• Home
  • Search
    •  
  • Login
    • Username: Password:

      Did you miss your activation email?

Author Topic: Forum update 29 August 2017  (Read 258 times)

0 Members and 1 Guest are viewing this topic.

Offline BorisTopic starter

  • Allstarlegends Owner
  • Administrator
  • Loyal Member
  • *********
  • Posts: 2205
  • Total likes: 1030
  • Reputation: 84
  • Gender: Male
    • Facebook page.
Forum update 29 August 2017
« on: August 29, 2017, 09:01:16 PM »
After player @iireapzz reported to @Jesus Christ he found some flaws in our forum infrastructure,
I have upgraded our forum to the latest smf version from 2.0.12 to 2.0.14.
Here is the update list from smf:


Code: [Select]
SMF 2.0.14
    May 14, 2017
===============================================================================
 ! Updating session handlers
 ! Adding HTTPS
 ! fetch_web_data now uses cURL, falling back to sockets
 ! Ported image proxy support from SMF 2.1
 ! Also added HTTPS for avatars
 ! Added a simple exception handler
 ! Check session while logging in
 ! Sanitize some fields to help guard against XSS
 ! Validate email addresses with PHPís filter method
 ! Fix search highlighting to not mangle/expose some HTML
 ! Fix password acceptance when special characters were used in UTF-8;
 ! Correct some random logic errors in the profile area
 ! Use ampersands instead of semi-colons for PayPalís return link
 ! Fix sending multiple MIME-Version headers in notification mail
 ! Fix sending multipel Content-Type headers in all requests

SMF 2.0.13     January 4, 2017
===============================================================================
 ! Some file versions didn't get modified in the 2.0.12 patch
 ! Added check and sanitization for $_REQUEST['u'] in LogInOut.php and Reminder.php
 ! Added check and sanitization for $_REQUEST['uid'] in Reminder.php
 ! Properly sanitize author's website for packages
 ! Added session check when uploading packages
 ! Added session check when copying template files from one theme to another
 ! The code to remove empty BBCode was sometimes breaking things (reported by @rjen; fix provided by Sesquipedalian)
 ! Remove hardcoded limits for safe_unserialize as it was causing cache problems
 ! Update the cal_max_year setting to 2030

Offline Twitch

  • In-game Support
  • Full Member
  • *******
  • Posts: 839
  • Total likes: 19
  • Reputation: 10
  • Gender: Male
  • Kik: Lamp_Post
Re: Forum update 29 August 2017
« Reply #1 on: August 29, 2017, 11:05:19 PM »
Can't forget the forums when it comes to updates! Nice work Boris. Thanks for dedicating time to the server on top of your busy work day.

Offline Jesus Christ

  • High.. How can I help?
  • Administrator
  • Full Member
  • *********
  • Posts: 548
  • Total likes: 171
  • Reputation: 13
  • Gender: Male
  • Put this on your tongue ARE YOU HIGH YET?
Re: Forum update 29 August 2017
« Reply #2 on: August 29, 2017, 11:29:48 PM »
Thank you Boris for taking the time to remember our back bone :)


Spoiler: show















Offline Eriax

  • The Krooked
  • Trusted
  • Loyal Member
  • *******
  • Posts: 1925
  • Total likes: 709
  • Reputation: 28
  • Gender: Male
Re: Forum update 29 August 2017
« Reply #3 on: August 30, 2017, 06:09:44 AM »
Glad to see our forums being more secured.




Offline iireapzz

Re: Forum update 29 August 2017
« Reply #4 on: August 31, 2017, 10:39:58 PM »
I'd like to thank @Jesus Christ for hearing me out, otherwise this problem wouldn't have come to light... and I have sent you the screenshots of what needs to be done to protect the website :) @Boris