prepare new release - see changelog for changes

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4926 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-07-30 21:40:43 +02:00 · 2004-07-11 16:46:20 +00:00
parent e8e0ef46ed
commit 572ee7994a
29 changed files with 1094 additions and 69 deletions
--- a/phpBB/docs/AUTHORS
+++ b/phpBB/docs/AUTHORS
@@ -1 +1 @@
-Please see: http://www.phpbb.com/credits.php for a list of all the people involved in phpBB.
+Please see: http://www.phpbb.com/about.php for a list of all the people involved in phpBB.
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html">
 <meta http-equiv="Content-Style-Type" content="text/css">
-<title>phpBB 2.0.8 :: Changelog</title>
+<title>phpBB 2.0.9 :: Changelog</title>
 <link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
 <style type="text/css">
 <!--
@@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
 <table width="100%" border="0" cellspacing="0" cellpadding="0">
 	<tr>
 		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
-		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.8 CHANGELOG</span></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.9 CHANGELOG</span></td>
 	</tr>
 </table>

@@ -32,6 +32,7 @@ p,ul,td {font-size:10pt;}
 <ol>
 <li><a href="#changelog">Changelog</a></li>
 <ol type="i">
+	<li><a href="#208">Changes since 2.0.8</a></li>
 	<li><a href="#207">Changes since 2.0.7</a></li>
 	<li><a href="#206">Changes since 2.0.6</a></li>
 	<li><a href="#205">Changes since 2.0.5</a></li>
@@ -53,7 +54,26 @@ p,ul,td {font-size:10pt;}

 <p>This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.</p>

-<a name="207"></a><h3 class="h3">l.i. Changes since 2.0.7</h3>
+<a name="208"></a><h3 class="h3">l.i. Changes since 2.0.8</h3>
+
+<ul>
+<li>Fixed one vulnerability in admin_board.php - <b>Xore</b></li>
+<li>Added checking for proper session id characters to sessions and viewtopic to prevent injections - <b>Bartlomiej Korupczynski</b></li>
+<li>Fixed injection vulnerabilities possible with linked avatars</li>
+<li>Implemented unsetting globalised variables</li>
+<li>Limited confirm switch to POST variable in posting</li>
+<li>Changed IP code in common.php to prevent IP spoofing</li>
+<li>Updated visual confirmation mod [pre-edited files]</li>
+<li>Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by <b>R45</b></li>
+<li>Added the ability to link to https/ftps sites using the img bbcode tag</li>
+<li>Fixed user online information in admin/index.php</li>
+<li>Fixed getting group moderator in groupcp.php if running oracle backend - spotted by <b>pakman</b></li>
+<li>Fixed use of non-existing result variable in modcp (poster_id instead of user_id)</li>
+<li>Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - <b>Matthew C. Kavanagh, Janek Vind</b></li>
+<li>
+</ul>
+
+<a name="207"></a><h3 class="h3">l.ii. Changes since 2.0.7</h3>

 <ul>
 <li>Fixed several vulnerabilities in admin pages</li>
@@ -65,7 +85,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed sql injection vulnerability in privmsg - 2.0.8a</li>
 </ul>

-<a name="206"></a><h3 class="h3">1.ii. Changes since 2.0.6</h3>
+<a name="206"></a><h3 class="h3">1.iii. Changes since 2.0.6</h3>

 <ul>
 <li>Fixed several vulnerabilities in modcp - <b>Robert Lavierck</b></li>
@@ -79,7 +99,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed potential vulnerability in avatar gallery</li>
 </ul>

-<a name="205"></a><h3 class="h3">1.iii. Changes since 2.0.5</h3>
+<a name="205"></a><h3 class="h3">1.iv. Changes since 2.0.5</h3>

 <ul>
 <li>Fixed various email issues</li>
@@ -95,7 +115,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed sql injection with reset date format field in profile - <b>tendor</b></li>
 </ul>

-<a name="204"></a><h3 class="h3">1.iv. Changes since 2.0.4</h3>
+<a name="204"></a><h3 class="h3">1.v. Changes since 2.0.4</h3>

 <ul>
 <li>Removed user facing session_id checks</li>
@@ -167,7 +187,7 @@ p,ul,td {font-size:10pt;}
 <li>Default English support for visual confirmation - translators are encouraged to support this</li>
 </ul>

-<a name="203"></a><h3 class="h3">1.v. Changes since 2.0.3</h3>
+<a name="203"></a><h3 class="h3">1.vi. Changes since 2.0.3</h3>

 <ul>
 <li>Fixed cross-browser scripting issue with highlight param</li>
@@ -294,7 +314,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed potential SQL vulnerability with marking of private messages - <b>Ulf Harnhammar</b></li>
 </ul>

-<a name="202"></a><h3 class="h3">1.vi. Changes since 2.0.2</h3>
+<a name="202"></a><h3 class="h3">1.vii. Changes since 2.0.2</h3>

 <ul>
 <li>Fixed potential cross-site scripting vulnerability with avatars - <b>Showscout</b></li>
@@ -303,7 +323,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed (hopefully) issue with MS Access and multiple pages</li>
 </ul>

-<a name="201"></a><h3 class="h3">1.vii. Changes since 2.0.1</h3>
+<a name="201"></a><h3 class="h3">1.viii. Changes since 2.0.1</h3>

 <ul>
 <li>Fixed missing "username" lang variable in user admin template</li>
@@ -338,7 +358,7 @@ p,ul,td {font-size:10pt;}
 <li>Fix emailer to allow sending emails with language-specific character sets</li>
 </ul>

-<a name="200"></a><h3 class="h3">1.viii. Changes since 2.0.0</h3>
+<a name="200"></a><h3 class="h3">1.ix. Changes since 2.0.0</h3>

 <ul>
 <li>Fixed delete image bug for normal users</li>
@@ -395,7 +415,7 @@ p,ul,td {font-size:10pt;}
 <li>Added database closure to admin frameset page</li>
 </ul>

-<a name="final"></a><h3 class="h3">1.ix. Changes since RC-4</h3>
+<a name="final"></a><h3 class="h3">1.x. Changes since RC-4</h3>

 <ul>
 <li>Fixed improper report of general error when posting messages containing errors</li>
@@ -425,7 +445,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed various remaining usergroup display issues</li>
 </ul>

-<a name="rc4"></a><h3 class="h3">1.x. Changes since RC-3</h3>
+<a name="rc4"></a><h3 class="h3">1.xi. Changes since RC-3</h3>

 <ul>
 <li>Addressed serious security issue with included files</li>
@@ -456,7 +476,7 @@ p,ul,td {font-size:10pt;}
 <li>Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver</li>
 </ul>

-<a name="rc3"></a><h3 class="h3">1.xi. Changes since RC-2</h3>
+<a name="rc3"></a><h3 class="h3">1.xii. Changes since RC-2</h3>

 <ul>
 <li>Fixed infamous install parse error</li>
@@ -489,7 +509,7 @@ p,ul,td {font-size:10pt;}
 <li>Hidden usergroups are now completely hidden from view</li>
 </ul>

-<a name="rc2"></a><h3 class="h3">1.xii. Changes since RC-1</h3>
+<a name="rc2"></a><h3 class="h3">1.xiii. Changes since RC-1</h3>

 <ul>
 <li>Fixed numerous PostgreSQL related issues</li>
@@ -509,7 +529,7 @@ p,ul,td {font-size:10pt;}
 <li>Various other fixes and updates</li>
 </ul>

-<a name="rc1"></a><h3 class="h3">1.xiii. Changes since RC-1 (pre)</h3>
+<a name="rc1"></a><h3 class="h3">1.xv. Changes since RC-1 (pre)</h3>

 <ul>
 <li>Upgrade script completed for initial fully functional release</li>
--- a/phpBB/docs/INSTALL.html
+++ b/phpBB/docs/INSTALL.html
@@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html">
 <meta http-equiv="Content-Style-Type" content="text/css">
-<title>phpBB 2.0.8 :: Install</title>
+<title>phpBB 2.0.9 :: Install</title>
 <link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css">
 <style type="text/css">
 <!--
@@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
 <table width="100%" border="0" cellspacing="0" cellpadding="0">
 	<tr>
 		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
-		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.8 INSTALL</span></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.9 INSTALL</span></td>
 	</tr>
 </table>

@@ -33,7 +33,7 @@ p,ul,td {font-size:10pt;}

 <p>Please note these instructions are not fully comprehensive, a more thorough userguide will be available on the phpBB website in the near future. However, this document will walk you through the basics on installing the forum software.</p>

-<p>A basic overview of running phpBB 2.0.8 can be found in the accompanying <a href="README.html">README</a> documentation. Please ensure you read that document in addition to this! For more detailed information on using phpBB 2 you should read <a href="http://www.phpbb.com/guide/phpBB_Users_Guide.html" target="_new">Userguide</a> now available online.</p>
+<p>A basic overview of running phpBB 2.0.9 can be found in the accompanying <a href="README.html">README</a> documentation. Please ensure you read that document in addition to this! For more detailed information on using phpBB 2 you should read <a href="http://www.phpbb.com/guide/phpBB_Users_Guide.html" target="_new">Userguide</a> now available online.</p>

 <ol>
 <li><a href="#quickinstall">Quick Install</a></li>
@@ -88,7 +88,7 @@ p,ul,td {font-size:10pt;}

 <a name="require"></a><h2 class="h2"><u>2. Requirements</u></h2>

-<p>Installation of phpBB 2.0.8 requires the following:</p>
+<p>Installation of phpBB 2.0.9 requires the following:</p>
 <ul>
 <li>A webserver or web hosting account running on any major Operating System</li>
 <li>A SQL database system, <b>one of</b>:
@@ -170,11 +170,11 @@ p,ul,td {font-size:10pt;}

 <p>Upgrading from these versions is generally quite easy. First you should make a copy of your existing <u>config.php</u>, keep it in a safe place! Next delete all the existing phpBB 2 files, do not leave any in place otherwise you may encounter errors later. You can leave alternative templates in-place but you should note they may not function correctly with the final release. It is therefore recommended you switch back to subSilver if you are currently using a different style. With this complete you can upload the new phpBB 2.0.0 files (see <a href="#install">New Installations</a> for details if necessary). Once complete copy back your saved <u>config.php</u>, replacing the new one.</p>

-<p>You should now run <b>install/update_to_208.php</b> which, depending on your previous version, will make a number of database changes. You may receive <u>FAILURES</u> during this procedure, they should not be a cause for concern unless you see an actual <u>ERROR</u>, in which case the script will stop (in this case you should seek help via our forums or bug tracker).</p>
+<p>You should now run <b>install/update_to_209.php</b> which, depending on your previous version, will make a number of database changes. You may receive <u>FAILURES</u> during this procedure, they should not be a cause for concern unless you see an actual <u>ERROR</u>, in which case the script will stop (in this case you should seek help via our forums or bug tracker).</p>

-<p><b>RC-2 and below MSSQL users</b>, please note that during the update procedure your existing forums table will be dropped and re-created. All data in standard fields will be retained. However if you have modified the forums table and added additional fields or altered existing ones these changes <b>WILL</b> be lost. If this is a significant issue for you we advise you comment out the "DROP FORUM TABLE" section in update_to_208.php and instead, manually alter the forum_id column to remove the IDENTITY setting (if it exists).</p>
+<p><b>RC-2 and below MSSQL users</b>, please note that during the update procedure your existing forums table will be dropped and re-created. All data in standard fields will be retained. However if you have modified the forums table and added additional fields or altered existing ones these changes <b>WILL</b> be lost. If this is a significant issue for you we advise you comment out the "DROP FORUM TABLE" section in update_to_209.php and instead, manually alter the forum_id column to remove the IDENTITY setting (if it exists).</p>

-<p>Once the update_to_208 has completed you <b>MUST</b> proceed to the Administration General Configuration panel and check all the values in General Configuration. This is essential if you were running any version before RC-3 since extra information needs to be entered to enable correct URLs to be output in emails.</p>
+<p>Once the update_to_209.php has completed you <b>MUST</b> proceed to the Administration General Configuration panel and check all the values in General Configuration. This is essential if you were running any version before RC-3 since extra information needs to be entered to enable correct URLs to be output in emails.</p>

 <a name="langtempchanges"></a><h3 class="h3">6.i. Changes in language pack format and templates</h3>

@@ -192,21 +192,21 @@ p,ul,td {font-size:10pt;}

 <a name="#upgradeSTABLE_files"></a><h3 class="h3">7.ii. Changed files only</h3>

-<p>This package contains a number of archives, each contains the files changed from a given release to 2.0.8. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.6 you should select the phpBB-2.0.6_to_2.0.8.zip/tar.gz file.</p>
+<p>This package contains a number of archives, each contains the files changed from a given release to 2.0.9. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.6 you should select the phpBB-2.0.6_to_2.0.9.zip/tar.gz file.</p>

 <p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any Mods these files will overwrite the originals possibly destroying them in the process. You will need to re-add Mods to any affected file before uploading.</p>

-<p>As for the other upgrade procedures you should run <b>install/update_to_208.php</b> after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number.</p>
+<p>As for the other upgrade procedures you should run <b>install/update_to_209.php</b> after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number.</p>

 <a name="#upgradeSTABLE_patch"></a><h3 class="h3">7.iii. Patch file</h3>

 <p>The patch file is probably the best solution for those with many Mods or other changes who do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <b>patch</b> application.</p>

-<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.2 you need the phpBB-2.0.2_to_2.0.8.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.6 you need the phpBB-2.0.6_to_2.0.9.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>

 <p>If you do get failures you should look at using the <a href="#upgradeSTABLE_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Mods to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>

-<p>You should of course delete the patch file (or files) after use. As for the other upgrade procedures you should run <b>install/update_to_208.php</b> after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number.</p>
+<p>You should of course delete the patch file (or files) after use. As for the other upgrade procedures you should run <b>install/update_to_209.php</b> after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number.</p>

 <a name="#upgradeSTABLE_all"></a><h3 class="h3">7.iv. All package types</h3>

@@ -214,7 +214,7 @@ p,ul,td {font-size:10pt;}

 <a name="postinstall"></a><h2 class="h2"><u>8. Important (security related) post-Install tasks for all installation methods</u></h2>

-<p>Once you have succssfully installed phpBB 2.0.8 you <b>MUST</b> ensure you remove the entire install/ and contrib/ directories. Leaving these in place is a <u>very serious potential security issue</u> which may lead to deletion or alteration of files, etc. Please note that until these directories are remove phpBB2 will not operate and a warning message will be displayed. Beyond these <b>essential</b> deletions you may also wish to delete the docs/ directories if you wish.</p>
+<p>Once you have succssfully installed phpBB 2.0.9 you <b>MUST</b> ensure you remove the entire install/ and contrib/ directories. Leaving these in place is a <u>very serious potential security issue</u> which may lead to deletion or alteration of files, etc. Please note that until these directories are remove phpBB2 will not operate and a warning message will be displayed. Beyond these <b>essential</b> deletions you may also wish to delete the docs/ directories if you wish.</p>

 <p>With these directories deleted you should proceed to the administration panel. Depending on how the installation completed you may have been directed there automatically. If not, login as the administrator you specified during install/upgrade and click the "<b>Administration Panel</b>" link at the bottom of any page. Ensure that details specified in General -> Configuration are correct!</p>

@@ -232,7 +232,7 @@ p,ul,td {font-size:10pt;}

 <a name="safemode"></a><h3 class="h3">8.ii. Safe Mode</h3>

-<p>phpBB 2.0.8 includes support for using uploadable avatars on systems running PHP in safe mode. If this applies to your hosting service you will need to create a sub-directory called <u>tmp</u> in the directory you specified for storage of uploaded avatars (by default this is images/avatars as explained above). Give it the same access rights as for uploadable avatars above.</p>
+<p>phpBB 2.0.9 includes support for using uploadable avatars on systems running PHP in safe mode. If this applies to your hosting service you will need to create a sub-directory called <u>tmp</u> in the directory you specified for storage of uploaded avatars (by default this is images/avatars as explained above). Give it the same access rights as for uploadable avatars above.</p>

 <p>This safe mode support includes compatibility with various directory restrictions your host may impose (assuming they are not too restrictive and that the PHP installed is version 4.0.3 or later). There is generally no need for any manual setup for safe mode support it is typically handled transparantly.</p>

--- a/phpBB/docs/README.html
+++ b/phpBB/docs/README.html
@@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html">
 <meta http-equiv="Content-Style-Type" content="text/css">
-<title>phpBB 2.0.8 :: Readme</title>
+<title>phpBB 2.0.9 :: Readme</title>
 <link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
 <style type="text/css">
 <!--
@@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
 <table width="100%" border="0" cellspacing="0" cellpadding="0">
 	<tr>
 		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
-		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.8 README</span></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.9 README</span></td>
 	</tr>
 </table>

@@ -84,7 +84,7 @@ p,ul,td {font-size:10pt;}

 <p>If your language is not available please visit our forums where you will find a topic listing translations currently available or in preparation. This topic also gives you information should you wish to volunteer to translate a language not currently listed</p>

-<p><b>Please note</b> that users who have upgraded to 2.0.8 from versions prior to RC-3 should will <b>need</b> to download new versions of the language/subSilver image packs. Any package downloaded prior to the availability of RC-3 will <b>not</b> function correctly with this version of phpBB 2.</p>
+<p><b>Please note</b> that users who have upgraded to 2.0.9 from versions prior to RC-3 should will <b>need</b> to download new versions of the language/subSilver image packs. Any package downloaded prior to the availability of RC-3 will <b>not</b> function correctly with this version of phpBB 2.</p>

 <p>If you have upgraded from 2.0.0 and make use of non-English language packs you will benefit from downloading updated versions which will become available shortly. These introduce a number of strings which went missing from the first version plus a few updates and additions.</p>