Announcement

Collapse
No announcement yet.

vBulletin 3.5.2 Released

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin 3.5.2 Released

    vBulletin 3.5.2

    vBulletin 3.5.2 is primarily a standard bug-fix/maintenance release for the vBulletin 3.5 series. However, this release includes fixes for two potential XSS (cross site scripting) security issues. If you do not upgrade, it is very important to at least patch your board. Please see the end of this post for patch instructions.

    Note: one of the two XSS issues stems from a minor PHP bug. It will be fixed in PHP versions 4.4.2 and 5.1.2.

    If you are currently running vBulletin 3.0.x, please see the 3.0.11 announcement.

    Installing or Upgrading vBulletin

    Please see the appropriate manual sections: Installing vBulletin and Upgrading vBulletin.

    Note that the process is the same as it was in the 3.0.x series. However you must redo your config.php if you are upgrading from 3.0.x!

    Bug Reports

    You may report bugs by clicking here. Before reporting a bug, please attempt to recreate the bug on a default, uncustomized style (especially if your errors are JavaScript related). Additionally, if you have used the plugins/products system at all, please attempt to recreate the issue with the plugins system disabled!

    Patching Instructions

    To patch your vBulletin 3.5.0 or 3.5.1 installation, download the zip file attached to this announcement. When you extract this zip, you will find an includes directory that contains two files. Using FTP, connect to the server hosting your vBulletin and browse to the includes directory of your installation. Upload the two files found in the patch into this directory -- if you have done this correctly, they will overwrite existing files. Your board is now secure.

    Note: if you cannot download the patch, please see this thread.
    Attached Files

  • #2
    3.5.2 Changes of Note

    Skype integration
    You may now enter your Skype username, in addition to AIM, ICQ, MSN, and Yahoo. Calls, chats, and more may be initiated through vBulletin. Click here for more info

    Natural language search improved
    Natural language search (using MySQL's fulltext engine) should now return more relevant results, particularly when searching in a limited number of forums.

    Getnew/getdaily now return threads in forums with "Can View Thread Content" set to no
    These thread titles will now appear when clicking "New Posts" or getting posts in the last 24 hours.

    IP banning is much improved
    IP banning is now much more accurate when dealing with incomplete octets. Additionally, you may now use * as a wildcard at any place in the IP address.

    Administrators may leave users' emails blank
    Even if unique email addresses are required, administrators may make any number of users' emails blank to prevent mail from being sent to them.

    Yes/No radio buttons changed back to horizontal orientation
    The line break added between the yes and no options in the admin control panel has been removed. Yes/no rows will now look as they did in previous versions.

    Comment


    • #3
      Templates Changed from 3.5.1

      The are the template changes since 3.5.1 ONLY

      If you are not running 3.5.1 yet, there are significantly more changed templates than are listed here. Use "Find Updated Templates" to find the templates that have changed and incorporate those changes. You may even wish to start with a default style!

      Note:
      You need to only look through this post for templates you have customized. You do not need to take any action to ensure that your uncustomized templates are the latest versions.

      If you find a template you have customized in this list, you will likely want to include the changes made here. However, this is not always required. Under each change listed here, you will see "requires revert?" This refers to whether the changes are mandatory (yes). If the changes are mandatory, things will break if you do not incorporate the changes made. It is strongly recommended that you revert and recustomize any templates that say they require a revert.

      Additionally, you may wish to use the "Find Updated Template" feature in the control panel to find templates that have been changed since your last edit to them.

      -----------------------------------------------------

      MEMBERINFO

      Added Skype links underneath existing Yahoo! links

      whosonlinebit
      memberlist_resultsbit

      Added $userinfo[skypeicon] after $userinfo[yahooicon]

      postbit
      postbit_legacy

      Added $post[skypeicon] after $post[yahooicon]

      memberlist_search
      modifyprofile

      Added skype input field underneath existing IM input fields. Also added IM images before input fields.

      register_coppaform


      Added Skype name.

      Requires revert? Yes (if you want Skype integration)




      navbar

      Changed all instances of
      HTML Code:
      <if condition="$bbuserinfo['userid']">
      to
      HTML Code:
      <if condition="$show['member']">
      Requires Revert: Yes, if you don't want the logout page to show "Welcome User"




      calendar_edit
      editpost
      newpoll
      newreply
      newthread
      pm_newpm
      usernote_note


      Added conditions to hide the checkbox "Automatically parse links" if BBCode is disabled.

      Requires revert: Yes (if you want this functionality)




      MEMBERINFO

      Unclosed table cell tags:

      <td>$vbphrase[icq]<td> change to <td>$vbphrase[icq]</td>
      <td>$vbphrase[aim]<td> change to <td>$vbphrase[aim]</td>
      <td>$vbphrase[msn]<td> change to <td>$vbphrase[msn]</td>
      <td>$vbphrase[yahoo]<td> change to <td>$vbphrase[yahoo]</td>

      Requires Revert? Suggested




      reputation

      Above
      HTML Code:
      </body>
      add
      HTML Code:
      $footer
      Requires Revert? No.




      im_send_yahoo
      im_send_msn
      im_send_aim
      im_send_icq


      Added the medium icon for each IM type to the template. Cosmetic only.

      Requires revert? No.




      contactus
      register

      Change
      HTML Code:
      <input type="text" class="bginput" name="imagestamp" size="50" maxlength="6" value="$imagestamp" />
      to
      HTML Code:
      <input type="text" class="bginput" name="imagestamp" size="50" maxlength="6"  />
      Requires Revert? No




      search_results

      Changed layout of inline moderation comboboxto match with SHOWTHREAD and FORUMDISPLAY

      Requires Revert? No




      MEMBERINFO

      Replaced hardcoded CSS (18pt username) with the bigusername class.

      Requires Revert? No




      lostpw
      register_activateemail


      Added dir="ltr" to eMail input controls.

      Requires revert? No

      Comment


      • #4
        Bugs fixed and files changed since 3.5.1

        You can view a list of bugs fixed between 3.5.1 and 3.5.2 using this link:
        Bugs List

        Files changed from 3.5.1 to 3.5.2
        • /
          • announcement.php
          • attachment.php
          • calendar.php
          • cron.php
          • editpost.php
          • external.php
          • image.php
          • index.php
          • inlinemod.php
          • login.php
          • member.php
          • memberlist.php
          • newreply.php
          • newthread.php
          • online.php
          • poll.php
          • postings.php
          • private.php
          • profile.php
          • register.php
          • reputation.php
          • search.php
          • sendmessage.php
          • showpost.php
          • showthread.php
          • usercp.php
          • usernote.php

        • admincp/
          • admincalendar.php
          • attachment.php
          • image.php
          • index.php
          • options.php
          • queries.php
          • subscriptions.php
          • template.php
          • thread.php
          • user.php
          • usergroup.php
          • usertools.php

        • clientscript/
          • vbulletin_ajax_namesugg.js
          • vbulletin_quick_reply.js

        • images/misc/
          • im_skype.gif
          • skype_addcontact.gif
          • skype_callstart.gif
          • skype_fileupload.gif
          • skype_info.gif
          • skype_message.gif
          • skype_voicemail.gif

        • includes/
          • adminfunctions.php
          • adminfunctions_options.php
          • adminfunctions_template.php
          • adminfunctions_user.php
          • class_bbcode.php
          • class_bitfield_builder.php
          • class_core.php
          • class_dm.php
          • class_dm_attachment.php
          • class_dm_moderator.php
          • class_dm_threadpost.php
          • class_dm_user.php
          • class_image.php
          • class_mail.php
          • class_paid_subscription.php
          • class_postbit.php
          • class_upload.php
          • functions.php
          • functions_calendar.php
          • functions_databuild.php
          • functions_digest.php
          • functions_newpost.php
          • functions_online.php
          • functions_regimage.php
          • functions_search.php
          • functions_user.php
          • init.php
          • vbulletin_credits.php
          • xml/
            • bitfield_vbulletin.xml
            • hooks_vbulletin.xml

        • install/ - assume all files have changed
        • modcp/
          • moderate.php
          • user.php

        Comment


        • #5
          Discussion Link

          Please click here to discuss the release of vBulletin 3.5.2.

          Comment


          • #6
            Package Updated

            As of this post, the package was updated to include a fix for daily/weekly digests. Includes/functions_digest.php was changed. Please see this bug report for more information.

            Additionally, includes/functions_newpost.php was changed. See this bug. This issue will not affect most boards.

            Comment


            • #7
              Just bumping this above the eBulletin.

              Comment


              • #8
                Paid Subscription Bug

                If you are having a problem with paid subscriptions causing a database error in 3.5.2 (see this bug for more information), you may wish to use the attached version of includes/class_paid_subscription.php.

                If you do not use paid subscriptions, you will not be affected by this bug.

                The members' area version now includes this fix.
                Attached Files

                Comment


                • #9
                  vBulletin 3.5.x supports saving profile pictures in the file system. If you are upgrading from vBulletin 3.0.x and you currently have Custom Avatars stored in the filesystem, you need to move them back into the database and then move them back out to the filesystem. This will also move profile pictures out to the filesystem. If you don't do this, your users will need to reupload their profile pictures.

                  Comment

                  Related Topics

                  Collapse

                  Working...
                  X