Knowledge Base Navigation

Articles: 51 Categories: 8

KB Article: How to Update phpBB 2.0.12 to 2.0.13

Article:How to Update phpBB 2.0.12 to 2.0.13     Popular
Submitted By:Telli
Date Added:02-27-2005 11:48:15
Hits:9,045



Mod like instructions for updating phpBBtonuke 2.0.12 to 2.0.13

phpBB Group announces the release of phpBB 2.0.13, the "Beware of the furries" edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time.
Fortunately both fixes are easy and in each case just one line needs to be edited.

The first issue is critical (session handling allowing everyone gaining administrator rights) and we urge you to fix it on your forums as soon as possible:

Open includes/sessions.php

Find:


if( $sessiondata['autologinid'] == $auto_login_key )


Replace with:


if( $sessiondata['autologinid'] === $auto_login_key )




A second minor issue reported to bugtraq several days ago was the path disclosure bug in viewtopic.php which got fixed by applying the following steps:

Open modules/Forums/viewtopic.php

Find:


$message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));


Replace with:


$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));


After you have completed the code changes downlload the below file and execute the upgrade script from your root.
[ Register or login to view links on this board. ]

Current rating: 9.08 by 218 users
Please take one second and rate this article...

Not a Chance 12345678910 Absolutely

Please register or sign-in to post comments.


Jump to a selected article...