Differences

This shows you the differences between the selected revision and the current version of the page.

punbb13:hotfixes 2008/11/19 06:48 punbb13:hotfixes 2020/02/06 11:04 current
Line 1: Line 1:
====== PunBB 1.3 hotfix system ====== ====== PunBB 1.3 hotfix system ======
-**Hotfix** is a lightweight [[extension system|extension]] consisting of single ''manifest.xml'' file. It's aimed to fix some bug or group of similar bugs. Hotfixes are cooked by PunBB development team. When Administrator visits the forum, it periodically requests the information about new hotfixes from ''http://punbb.informer.com/'' server. If new hotfix is present, forum shows an alert (to the Administrator only). After that Administrator may visit hotfixes page((''/admin/extensions.php?section=hotfixes'')) and install new hotfix with one click. ''manifest.xml'' is being downloaded and installed as usual extension.+**Hotfix** is a lightweight [[extensions|extension]] consisting of single ''manifest.xml'' file. It's aimed to fix some bug or group of similar bugs. Hotfixes are cooked by [[:development team|PunBB development team]]. A forum periodically requests the information about new hotfixes from ''https://punbb.informer.com/'' server. If a new hotfix is present, forum shows an alert (to administrators only). After that the administrator can visit hotfixes page((''/admin/extensions.php?section=hotfixes'')) and install the new hotfix with one click. ''manifest.xml'' is being automatically downloaded and installed as usual extension
 + 
 +The hotfix system was originally designed by [[:Rickard Andersson]].
===== Technical details ===== ===== Technical details =====
-  * The request for all the hotfixes for PunBB 1.3 (just this forum version): ''http://punbb.informer.com/update/?version=1.3'' +  * The request for all the hotfixes for PunBB 1.3 (just this forum version): ''https://punbb.informer.com/update/?version=1.3'' 
-  * The request for all the hotfixes for PunBB 1.3, //except// hotfix_13_moderate_xss: ''http://punbb.informer.com/update/?version=1.3&hotfixes=hotfix_13_moderate_xss'' +  * The request for all the hotfixes for PunBB 1.3, //except// hotfix_13_moderate_xss: ''https://punbb.informer.com/update/?version=1.3&hotfixes=hotfix_13_moderate_xss'' 
-  * The [[hotfix_13_moderate_xss]] hotfix: ''http://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml''+  * The ''hotfix_13_moderate_xss'' hotfix: ''https://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml'' 
 + 
 +====== List of released hotfixes ====== 
 +===== PunBB 1.3 ===== 
 + 
 +^ ID / Link ^ Flaw description ^ 1.3 ^ 1.3.1 ^ 1.3.2 ^ 1.3.3 ^ 1.3.4 ^ 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml|hotfix_13_moderate_xss]] | XSS vulnerability via topic subjects in moderate.php is fixed. [[http://img46.xooimage.com/files/1/c/c/audit-81779a.txt|Patch]] by [[https://punbb.informer.com/forums/user/14266/|PHPLizardo]]. | + | - | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_moderate_topics.xml|hotfix_13_moderate_topics]] | Incorrect multiple topic moderation. | + | - | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_incorrect_topic_status_in_search_results.xml|hotfix_13_incorrect_topic_status_in_search_results]] | Incorrect topic status displayed in search results. [[https://punbb.informer.com/forums/topic/20292/all-topics-show-locked-in-show-recent-view-bug/|Reported]] by [[https://punbb.informer.com/forums/user/3945/|teva]] | + | - | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_xss_attack_in_login.xml|hotfix_13_xss_attack_in_login]] | A potential XSS attack at login.php page. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_sql_injection_in_admin_users.xml|hotfix_13_sql_injection_in_admin_users]] | A potential SQL-injection at admin users page. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_sql_injection_in_admin_settings.xml|hotfix_13_sql_injection_in_admin_settings]] | A potential SQL-injections in admin/settings.php for permissions config values. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_updates_cache_notice_removal.xml|hotfix_13_updates_cache_notice_removal]] | A minor bug leading to a notice on updates check. | + | + | + | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_132_xss_attack_via_get_parameter_p.xml|hotfix_132_xss_attack_via_get_parameter_p]] | A potential XSS attack via GET-parameter "p". | + | + | + | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_133_xss_attack_in_profile.xml|hotfix_133_xss_attack_in_profile]] | A potential XSS attack on password change. Reported by Richard Sammet. | + | + | + | + | - | 
 + 
 +====== See also ====== 
 +  * [[extension system|PunBB 1.3 extension system]] 
 +  * [[extensions|PunBB 1.3 extensions]] 
 +  * [[bugs|PunBB 1.3 bugs]] 

Personal Tools