John
Wed 6th Mar '02, 6:44pm
vBulletin 2.2.3c
vBulletin 2.2.3c is a small but very important upgrade. It fixes a number of small bugs, but more importantly it fixes a potential XSS (Cross-site scripting) issue. We seriously recommend that you upgrade immediately, most importantly your functions.php and global.php files.
If you have had problems with attachments or since your host patched the recent security hole in PHP, please be sure to follow the instructions here:
http://www.vbulletin.com/forum/showthread.php?s=&threadid=41098
Backing up forums
Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.
New Installation Instructions
For fresh installations, you must run the install.php file in the admin directory. Before you do this, take the config.php.new file, edit it to contain your details, then upload it as config.php to the server.
Then you can run through the install.php script in much the same way as old install scripts. More detailed instructions are in the vBulletin online manual:
http://www.vbulletin.com/manual/
Upgrade instructions:
>From 1.1.x: and 2.0.3 or before:
Please email me at john@vbulletin.com for full information. Please be sure to include your vBulletin customer number and password, and the URL of the forum you are upgrading.
> From 2.2.0
Upload all the files except install.php, then load up the following web pages:
http://your.site/forums/admin/upgrade14.php
http://your.site/forums/admin/upgrade15.php
http://your.site/forums/admin/upgrade16.php
When you are done, be sure to delete all the upgradex.php scripts.
> From 2.2.1
Upload all the files except install.php, then load up the following web pages:
http://your.site/forums/admin/upgrade15.php
http://your.site/forums/admin/upgrade16.php
When you are done, be sure to delete all the upgradex.php scripts.
> From 2.2.2
Upload all the files except install.php, then load up the following web page:
http://your.site/forums/admin/upgrade16.php
When you are done, be sure to delete all the upgradex.php scripts.
Changed Templates
Note: Upgrading will not overwrite any of your custom templates. If you have customized any template that is listed as 'modified' below, we seriously recommend using the 'revert' option to return them to the default template, then re-applying your customizations.
Modified templates
Postbit_signature - added in a newline character
forumhome, navbar - minor javascript changes
editpost, modifyavatar, newreply, newthread -- enctype="multipart/form-data" was replaced with $enctype
You can view the new templates from in the control panel by clicking on the 'view original' next to your custom template.
Bug Fixes
Problem with being able to post custom avatars even when they should be disabled.
Fixed a few typos
Fixed problem with using { with Disable smilies
Fixed problem with mass-pruning users
Fixed performance issue with forumdisplay
Fixed issue causing postings not to work when file uploads were off
Fixed a couple of security issues, including one XSS vulnerability. We recommend that you upgrade, especially your functions.php and global.php files
Fixed issue with template cache
In conclusion...
Get to that members area!
John
To discuss this, please post here:
http://www.vbulletin.com/forum/showthread.php?threadid=41255
vBulletin 2.2.3c is a small but very important upgrade. It fixes a number of small bugs, but more importantly it fixes a potential XSS (Cross-site scripting) issue. We seriously recommend that you upgrade immediately, most importantly your functions.php and global.php files.
If you have had problems with attachments or since your host patched the recent security hole in PHP, please be sure to follow the instructions here:
http://www.vbulletin.com/forum/showthread.php?s=&threadid=41098
Backing up forums
Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.
New Installation Instructions
For fresh installations, you must run the install.php file in the admin directory. Before you do this, take the config.php.new file, edit it to contain your details, then upload it as config.php to the server.
Then you can run through the install.php script in much the same way as old install scripts. More detailed instructions are in the vBulletin online manual:
http://www.vbulletin.com/manual/
Upgrade instructions:
>From 1.1.x: and 2.0.3 or before:
Please email me at john@vbulletin.com for full information. Please be sure to include your vBulletin customer number and password, and the URL of the forum you are upgrading.
> From 2.2.0
Upload all the files except install.php, then load up the following web pages:
http://your.site/forums/admin/upgrade14.php
http://your.site/forums/admin/upgrade15.php
http://your.site/forums/admin/upgrade16.php
When you are done, be sure to delete all the upgradex.php scripts.
> From 2.2.1
Upload all the files except install.php, then load up the following web pages:
http://your.site/forums/admin/upgrade15.php
http://your.site/forums/admin/upgrade16.php
When you are done, be sure to delete all the upgradex.php scripts.
> From 2.2.2
Upload all the files except install.php, then load up the following web page:
http://your.site/forums/admin/upgrade16.php
When you are done, be sure to delete all the upgradex.php scripts.
Changed Templates
Note: Upgrading will not overwrite any of your custom templates. If you have customized any template that is listed as 'modified' below, we seriously recommend using the 'revert' option to return them to the default template, then re-applying your customizations.
Modified templates
Postbit_signature - added in a newline character
forumhome, navbar - minor javascript changes
editpost, modifyavatar, newreply, newthread -- enctype="multipart/form-data" was replaced with $enctype
You can view the new templates from in the control panel by clicking on the 'view original' next to your custom template.
Bug Fixes
Problem with being able to post custom avatars even when they should be disabled.
Fixed a few typos
Fixed problem with using { with Disable smilies
Fixed problem with mass-pruning users
Fixed performance issue with forumdisplay
Fixed issue causing postings not to work when file uploads were off
Fixed a couple of security issues, including one XSS vulnerability. We recommend that you upgrade, especially your functions.php and global.php files
Fixed issue with template cache
In conclusion...
Get to that members area!
John
To discuss this, please post here:
http://www.vbulletin.com/forum/showthread.php?threadid=41255