PunBB v1.2.15 released

hcgtv · 2007-04-11 20:06:52

Mary,

A new version of PunBB has been released:

Beefed up the referrer check in admin/options.
Fixed a bunch of path disclosures.
Fixed possible e-mail reset annoyance.
Fixed XSS vulnerability involving HTTP_REFERER when sending form e-mail.
Moved template tag replacement of pun_include to the top of all replacements to prevent exploitation via XSS vulnerabilities. On top of this, all included files must have one of the file extensions .php, .php4, .php5, .inc, .html, .htm or .txt.
Made sure the profile field URL actually starts with “http://”.
Fixed XSS vulnerability when deleting a category (admin only).
Fixed unregister_globals() not being called when ini_get() fails due to being disabled in php.ini.
Added missing xmlns attribute to html tag in several files.
Stricter permission checks for moderate.php.
Fixed two PostgreSQL bugs.
Fixed topics appearing multiple times in certain searches.
Fixed “Mark topics as read” failing after timeout.
Fixed users appearing multiple times in the online list.
Fixed disabling “Search All Forums” not actually removing the ability to search all forums.
Fixed non-integer timezones being truncated (e.g. +3.5 -> +3) when registering.
Optimized a query in search.
Fixed online indicator not displaying properly in IE7.

Of importance to the visual display of the TxP forums is the fix for redirect topics showing up on the New Posts search twice.

Mary · 2007-04-12 21:41:40

I’m aware; I’m subscribed to the mailing list.

hcgtv · 2007-04-12 21:48:28

Yes, but sometimes Rickard forgets to send the email out :)

Mary · 2007-04-15 01:00:54

Updated.

Textpattern CMS