Differences
This shows you the differences between the selected revision and the current version of the page.
punbb13:hotfixes 2009/04/24 07:58 | punbb13:hotfixes 2020/02/06 11:04 current | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PunBB 1.3 hotfix system ====== | ====== PunBB 1.3 hotfix system ====== | ||
- | **Hotfix** is a lightweight [[extension system|extension]] consisting of single ''manifest.xml'' file. It's aimed to fix some bug or group of similar bugs. Hotfixes are cooked by [[:development team|PunBB development team]]. When Administrator visits the forum, it periodically requests the information about new hotfixes from ''http://punbb.informer.com/'' server. If the new hotfix is present, forum shows an alert (to the Administrator only). After that Administrator may visit hotfixes page((''/admin/extensions.php?section=hotfixes'')) and install the new hotfix with one click. ''manifest.xml'' is being automatically downloaded and installed as usual extension. | + | **Hotfix** is a lightweight [[extensions|extension]] consisting of single ''manifest.xml'' file. It's aimed to fix some bug or group of similar bugs. Hotfixes are cooked by [[:development team|PunBB development team]]. A forum periodically requests the information about new hotfixes from ''https://punbb.informer.com/'' server. If a new hotfix is present, forum shows an alert (to administrators only). After that the administrator can visit hotfixes page((''/admin/extensions.php?section=hotfixes'')) and install the new hotfix with one click. ''manifest.xml'' is being automatically downloaded and installed as usual extension. |
The hotfix system was originally designed by [[:Rickard Andersson]]. | The hotfix system was originally designed by [[:Rickard Andersson]]. | ||
===== Technical details ===== | ===== Technical details ===== | ||
- | * The request for all the hotfixes for PunBB 1.3 (just this forum version): ''http://punbb.informer.com/update/?version=1.3'' | + | * The request for all the hotfixes for PunBB 1.3 (just this forum version): ''https://punbb.informer.com/update/?version=1.3'' |
- | * The request for all the hotfixes for PunBB 1.3, //except// hotfix_13_moderate_xss: ''http://punbb.informer.com/update/?version=1.3&hotfixes=hotfix_13_moderate_xss'' | + | * The request for all the hotfixes for PunBB 1.3, //except// hotfix_13_moderate_xss: ''https://punbb.informer.com/update/?version=1.3&hotfixes=hotfix_13_moderate_xss'' |
- | * The ''hotfix_13_moderate_xss'' hotfix: ''http://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml'' | + | * The ''hotfix_13_moderate_xss'' hotfix: ''https://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml'' |
====== List of released hotfixes ====== | ====== List of released hotfixes ====== | ||
===== PunBB 1.3 ===== | ===== PunBB 1.3 ===== | ||
- | ^ ID / Link ^ Flaw description ^ 1.3 ^ 1.3.1 ^ 1.3.2 ^ 1.3.3 ^ | + | ^ ID / Link ^ Flaw description ^ 1.3 ^ 1.3.1 ^ 1.3.2 ^ 1.3.3 ^ 1.3.4 ^ |
- | | [[http://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml|hotfix_13_moderate_xss]] | XSS vulnerability via topic subjects in moderate.php is fixed. [[http://img46.xooimage.com/files/1/c/c/audit-81779a.txt|Patch]] by [[http://punbb.informer.com/forums/user/14266/|PHPLizardo]]. | + | - | - | - | | + | | [[https://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml|hotfix_13_moderate_xss]] | XSS vulnerability via topic subjects in moderate.php is fixed. [[http://img46.xooimage.com/files/1/c/c/audit-81779a.txt|Patch]] by [[https://punbb.informer.com/forums/user/14266/|PHPLizardo]]. | + | - | - | - | - | |
- | | [[http://punbb.informer.com/update/manifest/hotfix_13_moderate_topics.xml|hotfix_13_moderate_topics]] | Incorrect multiple topic moderation. | + | - | - | - | | + | | [[https://punbb.informer.com/update/manifest/hotfix_13_moderate_topics.xml|hotfix_13_moderate_topics]] | Incorrect multiple topic moderation. | + | - | - | - | - | |
- | | [[http://punbb.informer.com/update/manifest/hotfix_13_incorrect_topic_status_in_search_results.xml|hotfix_13_incorrect_topic_status_in_search_results]] | Incorrect topic status displayed in search results. [[http://punbb.informer.com/forums/topic/20292/all-topics-show-locked-in-show-recent-view-bug/|Reported]] by [[http://punbb.informer.com/forums/user/3945/|teva]] | + | - | - | - | | + | | [[https://punbb.informer.com/update/manifest/hotfix_13_incorrect_topic_status_in_search_results.xml|hotfix_13_incorrect_topic_status_in_search_results]] | Incorrect topic status displayed in search results. [[https://punbb.informer.com/forums/topic/20292/all-topics-show-locked-in-show-recent-view-bug/|Reported]] by [[https://punbb.informer.com/forums/user/3945/|teva]] | + | - | - | - | - | |
- | | [[http://punbb.informer.com/update/manifest/hotfix_13_xss_attack_in_login.xml|hotfix_13_xss_attack_in_login]] | A potential XSS attack at login.php page. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | | + | | [[https://punbb.informer.com/update/manifest/hotfix_13_xss_attack_in_login.xml|hotfix_13_xss_attack_in_login]] | A potential XSS attack at login.php page. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | |
- | | [[http://punbb.informer.com/update/manifest/hotfix_13_sql_injection_in_admin_users.xml|hotfix_13_sql_injection_in_admin_users]] | A potential SQL-injection at admin users page. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | | + | | [[https://punbb.informer.com/update/manifest/hotfix_13_sql_injection_in_admin_users.xml|hotfix_13_sql_injection_in_admin_users]] | A potential SQL-injection at admin users page. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | |
- | | [[http://punbb.informer.com/update/manifest/hotfix_13_sql_injection_in_admin_settings.xml|hotfix_13_sql_injection_in_admin_settings]] | A potential SQL-injections in admin/settings.php for permissions config values. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | | + | | [[https://punbb.informer.com/update/manifest/hotfix_13_sql_injection_in_admin_settings.xml|hotfix_13_sql_injection_in_admin_settings]] | A potential SQL-injections in admin/settings.php for permissions config values. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | |
- | | [[http://punbb.informer.com/update/manifest/hotfix_13_updates_cache_notice_removal.xml|hotfix_13_updates_cache_notice_removal]] | A minor bug leading to a notice on updates check. | + | + | + | - | | + | | [[https://punbb.informer.com/update/manifest/hotfix_13_updates_cache_notice_removal.xml|hotfix_13_updates_cache_notice_removal]] | A minor bug leading to a notice on updates check. | + | + | + | - | - | |
+ | | [[https://punbb.informer.com/update/manifest/hotfix_132_xss_attack_via_get_parameter_p.xml|hotfix_132_xss_attack_via_get_parameter_p]] | A potential XSS attack via GET-parameter "p". | + | + | + | - | - | | ||
+ | | [[https://punbb.informer.com/update/manifest/hotfix_133_xss_attack_in_profile.xml|hotfix_133_xss_attack_in_profile]] | A potential XSS attack on password change. Reported by Richard Sammet. | + | + | + | + | - | | ||
====== See also ====== | ====== See also ====== |