vBulletin 2.2.7 Released

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • John
    Senior Member
    • Apr 2000
    • 4042

    vBulletin 2.2.7 Released

    vBulletin 2.2.7

    vBulletin 2.2.7 includes several bug-fixes, particularly to help people who have had problems with cookies. There is also a small security fix associated with the safe mode uploads setting in vBulletin. If you have that option enabled, we recommend you upgrade as soon as possible.

    This release is now the stable release.

    Backing up forums

    Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.

    Installation / Upgrade Instructions

    These are available in the Members Area.

    Templates changed: (from 2.2.6)
    • error_useralreadyvote - fixed a typo
    • footer - copyright didn't include 2002
    • forumhome - changed an image
    • modifyprofile - incorrect signature variable used
    • quotereply - added a space on the end
    • showthread_polloptions - changed form method to POST to fix issue with sessions expiring. Important!
    • showthread_adminoptions - changed form method to POST to fix issue with sessions expiring. Important!


    Bug Fixes
    • Main Directory
    • Announcement.php; corrected call to get no permission template
    • Avatar.php; fix issue with error reporting set to E_ALL
    • Member.php; fixed issue where a guest logging out would remove all other guest sessions
    • Newreply.php; fixed issue with the thread title not being unhtmlspecialchars()'d for emails
    • Newreply.php; fixed issue with logging in while posting
    • Newreply.php; fixed issue with unregistered users being able to use usernames they shouldn't be able to use
    • Newthread.php; fixed issue with logging in while posting
    • Newthread.php; fixed issue with unregistered users being able to use usernames they shouldn't be able to use
    • Online.php; action=usub event now caught
    • Online.php; private calendar events are no longer displayed (it will simply say "Viewing Calendar")
    • Poll.php; fixed issue with a permission check
    • Poll.php; fixed issue with sessions expiring. See template changes.
    • Postings.php; fixed issue with sessions expiring. See template changes.
    • Postings.php; fixed bug where redirection when making a thread invisible or deleting all posts
    • Postings.php; fixed issue where thread subscriptions are not maintained when merging
    • Private.php; fixed issue with PM receipt checking being over zealously applied when forwarding a message
    • Register.php; fixed issue with setting the user title while validating your account
    • Search.php; fixed issue where hot threads could not be turned off
    • Search.php; fixed issue where a bit of post under moderation could be viewed through a search
    • Search.php; fixed issue where a bit of post/thread title in a private forum could be viewed through a search
    • Showthread.php; fixed issue where $perpage could be set to a large number
    • Admin Directory:
    • Admin/announcement.php; fixed issue where announcement author changes on edit
    • Admin/announcement.php; fixed bug where vB code setting was ignored (always set to no) on edit
    • Admin/bbimport.php; fixed issue with poll information not being escaped correctly
    • Admin/forum.php; readded note about inheritance of settings
    • Admin/functions.php; fixed issue with *s in URLs
    • Admin/functions.php; fixed a bug in getpermissions() that caused it to return NULL
    • Admin/functions.php; fixed issue causing a database error in updateforumcount()
    • Admin/functions.php; fixed a bug causing attachments used as references to be deleted when they shouldn't be
    • Admin/functions.php; fixed a bug causing updateforumcount() to update incorrectly at times
    • Admin/sessions.php; new workaround for issues with AOL and proxy servers
    • Admin/user.php; fixed bug causing nosessionhash setting to be ignored when adding a user
    • Admin/user.php; fixed issue causing a user not to have a user title when added through the control panel
    • Mod Directory:
    • Mod/announcement.php; see admin/announcement.php
    • Mod/moderate.php; fixed issue with thread titles being double-htmlspecialchars()'d
    • Mod/user.php; fixed issue causing the user's title not to be updated when they are banned
    • Wide Changes:
    • Global.php, newreply.php, newthread.php, admin/db_mysql.php, admin/functions.php, admin/global.php, mod/global.php; fix getenv() issue with ISAPI
    • Forumdisplay.php, index.php member2.php, poll.php, search.php, showthread.php, threadrate.php, usercp.php, admin/functions.php; changed array cookie storage format to fix issues with staying logged in


    Improvements
    • PNG Avatars are now supported
    • Improved header handling in avatar.php


    Files changed: (from 2.2.6)
    • Main Directory: announcement.php, avatar.php, forumdisplay.php, global.php, index.php, member.php, member2.php, newreply.php, newthread.php, online.php, poll.php, postings.php, private.php, register.php, search.php, showthread.php, threadrate.php, usercp.php
    • Admin Directory: admin/announcement.php, admin/bbimport.php, admin/db_mysql.php, admin/forum.php, admin/functions.php, admin/global.php, admin/sessions.php, admin/user.php
    • Mod Directory: mod/announcement.php, mod/global.php, mod/moderate.php, mod/user.php
    • And the usuals (all for just the version number): admin/global.php, admin/install.php, admin/upgrade1.php, admin/upgrade20.php


    DB Schema Changes
    • Added session.althash


    In conclusion...

    Go and upgrade! This release includes important fixes for everyone, and we would recommend that you upgrade as soon as possible. vBulletin 3 is on its way, but is not stable for production use yet, so we would recommend that you upgrade to this version for the time being.

    John
    Last edited by John; Fri 30 Aug '02, 3:09am.
    John Percival

    Artificial intelligence usually beats real stupidity ;)
  • John
    Senior Member
    • Apr 2000
    • 4042

    #2
    To fix the security issue manually, change line 1684 of admin/functions.php from:
    PHP Code:
          $path "$tmppath/$attachment_name"
    to:
    PHP Code:
          $path "$tmppath/vba".substr(uniqid(microtime()),-8); 
    Additionally, the following changes should be made to member.php. Above line 1044 which is:
    PHP Code:
    $filenum=@fopen($avatarurl,"rb"); 
    Add:
    PHP Code:
    if (!preg_match('#^(https?|ftp)://#i'$avatarurl)) { 
                eval(
    "standarderror(\"".gettemplate("error_avatarbadurl")."\");");; 
              } 
    Finally line 1088 of member.php change from:
    PHP Code:
    $path "$tmppath/$avatarfile_name"
    to:
    PHP Code:
    $path "$tmppath/vba".substr(uniqid(microtime()),-8); 
    Last edited by John; Tue 27 Aug '02, 7:25am.
    John Percival

    Artificial intelligence usually beats real stupidity ;)

    Comment

    • John
      Senior Member
      • Apr 2000
      • 4042

      #3
      There were a few minor changes between the release candidate and the final stable release:
      • printthread template - updated copyright
      • admin/global.php , admin/index.php - updated copyright
      • admin/install.php - updated version number
      • admin/forumpermission.php - make sure session variable is available (non-critical)
      • mod/user.php - fixed a few problems surrounding banning users
      Last edited by John; Fri 30 Aug '02, 6:10am.
      John Percival

      Artificial intelligence usually beats real stupidity ;)

      Comment

      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
      Working...