As it was recently reported by girex
, earlier miniBB releases contain a security fix only available if register_globals = On
in your php.ini. As you may notice, within the past years all miniBB security problems may appear only if you have such configuration of PHP. Again, please re-check your server settings regarding this configuration and change it to register_globals = Off
, or ask your provider to do that. Nowadays all major scripts support working without globals, it is a question not only of miniBB security, but also your own.
To fix your version of miniBB, just add 'xtr'
value to the top array $unset
. For example:
$unset=array('logged_admin', 'isMod', 'user_id', 'langu', 'includeHeader', 'includeFooter', ... 'csrfchk', 'emailCharset', 'adminUser', 'cook', 'forumClone', 'xtr');
Other improvements of the updated version 2.2 contain experimental search form and function, when by default searching will process only in topic titles, which is basically the right solution, because topic's title always should contain all major keywords which will be useful also for search engines. This should force forums administration to take massive care about topic titles. On another hand, searching by topic titles completes much more faster else when searching in messages (because in database there is a search in 255 chars against 64 K).
Other improvements can't be called critical, since they are only providing some additional possibilities for possible extensions.Download
new miniBB now and follow Updating history guide
to update your files.