phpBB 2.0.16 released !

2.0.16 有安全性修正 , 而且在最常被存取的 viewtopic.php :

$message = str_replace('"', '"', substr(@preg_replace('#(>(((?>([^>< ]+|(?R)))*)<))#se', "@preg_replace('#b(" . str_replace('\', '\\', $highlight_match) . ")b#i', '<span style="color:#" . $theme['fontcolor3'] . ""><b>\\1</b>', '\0')", '>' . $message . '< '), 1, -1));

改為

$message = str_replace('"', '"', substr(@preg_replace('#(>(((?>([^>< ]+|(?R)))*)<))#se', "@preg_replace('#b(" . str_replace('\', '\\', addslashes($highlight_match)) . ")b#i', '<span style="color:#" . $theme['fontcolor3'] . ""><b>\\1</b>', '\0')", '>' . $message . '< '), 1, -1));

更新範圍列表如下 :

• Fixed critical issue with highlighting – Discovered and fix provided by Ron van Daal



• Url descriptions able to be wrapped over more than one line again



• Fixed bug with eAccelerator in admin_ug_auth.php



• Check new_forum_id for existence in modcp.php – alessnet



• Prevent uploading avatars with no dimensions – Xpert



• Fixed bug in usercp_register.php, forcing avatar file removal without updating avatar informations within the database – HenkPoley



• Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set

官方公告 在此 .

竹貓星球 也發出了 這篇公告 .