This is an old revision of the document!
PunBB 1.3 hotfix system
Hotfix is a lightweight extension consisting of single manifest.xml
file. It's aimed to fix some bug or group of similar bugs. Hotfixes are cooked by PunBB development team. When Administrator visits the forum, it periodically requests the information about new hotfixes from http://punbb.informer.com/
server. If the new hotfix is present, forum shows an alert (to the Administrator only). After that Administrator may visit hotfixes page1) and install the new hotfix with one click. manifest.xml
is being automatically downloaded and installed as usual extension.
The hotfix system was originally designed by Rickard Andersson.
Technical details
- The request for all the hotfixes for PunBB 1.3 (just this forum version):
http://punbb.informer.com/update/?version=1.3
- The request for all the hotfixes for PunBB 1.3, except hotfix_13_moderate_xss:
http://punbb.informer.com/update/?version=1.3&hotfixes=hotfix_13_moderate_xss
- The
hotfix_13_moderate_xss
hotfix:http://punbb.informer.com/update/manifest/hotfix_13_moderate_xss.xml
List of released hotfixes
PunBB 1.3
ID / Link | Flaw description | 1.3 | 1.3.1 | 1.3.2 | 1.3.3 |
---|---|---|---|---|---|
hotfix_13_moderate_xss | XSS vulnerability via topic subjects in moderate.php is fixed. Patch by PHPLizardo. | + | - | - | - |
hotfix_13_moderate_topics | Incorrect multiple topic moderation. | + | - | - | - |
hotfix_13_incorrect_topic_status_in_search_results | Incorrect topic status displayed in search results. Reported by teva | + | - | - | - |
hotfix_13_xss_attack_in_login | A potential XSS attack at login.php page. Reported by Stefan Esser. | + | + | - | - |
hotfix_13_sql_injection_in_admin_users | A potential SQL-injection at admin users page. Reported by Stefan Esser. | + | + | - | - |
hotfix_13_sql_injection_in_admin_settings | A potential SQL-injections in admin/settings.php for permissions config values. Reported by Stefan Esser. | + | + | - | - |
hotfix_13_updates_cache_notice_removal | A minor bug leading to a notice on updates check. | + | + | + | - |
hotfix_133_xss_attack_in_profile | A minor bug leading to a notice on updates check. | + | + | + | + |
See also
/admin/extensions.php?section=hotfixes