Differences

This shows you the differences between the selected revision and the current version of the page.

punbb13:hotfixes 2008/11/19 06:57 punbb13:hotfixes 2020/02/06 11:04 current
Line 1: Line 1:
====== PunBB 1.3 hotfix system ====== ====== PunBB 1.3 hotfix system ======
-**Hotfix** is a lightweight [[extension system|extension]] consisting of single ''manifest.xml'' file. It's aimed to fix some bug or group of similar bugs. Hotfixes are cooked by [[:development team|PunBB development team]]. When Administrator visits the forum, it periodically requests the information about new hotfixes from ''http://punbb.informer.com/'' server. If a new hotfix is present, forum shows an alert (to the Administrator only). After that Administrator may visit hotfixes page((''/admin/extensions.php?section=hotfixes'')) and install new hotfix with one click. ''manifest.xml'' is being downloaded and installed as usual extension.+**Hotfix** is a lightweight [[extensions|extension]] consisting of single ''manifest.xml'' file. It's aimed to fix some bug or group of similar bugs. Hotfixes are cooked by [[:development team|PunBB development team]]. A forum periodically requests the information about new hotfixes from ''https://punbb.informer.com/'' server. If a new hotfix is present, forum shows an alert (to administrators only). After that the administrator can visit hotfixes page((''/admin/extensions.php?section=hotfixes'')) and install the new hotfix with one click. ''manifest.xml'' is being automatically downloaded and installed as usual extension.
The hotfix system was originally designed by [[:Rickard Andersson]]. The hotfix system was originally designed by [[:Rickard Andersson]].
===== Technical details ===== ===== Technical details =====
-  * The request for all the hotfixes for PunBB 1.3 (just this forum version): ''http://punbb.informer.com/update/?version=1.3'' +  * The request for all the hotfixes for PunBB 1.3 (just this forum version): ''https://punbb.informer.com/update/?version=1.3'' 
-  * The request for all the hotfixes for PunBB 1.3, //except// hotfix_13_moderate_xss: ''http://punbb.informer.com/update/?version=1.3&hotfixes=hotfix_13_moderate_xss'' +  * The request for all the hotfixes for PunBB 1.3, //except// hotfix_13_moderate_xss: ''https://punbb.informer.com/update/?version=1.3&hotfixes=hotfix_13_moderate_xss'' 
-  * The ''hotfix_13_moderate_xss'' hotfix: ''http://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml''+  * The ''hotfix_13_moderate_xss'' hotfix: ''https://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml''
====== List of released hotfixes ====== ====== List of released hotfixes ======
===== PunBB 1.3 ===== ===== PunBB 1.3 =====
-  * [[http://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml|hotfix_13_moderate_xss]] -- XSS vulnerability via topic subjects in moderate.php is fixed. Patch by PHPLizardo. + 
- * [[http://punbb.informer.com/update/manifest/hotfix_13_moderate_topics.xml|hotfix_13_moderate_topics]] -- Fixed bug with incorrect multiple topic moderation.+^ ID / Link ^ Flaw description ^ 1.3 ^ 1.3.1 ^ 1.3.2 ^ 1.3.3 ^ 1.3.4 ^ 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml|hotfix_13_moderate_xss]] | XSS vulnerability via topic subjects in moderate.php is fixed. [[http://img46.xooimage.com/files/1/c/c/audit-81779a.txt|Patch]] by [[https://punbb.informer.com/forums/user/14266/|PHPLizardo]]. | + | - | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_moderate_topics.xml|hotfix_13_moderate_topics]] | Incorrect multiple topic moderation. | + | - | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_incorrect_topic_status_in_search_results.xml|hotfix_13_incorrect_topic_status_in_search_results]] | Incorrect topic status displayed in search results. [[https://punbb.informer.com/forums/topic/20292/all-topics-show-locked-in-show-recent-view-bug/|Reported]] by [[https://punbb.informer.com/forums/user/3945/|teva]] | + | - | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_xss_attack_in_login.xml|hotfix_13_xss_attack_in_login]] | A potential XSS attack at login.php page. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_sql_injection_in_admin_users.xml|hotfix_13_sql_injection_in_admin_users]] | A potential SQL-injection at admin users page. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_sql_injection_in_admin_settings.xml|hotfix_13_sql_injection_in_admin_settings]] | A potential SQL-injections in admin/settings.php for permissions config values. Reported by [[http://www.suspekt.org/|Stefan Esser]]. | + | + | - | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_13_updates_cache_notice_removal.xml|hotfix_13_updates_cache_notice_removal]] | A minor bug leading to a notice on updates check. | + | + | + | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_132_xss_attack_via_get_parameter_p.xml|hotfix_132_xss_attack_via_get_parameter_p]] | A potential XSS attack via GET-parameter "p". | + | + | + | - | - | 
 +| [[https://punbb.informer.com/update/manifest/hotfix_133_xss_attack_in_profile.xml|hotfix_133_xss_attack_in_profile]] | A potential XSS attack on password change. Reported by Richard Sammet. | + | + | + | + | - |
====== See also ====== ====== See also ======
  * [[extension system|PunBB 1.3 extension system]]   * [[extension system|PunBB 1.3 extension system]]
  * [[extensions|PunBB 1.3 extensions]]   * [[extensions|PunBB 1.3 extensions]]
 +  * [[bugs|PunBB 1.3 bugs]]
 +

Personal Tools