+-------------------------------------------------------------------------------------------------+ | MyBB 1.2.11 - Security Update Patch File | | (c) 2008 MyBB Group. Translated by mybboard.pl team. | | | | Oto łatka, która naprawia kilka błędów zwišzanych z bezpieczeństwem w MyBB 1.2.10 | | | | Postępuj zgodnie z instrukcjami podanymi poniżej, by ręcznie przeprowadzić aktualizację. | +-------------------------------------------------------------------------------------------------+ =============== 1. forumdisplay.php =============== ZnajdŸ: -- $sortfield = "t.lastpost"; -- Zamień na: -- $sortfield = "t.lastpost"; $sortby = "lastpost"; -- =============== 2. search.php =============== ZnajdŸ: -- if($search['resulttype'] == "threads") { $sortfield = "t.lastpost"; } else { $sortfield = "p.dateline"; } -- Zamień na: -- if($search['resulttype'] == "threads") { $sortfield = "t.lastpost"; } else { $sortfield = "p.dateline"; } $sortby = 'lastpost'; -- =============== 3. moderation.php =============== -- ZnajdŸ: -- case "allreports": if(is_moderator() != "yes") { error_no_permission(); } -- Zamień na: -- case "allreports": if(is_moderator() != "yes") { error_no_permission(); } $mybb->input['rid'] = intval($mybb->input['rid']); - ZnajdŸ: -- $threadlist = explode("|", $mybb->input['threads']); foreach($threadlist as $tid) { $tids[] = $tid; } -- Zamień na: -- $threadlist = explode("|", $mybb->input['threads']); foreach($threadlist as $tid) { $tids[] = intval($tid); } -- =============== 4. admin/usergroups.php =============== ZnajdŸ: -- $uids = implode(",", $uidin); $db->query("DELETE FROM ".TABLE_PREFIX."joinrequests WHERE uid IN($uids) AND gid='{$mybb->input['gid']}'"); -- Zamień na: -- $uids = implode(",", array_map("intval", $uidin)); $db->query("DELETE FROM ".TABLE_PREFIX."joinrequests WHERE uid IN($uids) AND gid='".intval($mybb->input['gid'])."'"); -- =============== 5. inc/class_core.php (Version number change) =============== ZnajdŸ: -- /** * The friendly version number of MyBB we're running. * * @var string */ var $version = "1.2.10"; /** * The version code of MyBB we're running. * * @var integer */ var $version_code = 1210; -- Zamień na: -- /** * The friendly version number of MyBB we're running. * * @var string */ var $version = "1.2.11"; /** * The version code of MyBB we're running. * * @var integer */ var $version_code = 1211; -- =============== 6. inc/class_moderation.php =============== ZnajdŸ: -- $pidin = implode(",", $pids); -- Zamień na: -- $pidin = implode(",", array_map("intval", $pids)); -- GOTOWE