</li> 619 <li>Set default forum when splitting topics</li> 620 <li>Fix non-deletion of uploaded avatars when switching to gallery</li> 621 <li>Removed various closing newlines from included files</li> 622 <li>Add MAX_ROWS to HEAP table alter in install/upgrade - <b>Ashe</b></li> 623 <li>Update username maxlength for subSilver templates</li> 624 <li>Allow <b>(</b> and <b>)</b> in BBCode [url] tags</li> 625 <li>Fix non-quoting of <b>#</b> in username validation regexs</li> 626 <li>Fix overlooked global var in private messaging</li> 627 <li>Possible fix for \r\n email templates issues</li> 628 <li>Fix missing str_replace for category title forum admin SQL</li> 629 <li>Fix trailing <b>,</b> when sending emails via smtp</li> 630 <li>Fix avatar issues in user admin</li> 631 <li>Fix improper checking of email address ban in sessions</li> 632 <li>Fix use of hard coded language strings in forum admin</li> 633 <li>Fix missing closing <b>)</b> in smilies admin</li> 634 <li>Fix missing Username label in user admin</li> 635 <li>Fix upgrade.php bug where conversion would not complete (and updated other scripts to match the changes)</li> 636 <li>Fix problem with redirect and login.php</li> 637 <li>Fix typo that could cause problems with sorting in the memberlist</li> 638 <li>Fix emailer to allow sending emails with language-specific character sets</li> 639 </ul> 640 641 <a name="200"></a><h3 class="h3">1.xxiii. Changes since 2.0.0</h3> 642 643 <ul> 644 <li>Fixed delete image bug for normal users</li> 645 <li>Fixed group control panel image links</li> 646 <li>Fixed missing L_POST variable in group control panel</li> 647 <li>Fixed missing user id when redirecting to email form after login</li> 648 <li>Fixed (a)ppend_sid function name error in group control panel</li> 649 <li>Fixed reset of post type when previewing a post</li> 650 <li>Fixed mass emailer include path error</li> 651 <li>Fixed potential SQL exploit</li> 652 <li>Fixed several minor subSilver issues</li> 653 <li>Fixed [quote] breaking HTML problem</li> 654 <li>Fixed problem with unclosed nested quotes</li> 655 <li>Fixed bad handling of automagic links at end of quotes</li> 656 <li>Fixed potential BBCode and avatar remote exploit</li> 657 <li>Altered email validation check to allow + in username as per RFC</li> 658 <li>Fixed incorrect behaviour with wildcards in disallowed usernames</li> 659 <li>Added missing append_sid for search view results as posts</li> 660 <li>Fixed incorrect clearing of current sessions for logged in users</li> 661 <li>Fixed user_timezone (cannot update user profile) problem</li> 662 <li>Added correct setting of moderator status for users during upgrade</li> 663 <li>Fixed handling of uploaded avatars if gallery avatar currently used</li> 664 <li>Fixed use of existing username for uploaded avatars</li> 665 <li>Fixed updating of topic reply stats when post is deleted</li> 666 <li>Fixed irrelevant error message when activating already active account</li> 667 <li>Fixed gzip compression problems with Netscape and some PHP versions</li> 668 <li>Fixed MS Access layer errors when using latest PHP versions</li> 669 <li>Fixed styles admin editing problems with MSSQL Server</li> 670 <li>Fixed logout issue when cancelling certain actions</li> 671 <li>Fixed missing text in certain admin links</li> 672 <li>Fixed opening of frame within frame when logging into admin</li> 673 <li>Fixed incorrect ordering of search results by time</li> 674 <li>Fixed fulltext searching failure with MS Access</li> 675 <li>Hopefully fixed fulltext search with non-latin single byte charsets</li> 676 <li>Enabled work-around support for some multi-byte charsets - <b>OOHOO</b></li> 677 <li>Re-enabled search indexing of all-numeric character sequences</li> 678 <li>Updated email banning to properly implement wildcards</li> 679 <li>Fixed missing extension in links from groupcp</li> 680 <li>Fixed lack of re-validation when changing email address</li> 681 <li>Added additional IP check when using HTTP_X_FORWARDED_FOR</li> 682 <li>Fixed non-display of delete icon when on second or greater topic page</li> 683 <li>Fixed problems with users/groups assigned multiple permissions</li> 684 <li>Fixed problem with - and + in search words - <b>Matthijs</b></li> 685 <li>Fixed improper handling for deletion of words from search table</li> 686 <li>Fixed support for <b>,</b> in automagic URLs as per RFC</li> 687 <li>Fixed circular reference SQL errors when deleting posts under MS Access</li> 688 <li>Fixed nested [code] problems</li> 689 <li>Added charset encoding headers for emails - <b>romutis</b></li> 690 <li>Fixed "Copy to self" emails to use correct language</li> 691 <li>Fixed pagination error when limiting previous days for viewforum</li> 692 <li>Decreased minimum search word size to 3 chars</li> 693 <li>Fixed deletion of one or more options from all polls when editing just one</li> 694 <li>Fixed checking of group memberships when promoting/demoting group moderators</li> 695 <li>Added database closure to admin frameset page</li> 696 </ul> 697 698 <a name="final"></a><h3 class="h3">1.xxiv. Changes since RC-4</h3> 699 700 <ul> 701 <li>Fixed improper report of general error when posting messages containing errors</li> 702 <li>Fixed post text being doubled up if it contained one or more < without closing ></li> 703 <li>Fixed pruning errors due to search function name change</li> 704 <li>Hopefully fixed various issues which led to incorrect reply and excess page counts</li> 705 <li>Fixed groupcp not displaying all email buttons to group moderator or admin</li> 706 <li>Fixed failure to display error notice when uploading oversized avatars</li> 707 <li>Hopefully corrected problem with viewonline displaying too few/many users online</li> 708 <li>Partially addressed issue with activation URLs >76 chars</li> 709 <li>Fixed additional search facilities failing to work or working incorrectly</li> 710 <li>Fixed search syntax highlighting</li> 711 <li>Addressed various webservers handling of page redirects</li> 712 <li>Fixed word censor not replacing first or last words</li> 713 <li>Fixed avatar height and width check for locally uploaded images</li> 714 <li>Hopefully fixed cache control header</li> 715 <li>Added check for PM box size limit of 0 to prevent div0 error</li> 716 <li>Fixed failure to fully delete PMs in outbox</li> 717 <li>Fixed display problem with polls</li> 718 <li>Fixed problem with guest username not being displayed for topic results in search</li> 719 <li>Fixed problem with quotes in various profile fields</li> 720 <li>Fixed schema problem with user_timezone</li> 721 <li>Fixed page display issue with MS Access</li> 722 <li>Fixed user level issue when altering user from user to admin and vice versa</li> 723 <li>Fixed incorrect parseing of some email templates</li> 724 <li>Reduced size of MS Access primer</li> 725 <li>Fixed various remaining usergroup display issues</li> 726 </ul> 727 728 <a name="rc4"></a><h3 class="h3">1.xxv. Changes since RC-3</h3> 729 730 <ul> 731 <li>Addressed serious security issue with included files</li> 732 <li>Fixed non-use of database table prefix name during upgrade</li> 733 <li>Split functions and profile into separate modules</li> 734 <li>Fixed (hopefully) remaining issues with colourisation of moderator usernames</li> 735 <li>Updated install to include entry of additional, required, information</li> 736 <li>Fixed (hopefully) AOL incompatibilities</li> 737 <li>Fixed non-display of moderators in index/viewforum</li> 738 <li>Fixed group control panel 'no groups exist' problems</li> 739 <li>Fix HTTP_X_FORWARDED_FOR spoofing possibility</li> 740 <li>Fix ignoring of private range IP's in HTTP_X_FORWARDED_FOR</li> 741 <li>Enable multiple wildcard email banning, eg. *name*@somewhere.tld</li> 742 <li>Fix problems with posts being truncated if containing < and > characters</li> 743 <li>Prevent URL, BBCode and most smiley parseing in [code][/code]</li> 744 <li>Fix problems with use of certain reserved chars in word censor list</li> 745 <li>Fix default search useage to be as described (was doing AND by default)</li> 746 <li>Fix various avatar issues with profile, gallery and viewtopic</li> 747 <li>Enable safe mode support for uploading avatars</li> 748 <li>Fix broken modcp IP view issue</li> 749 <li>Fix potential session_id re-write vulnerability</li> 750 <li>Finish localisation of days and months (AM/PM are not and will not be localised in 2.0)</li> 751 <li>Remove link to external subSilver stylesheet from default subSilver templates</li> 752 <li>Handle TRANSACTIONS correctly in MySQL 3.x (by returning correct responses)</li> 753 <li>Fix checkbox resetting problem while previewing posts</li> 754 <li>Fix a login redirect issue</li> 755 <li>Remove some additional unused fields during upgrade</li> 756 <li>Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver</li> 757 </ul> 758 759 <a name="rc3"></a><h3 class="h3">1.xxvi. Changes since RC-2</h3> 760 761 <ul> 762 <li>Fixed infamous install parse error</li> 763 <li>Major update of posting and related search functions (fixing various issues and increasing speed)</li> 764 <li>Fixed display of author and last poster names when both are different guest users</li> 765 <li>Fixed upgrade stall issues (hopefully!) and improved output</li> 766 <li>Fixed highlighting code for viewtopic and search</li> 767 <li>Reduced size of several files and functions</li> 768 <li>Moved localised images to sub-directories</li> 769 <li>Improved user feedback of disallowed usernames</li> 770 <li>Fixed various MSSQL bugs</li> 771 <li>Fixed installation of MSSQL/MSSQL-ODBC</li> 772 <li>Fixed security issue with upgrade.php</li> 773 <li>Finished implemention of various additional features</li> 774 <li>Fixed various user, group and forum permissions problems</li> 775 <li>Fixed issues with BBCode [ and ] (hopefully!)</li> 776 <li>Fixed autologin problems with MS IIS</li> 777 <li>Hopefully fixed problems with URIs in emails on some server configs</li> 778 <li>Fixed 'blank' profile and DB utilities problems on submit</li> 779 <li>Fixed incorrect language being used in email subjects</li> 780 <li>Fixed issues with incorrect private message new/unread counts</li> 781 <li>Fixed various PostgreSQL related errors</li> 782 <li>Automatically forward users to login screen in more situations</li> 783 <li>AEnabled (coloured) online indication of moderators and admins</li> 784 <li>Enabled maximum online user count</li> 785 <li>Altered online user count to ignore duplicate IPs (will now underestimate rather than overestimate)</li> 786 <li>Enabled viewing of users browsing each forum</li> 787 <li>Fixed (hopefully) display of overlayed ICQ icon in Netscape using subSilver</li> 788 <li>Fixed display of guest usernames for last post and author</li> 789 <li>Hidden usergroups are now completely hidden from view</li> 790 </ul> 791 792 <a name="rc2"></a><h3 class="h3">1.xxvii. Changes since RC-1</h3> 793 794 <ul> 795 <li>Fixed numerous PostgreSQL related issues</li> 796 <li>Significant updates and additions to the upgrade script</li> 797 <li>Various (missed) hard coded language strings fixed</li> 798 <li>Fixed viewforum error when no forum id specified</li> 799 <li>Fixed old constant name useage in search system</li> 800 <li>Fixed display of moved posts when viewing unanswered posts</li> 801 <li>Fixed failure of search for user and keyword when displaying as posts</li> 802 <li>Fixed PM popup notification</li> 803 <li>Fixed view more emoticon session page problem</li> 804 <li>Fixed view profile email links</li> 805 <li>Fixed display of websites in profile</li> 806 <li>Fixed backup database failure</li> 807 <li>Fixed MS Access schema error when posting topics</li> 808 <li>Fixed problem with hypenated/dotted DB names in MySQL 3.23.6+</li> 809 <li>Various other fixes and updates</li> 810 </ul> 811 812 <a name="rc1"></a><h3 class="h3">1.xxviii. Changes since RC-1 (pre)</h3> 813 814 <ul> 815 <li>Upgrade script completed for initial fully functional release</li> 816 <li>Sessions code updated</li> 817 <li>Mark read code updated and hopefully fixed</li> 818 <li>Significant changes to properly deal with \' for non-MySQL boards</li> 819 <li>mssql, msaccess and mssql-odbc DB classes re-written</li> 820 <li>Avatar issues addressed and fixed</li> 821 <li>Search (INSERT) bug using MySQL fixed</li> 822 <li>Search highlighting issues addressed</li> 823 <li>Search own/other users posts fixed</li> 824 <li>BBCode fixes for magic URIs and other issues</li> 825 <li>Template updates for subSilver</li> 826 <li>User and group permissions problems fixed</li> 827 <li>Forum management problems (deletion of forum causing category not to display) fixed</li> 828 <li>Pagination problem with groupcp fixed</li> 829 <li>Backslash issues with posting and profile fixed</li> 830 <li>Backslash issues with emails fixed</li> 831 <li>preg_quote problems fixed</li> 832 <li>User management updated with full avatar control and missing fields</li> 833 <li>Private messaging box limits fixed</li> 834 <li>Private messaging ?folder= strangeness fixed</li> 835 <li>Forum pruning code updated to cope with search system</li> 836 <li>Emoticon system in posting updated</li> 837 <li>BBCode FAQ link added to posting form</li> 838 <li>Language file updates to address concerns of translators</li> 839 <li>Various other bug fixes and updates</li> 840 </ul> 841 842 <p>Note that a full list of fixed bugs can be found at the bug tracker (see section on bug reporting <a href="README.html#bugs">here</a>)</p> 843 844 <a name="disclaimer"></a><h2 class="h2"><u>2. Copyright and disclaimer</u></h2> 845 846 <p>This application is opensource software released under the <a href="http://www.gnu.org/licenses/gpl.html" target="_new">GPL</a>. Please see source code and the Docs directory for more details. This package and its contents are Copyright © 2002 <a href="http://www.phpbb.com/" target="_new">phpBB Group</a>, All Rights Reserved.</p> 847 848 <!-- END DOCUMENT --> 849 </td> 850 </tr> 851 </table></td> 852 </tr> 853 </table> 854 855 </body> 856 </html>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Jan 14 19:21:40 2013 | Cross-referenced by PHPXref 0.7.1 |