Please, look through the list for the bug you have found. If there is no one, then add it.
- Moderation bugs:
- Markup and language file issues (no hotfixes will be released if the bug results no errors):
- One can't post in a forum if there is only post permission (reported by Cereal).
- Unsubscribe CSS issue: http://punbb.informer.com/forums/post/122868/#p122868
- Just after installing the 'online' table takes a lot of diskspace on some systems (for example, 1.6 Mb on PHP: 4.4.9, Accelerator: eAccelerator, DB: MySQL Standard 4.1.22; see also a topic on forums).
- Updating script (
- CSS & markup.
- Missing lang entries on language files.
- Correct path and alerts on install.
- Fixed typos and more.
- XSS vulnerabilities described on http://punbb.informer.com/forums/post/141236/#p141236
- Error with bans in admin/bans.php and profile.php
- Invalid closing tag described on issue #32.
We provide the details of some fixed security bugs here.
The values of
$_POST['direction'] were escaped, but not logically checked before using in SQL query at the
Users page. One could execute any SQL query via making administrator to send a POST-request (e.g. giving him a link to the specially formed page). CSRF confirm message would be displayed.
The values of configuration options were not checked before using in SQL query at
Settings page. One could execute any SQL query via making administrator to send a POST-request (e.g. giving him a link to the specially formed page). CSRF confirm message would be displayed.