miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
News miniBB Support Forums / News /  
 

miniBB version 2.0.3a - fix of the file checking bug

 
Author Paul
Lead Developer 
#1 | Posted: 15 Jan 2007 06:37 
Everybody should upgrade their board, replacing latest version of index.php file.

Thank you to "from_kavkaz" user who reported this error.

Author Serg
Partaker
#2 | Posted: 15 Jan 2007 08:46 
Does it concern v. 2.0.3 only or all previous versions too?

Author Paul
Lead Developer 
#3 | Posted: 15 Jan 2007 09:22 
It probably affects also all previous versions.

It's not a serious vulnerability bug, however, it preferrably should be fixed anywhere.

The line in index.php which says

elseif($user_id==0 and isset($_GET['setlang']) and $setlang=str_replace(array('.','/','\\'),'',$_GET['setlang']) and file_exists($pathToFiles."lang/{$_GET['setlang']}.php")) {$lang=$setlang; $indexphp.='setlang='.$setlang.'&';}

should contain the following:

elseif($user_id==0 and isset($_GET['setlang']) and $setlang=str_replace(array('.','/','\\'),'',$_GET['setlang']) and file_exists($pathToFiles."lang/{$setlang}.php")) {$lang=$setlang; $indexphp.='setlang='.$setlang.'&';}

Author andreasm
Partaker
#4 | Posted: 19 Jan 2007 07:55 
I downloaded newest minibb version from server, but I can't see any difference in file index.php of 2.0..3a compared to 2.0.3


I used program "winmerge" to compare both files.

Author Paul
Lead Developer 
#5 | Posted: 19 Jan 2007 08:27 
Ooops... thanks a lot for noticing, occassionally old version package has been updated. Now should be ok.

Author otto
Partaker
#6 | Posted: 20 Jan 2007 04:41 
I downloaded my package 2.0.3.a I think less than a week ago. To be sure I had the newest files I downloaded again now.
I found changes in

eng.php
main_post_form
user_dataform
bb_func_usernfo
bb_functions
index.php

index.php. The only change is that the copyright in the new says 2004-2006 ! where my 'old says 2004-2007. So I keep my 'old' :-)

eng.php has a newer date (jan-17 instead of Dec-06) and 'profile' instead of 'preference'. So I keep the new.

bb_func_usernfo have a new date Jan-19 where my 'old' says Jan-12. So I keep the new.

bb_functions. The date and version says 2006-Dec-06 and 2.0.3 where my old one says 2007-Jan-15 and2.0.3a. So I keep my 'old' :-)

But because of these little no important things mentioned above I am getting a little bit nerveous about if I shall keep 'old' or new main_post_form and user_dataform.

My one week old' main_post_form have 2 lines more than the new one and my one week old user_dataformt has differences
Shall I use my new or my 'old'main_post_form and user_dataform?

Author Paul
Lead Developer 
#7 | Posted: 20 Jan 2007 07:39 
The only change is that the copyright in the new says 2004-2006 ! where my 'old says 2004-2007. So I keep my 'old' :-)

Ok, you got me :-) Welcome to get the newest package, I've changed the copyright. The saga with index.php file is just because I worked remotely not on my usual working place... so when I was back it seemed I forgot to update my own local version of forums which I develop the main core on. Will try to not do this again :-)

That's also true about eng.php and there is a very little fix in bb_func_usernfo.php (which is actually the fix of the fix I've issued earlier in this thread). These changes actually are not critical at all and they do not affect the overall performance.

bb_functions.php contained only version change and I also forgot to update it locally. So it looks ok now.

New version of main_post_form template contains the removing of "Disable BB codes" checkbox. We don't remember for what this "option" was implemented or maybe just taken from somewhere, but it seemed to us completely unuseful these times.

In user_dataform.html template we have removed the links to the manual (which where on the options "Display email publicly?" and "Sort topics by". It seems so many users are not developing any own manual at all, and the links going to the common miniBB manual look confusing. In general, these options are meaningful by their titles.

So it all looked like waxing of what we've issued early, but it should we useful we mentioned it here. Thank you, otto!

Author otto
Partaker
#8 | Posted: 20 Jan 2007 19:28 
By a closer look at the files I asked about I saw what you had removed was what I had deactivated in my 'old's (had also made my own link to my own manual).
Thank you for the changes and the explanation.

removing of "Disable BB codes
I had done this too, but..

We don't remember for what this "option" was implemented..

You don't need to.
Just read your manual :-)

.. 'if you need to post something using not BB-code, but actual info containing BB-code, it is useful'..

Thanks again :-)

Author Paul
Lead Developer 
#9 | Posted: 22 Jan 2007 03:17 
'if you need to post something using not BB-code, but actual info containing BB-code, it is useful'

Well of course was is the purpose of the checkbox, but nobody from us can't really remember by what purpose it may be used on other boards. Explanation of BB codes? Even if it's posted in the message itself, it won't be made often... usually the things like this should appear in the manual for the board. So it's removed.

Oh well I will need to work on the manual and fix many things! It looks a bit old.

Thanks again.

News miniBB Support Forums / News /
 miniBB version 2.0.3a - fix of the file checking bug
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑