miniBB ® 


Support Forums
 | Start | Register | Search | Statistics | File Bank | Manual |
News miniBB Support Forums / News /  

miniBB 2.2a released - security fix + some minor improvements

Author Paul
Lead Developer 
#1 | Posted: 22 Apr 2008 05:31 
As it was recently reported by girex, earlier miniBB releases contain a security fix only available if register_globals = On in your php.ini. As you may notice, within the past years all miniBB security problems may appear only if you have such configuration of PHP. Again, please re-check your server settings regarding this configuration and change it to register_globals = Off, or ask your provider to do that. Nowadays all major scripts support working without globals, it is a question not only of miniBB security, but also your own.

To fix your version of miniBB, just add 'xtr' value to the top array $unset of index.php. For example:

$unset=array('logged_admin', 'isMod', 'user_id', 'langu', 'includeHeader', 'includeFooter', ... 'csrfchk', 'emailCharset', 'adminUser', 'cook', 'forumClone', 'xtr');
Other improvements of the updated version 2.2 contain experimental search form and function, when by default searching will process only in topic titles, which is basically the right solution, because topic's title always should contain all major keywords which will be useful also for search engines. This should force forums administration to take massive care about topic titles. On another hand, searching by topic titles completes much more faster else when searching in messages (because in database there is a search in 255 chars against 64 K).

Other improvements can't be called critical, since they are only providing some additional possibilities for possible extensions.

Download new miniBB now and follow Updating history guide to update your files.

News miniBB Support Forums / News /
 miniBB 2.2a released - security fix + some minor improvements
 Share Topic's Link

This topic is closed. New replies are not allowed.


miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.