• From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Topic: PunBB 1.2.2

Today brings the release of PunBB 1.2.2. This release has been made primarily to deal with a number of security vulnerabilities in PunBB 1.2/1.2.1. PunBB 1.2.2 fixes a number of SQL injection vulnerabilities in register.php, profile.php and moderate.php (posted to Bugtraq a few hours ago) as well as a file disclosure vulnerability in admin_loader.php. On top of this, a small number of non-security related bugs have been adressed. PunBB 1.2.2 is a recommended upgrade for everyone.

It should be noted that PunBB 1.1.* might very well be affected by some of these vulnerabilities as well, so if you're still running PunBB 1.1.*, I recommend that you at least apply the fixes in changeset 101.

I would like to thank Smartys for reporting the admin_loader.php bug and giving me time to fix it. I would also like to thank John Gumbel for reporting the other vulnerabilities even though I would have preferred more than ~20 minutes to release a bugfix version prior to the Bugtraq posting wink

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • Registered: 2004-10-10
  • Posts: 77

Re: PunBB 1.2.2

Damn... I just modded 1.2.1, thinking it'd be a long while until the next update. Oh well.

3 Reply by lament (edited by lament 2005-02-24 23:03)

  • lament
  • Senior Member
  • Offline
  • From: San Diego, CA
  • Registered: 2004-06-14
  • Posts: 165

Re: PunBB 1.2.2

ha me too.  but i think i'll upgrade right now.

Rickard does this affect your News Module plugin (that i was just going to install) or RSS feeds?

http://www.lament.us
http://www.sadreminders.com

lament's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: PunBB 1.2.2

lament: Nope.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

5 Reply by lament (edited by lament 2005-02-24 23:08)

  • lament
  • Senior Member
  • Offline
  • From: San Diego, CA
  • Registered: 2004-06-14
  • Posts: 165

Re: PunBB 1.2.2

can you be in maintenance mode while upgrading?

http://www.lament.us
http://www.sadreminders.com

lament's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: PunBB 1.2.2

Sure.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • lament
  • Senior Member
  • Offline
  • From: San Diego, CA
  • Registered: 2004-06-14
  • Posts: 165

Re: PunBB 1.2.2

worked like a champ. thanks!

now off to install the news mod..

http://www.lament.us
http://www.sadreminders.com

lament's Website

  • Registered: 2004-08-13
  • Posts: 77

Re: PunBB 1.2.2

I just did it wink

thanks, it's very easy.

I explain to the "frenchies" how to do it here: http://punbb.org/forums/viewtopic.php?id=6466

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: PunBB 1.2.2

No problem Rickard, always a pleasure to help out smile

10 Reply by hcgtv (edited by hcgtv 2005-02-25 01:00)

  • hcgtv
  • hcgtv
  • Senior Member
  • Offline
  • From: Charlotte, NC
  • Registered: 2004-06-25
  • Posts: 1,991

Re: PunBB 1.2.2

Upgraded to 1.2.2 - copied over changed files, ran the upgrade script.

All okiedokie smile

Thanks Rickard.

PHPCrossRef . TXP Make . TXP Themes . TXP Tags . TXP Planet . We Love TXP

hcgtv's Website

11 Reply by Bassguy (edited by Bassguy 2005-02-25 01:57)

  • Registered: 2004-10-10
  • Posts: 77

Re: PunBB 1.2.2

It seems to have removed my link to my Private Messages, but that's nothing a little "additional menu items" won't fix.

Otherwise, it worked perfectly.

  • Registered: 2004-08-16
  • Posts: 577

Re: PunBB 1.2.2

You probably dont want to do that.

Follow the directions from the installer for header.php.

If you dont you wont see the 'There are new messages' link.

Indocron
$theQuestion = (2*b) || !(2*b);

13 Reply by Ataxy (edited by Ataxy 2005-02-25 04:06)

  • Ataxy
  • Senior Member
  • Offline
  • From: Montreal,Canada
  • Registered: 2004-06-07
  • Posts: 287

Re: PunBB 1.2.2

ok i have updated my forum to the v1.2.2 the installation went smooth except that now when i load my forum i get this appearing at the top of it but it still loads

Notice: Undefined index: o_additional_navlinks in /home/vhost/d-vault.peerforces.com/html/forum/include/functions.php on line 271

i dont know if someone can shine some light on whats the problem

Ataxy's Website

  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: PunBB 1.2.2

you have to go to 1.2.1 before going to 1.2.2 i think?

it looks like the 1.2.2 install works on 1.2 but it shouldn't

FluxBB.
Connorhd.co.uk.

Connorhd's Website

15 Reply by gezz

  • gezz
  • Senior Member
  • Offline
  • From: Canada (eh?)
  • Registered: 2004-04-16
  • Posts: 142

Re: PunBB 1.2.2

so if i edit all the files manualy will i then be able to run the update script?

-gezz
  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: PunBB 1.2.2

Oh man. I'm such a moron!

gezz: You need to do the following:

1. Run the following query: INSERT INTO config (conf_name, conf_value) VALUES('o_additional_navlinks', NULL);
2. Delete the php scripts in the cache folder.

That should do it. If you use a table prefix, you should put that in front of "config" in the query above.

I will fix this as soon as I get back from work.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

17 Reply by Ataxy

  • Ataxy
  • Senior Member
  • Offline
  • From: Montreal,Canada
  • Registered: 2004-06-07
  • Posts: 287

Re: PunBB 1.2.2

ok thx rickard next question is for connord i have the database plugin and i am trying to run this query:

INSERT INTO config (conf_name, conf_value) VALUES('o_additional_navlinks', NULL);

but ounce i submit the query i always get a page telling me:

SQLerror

also rickard do i delete all the php scripts that are in the cache or some in particular

Ataxy's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: PunBB 1.2.2

What does the SQL error say?

You can delete all PHP scripts in the cache folder.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

19 Reply by Ataxy

  • Ataxy
  • Senior Member
  • Offline
  • From: Montreal,Canada
  • Registered: 2004-06-07
  • Posts: 287

Re: PunBB 1.2.2

ok all i get is SQLerror
http://www.sitesled.com/members/ataxy/sqlerr.JPG

i have also noticed that in the administrator/option/Additional menu item section of my forum there is this html code in the box

<br />
<b>Notice</b>:  Undefined index:  o_additional_navlinks in <b>/home/vhost/d-vault.peerforces.com/html/forum/admin_options.php</b> on line <b>468</b><br />

Ataxy's Website

  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: PunBB 1.2.2

if you are running it through the db plugin try this

INSERT INTO #__config (conf_name, conf_value) VALUES('o_additional_navlinks', NULL);

FluxBB.
Connorhd.co.uk.

Connorhd's Website

21 Reply by Ataxy

  • Ataxy
  • Senior Member
  • Offline
  • From: Montreal,Canada
  • Registered: 2004-06-07
  • Posts: 287

Re: PunBB 1.2.2

thx connord it work perfectly
and thx rickard for such a great forum

Ataxy's Website

22 Reply by gezz (edited by gezz 2005-02-25 22:37)

  • gezz
  • Senior Member
  • Offline
  • From: Canada (eh?)
  • Registered: 2004-04-16
  • Posts: 142

Re: PunBB 1.2.2

Rickard wrote:

Oh man. I'm such a moron!

gezz: You need to do the following:

1. Run the following query: INSERT INTO config (conf_name, conf_value) VALUES('o_additional_navlinks', NULL);
2. Delete the php scripts in the cache folder.

That should do it. If you use a table prefix, you should put that in front of "config" in the query above.

I will fix this as soon as I get back from work.

im updating from 1.2.1 so theoreticaly couldnt i just use the install script? the reason why i want to manualy update is because i dont want to loose all my mods and layout changes

-gezz
  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: PunBB 1.2.2

the install script just changed the version number for 1.2.1 to 1.2.2 i think

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: PunBB 1.2.2

There, now the update script has been, well, updated smile Instead of limiting it to updates from only 1.2.1, I made it work with both 1.2 and 1.2.1.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

25 Reply by gezz

  • gezz
  • Senior Member
  • Offline
  • From: Canada (eh?)
  • Registered: 2004-04-16
  • Posts: 142

Re: PunBB 1.2.2

okay, now im just confused... what exactly do i have to do to go from 1.2.1 to 1.2.2 manualy? (as in edit the files by hand)

-gezz