Dave’s Ramblings

Two bugs found in the phpBB 2.0.12 code need to be patched immediately.
They are posted here on the Official Announcement page.

Just two lines of code need to be changed, but they are critical bugs! I’ll say it again, upgrade immediately. No database changes required.
Open includes/sessions.php



Find:

Code:

if( $sessiondata[’autologinid’] == $auto_login_key )

Replace with: Code: if( $sessiondata[’autologinid’] === $auto_login_key )

Open viewtopic.php

Find:

$message = str_replace(’”‘, ‘”‘, substr(preg_replace(’#(\>(((?>([^><]+|(?R)))*)\<))#se’, “preg_replace(’#\b(” . $highlight_match . “)\b#i’, ‘\1’, ”)”, ‘>’ . $message . ‘<’), 1, -1));

Replace with:
Code:

$message = str_replace(’”‘, ‘”‘, substr(@preg_replace(’#(\>(((?>([^><]+|(?R)))*)\<))#se’, “preg_replace(’#\b(” . $highlight_match . “)\b#i’, ‘\1’, ”)”, ‘>’ . $message . ‘<’), 1, -1));

3 Responses

Mere_Mortal Says:
March 1st, 2005 at 1:26 am

Hi =) You should alter the above code asap before people copy/paste and apply it to their viewtopic.php.

As you can see, there is a certain bit of text that is emboldened. This is because the code has the relevant html bold tags. Because the webpage parses this, it does not display. There is also other data missing due to this problem. Note that this is the correct rewrite (I hope the webpage will parse this as I expect it to. If &lt followed by a ; shows, it should be a less than bracket)…

$message = str_replace(’”‘, ‘”‘, substr(@preg_replace(’#(\>(((?>([^><]+|(?R)))*)\<))#se’, “preg_replace(’#\b(” . $highlight_match . “)\b#i’, ‘\1’, ”)”, ‘>’ . $message . ‘<’), 1, -1));

Mere_Mortal Says:
March 1st, 2005 at 1:28 am

It appears to have parsed correctly in this instance. Note the bold and span arguments in the code. These were previously parsed by the server.

Dave Says:
March 1st, 2005 at 10:41 am

Mere_Mortal, Good catch! And thanks, it looks like there are a couple of bugs in the [code] tags for the new wordpress that need to be looked into.

3 Responses

Leave a Comment

Archived Entry