PunBB Forums — PunBB 1.2.23

Re: PunBB 1.2.23

null@example.com (jonsteve300) — Sun, 06 Mar 2011 13:05:42 +0000

I am also looking for the solution of same problem. I searched it a lot and find your thread. please help me too

Re: PunBB 1.2.23

null@example.com (neofutur) — Wed, 27 Oct 2010 04:10:03 +0000

MyBestBB premod version updated to 1.2.23 ( http://trac.ww7.be/trac.ww7.be/changeset/403 ), thanks again for providing security upgrades ans hdiff.

Re: PunBB 1.2.23

null@example.com (Slavok) — Thu, 12 Aug 2010 06:44:12 +0000

It is because of unnecessary tab at this line.

Re: PunBB 1.2.23

null@example.com (Extri) — Wed, 11 Aug 2010 21:23:41 +0000

Hi.

There is an error in HDIFF PunBB 1.2.22 to 1.2.23 changes :

punbb-1.2.22/upload/include/functions.php

371:         $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

is the same as:
punbb-1.2.23/upload/include/functions.php

371:         $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

PunBB 1.2.23

null@example.com (Slavok) — Wed, 11 Aug 2010 13:38:53 +0000

Found new vulnerability in PunBB 1.2, it was related to a bug in the PHP "unserialize" function. It was fixed and the new version of PunBB (1.2.23) has been released! It is recommended that you update your PunBB 1.2.* installation.

Thanks to hcs for report.

Changes from 1.2.22:

Fixed vulnerability in cookie authorization via "unserialize" function.

Visit Downloads page for the PunBB 1.2.23 packages and patches. Or get the latest revision from SVN.