Topic: PunBB 1.2.19

PunBB 1.2.19 released.
The only differ from 1.2.18 is fixing improper attempt to solve an XSS issue in include/parser.php.
We apologize for hurrying up with 1.2.18 release, having not enough testing.

We assume most users are upgrading from PunBB version 1.2.17 or lower, so
here is the 1.2.17 to 1.2.19 changelist:

  • Fixed an SMTP command injection vulnerability, discovered by Stefan Esser.

  • Fixed an XSS issue in include/parser.php, discovered by Dan Crowley.

  • Fixed issue with database returning the same user on multiple pages of the userlist, noticed by hcgtv.

  • Fixed several potential XSS vectors in moderate.php.

  • Fixed the avatars of deleted users not being removed.

  • Copyrights and punbb.informer.com links updated.

  • Docs removed.

It is strongly recommended to update your PunBB 1.2.* installations to PunBB 1.2.19 as soon as possible.
Visit Downloads page for archives and the patch. Or get latest revision from SVN trunk.

Thanks to the people who reported issues and Smartys who fixed them.

Carpe diem

2

Re: PunBB 1.2.19

Here are the changed files from PunBB 1.2.17 to 1.2.19:

/include/email.php - http://punbb.informer.com/trac/changeset/244
/include/parser.php - http://punbb.informer.com/trac/changeset/245, http://punbb.informer.com/trac/changeset/258
moderate.php - http://punbb.informer.com/trac/changeset/246
profile.php - http://punbb.informer.com/trac/changeset/247
userlist.php - http://punbb.informer.com/trac/changeset/243

The rest of the files contained in the changed files zip are copyright changes, so long Rickard, and url changes from punbb.org to punbb.informer.com.

Re: PunBB 1.2.19

netleoo wrote:

要是能上传附件功能就好了!

homerzhu wrote:

有上传插件可以下载,你找一下就OK了

Posts deleted. English please (a то начну по-русски писать = or I will start to write in Russian tongue).

Carpe diem

Re: PunBB 1.2.19

OK, i will write in english in future smile

Re: PunBB 1.2.19

Please no more future updates that only change the copyright year.

Copyrights do not have to have the year, they can just say
copyright punbb
and thats it.

That would save a lot of us, lots of headaches. I use a lot of hacks on my forum and dont like having to compare all my files. THanks.

Re: PunBB 1.2.19

s0me0ne wrote:

Please no more future updates that only change the copyright year.
That would save a lot of us, lots of headaches. I use a lot of hacks on my forum and dont like having to compare all my files.

Agree, but we couldn't leave Rickard's copyrights untouched as this is legally incorrect now. I hope these notices will not be changed for a long time anymore )

Carpe diem

7 (edited by kobiak 2008-07-26 20:58)

Re: PunBB 1.2.19

Hi,

I've recently changed from 1.2.* (I don't know the previous version I was running smile it's from back 2006 smile)

Runned update script... uploaded and connect database. Everything looks good but when tried open a topic got an error "Unable to fetch topic info"

is there anything I could do to have my old forum content and run latest verion of forum? thanks.

UPD. Solved smile