+ - Changes since 2.0.21
- Changes since 2.0.20
- Changes since 2.0.19
- Changes since 2.0.18
@@ -66,7 +67,23 @@ p,ul,td {font-size:10pt;}
This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.
-l.i. Changes since 2.0.20
+l.i. Changes since 2.0.21
+
+
+- [Fix] Check for user's existence prior to showing email form
+- [Fix] New members of moderator groups should always become moderators (Bug #382)
+- [Fix] Proper message when replying to non-existant topics (Bug #459)
+- [Fix] Changed column type of search_array to store more ids (Bug #4058)
+- [Fix] Fixed annoyance with font-size selector (Bug #4612)
+- [Fix] Fix optimize line in database updater (Bug #6186)
+- [Sec] Check for the avatar upload directory reinforced
+- [Sec] Changes to the criteria for "bad" redirection targets - kellanved
+- [Sec] Fixed a non-persistent XSS issue in private messaging
+- [Sec] Fixing possible negative start parameter - SpiderZ.
+- [Sec] Added session checks to various forms - kellanved
+
+
+l.ii. Changes since 2.0.20
- [Fix] Changes to random number generator code to explicitly truncate the length of the string
@@ -83,7 +100,7 @@ p,ul,td {font-size:10pt;}
-l.ii. Changes since 2.0.19
+l.iii. Changes since 2.0.19
- [Fix] Prevent login attempts from incrementing for inactive users
@@ -116,7 +133,7 @@ p,ul,td {font-size:10pt;}
-l.iii. Changes since 2.0.18
+l.iv. Changes since 2.0.18
- [Fix] corrected index on session keys table under MS SQL
@@ -135,7 +152,7 @@ p,ul,td {font-size:10pt;}
-l.iv. Changes since 2.0.17
+l.v. Changes since 2.0.17
- [Fix] incorrect handling of password resets if admin activation is enabled (Bug #88)
@@ -183,7 +200,7 @@ p,ul,td {font-size:10pt;}
- [Sec] compare imagetype on avatar uploading to match the file extension from uploaded file
-l.v. Changes since 2.0.16
+l.vi. Changes since 2.0.16
- Added extra checks to the deletion code in privmsg.php - reported by party_fan
@@ -199,7 +216,7 @@ p,ul,td {font-size:10pt;}
- Correctly set username on posts when deleting a user from the admin panel
-l.vi. Changes since 2.0.15
+l.vii. Changes since 2.0.15
- Fixed critical issue with highlighting - Discovered and fix provided by Ron van Daal
@@ -211,7 +228,7 @@ p,ul,td {font-size:10pt;}
- Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set
-l.vii. Changes since 2.0.14
+l.viii. Changes since 2.0.14
- Fixed moderator status removal in groupcp.php
@@ -233,7 +250,7 @@ p,ul,td {font-size:10pt;}
- Empty url/img bbcodes no longer get parsed
-l.viii. Changes since 2.0.13
+l.ix. Changes since 2.0.13
- Hardened author and keyword search a bit to not allow very server intensive searches
@@ -250,7 +267,7 @@ p,ul,td {font-size:10pt;}
- Fixed case-sensitivity issues in postgres7.php - R45
-l.ix. Changes since 2.0.12
+l.x. Changes since 2.0.12
- Ommitted preg_replace warning in viewtopic due to improper working of preg_quote in PHP - originally reported by matrix_killer, fix submitted by another party
@@ -258,7 +275,7 @@ p,ul,td {font-size:10pt;}
- Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.
-l.x. Changes since 2.0.11
+l.xi. Changes since 2.0.11
- Added confirm table to admin_db_utilities.php
@@ -273,7 +290,7 @@ p,ul,td {font-size:10pt;}
- Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - matrix_killer
-l.xi. Changes since 2.0.10
+l.xii. Changes since 2.0.10
- Fixed vulnerability in highlighting code (very high severity, please update your installation as soon as possible)
@@ -284,7 +301,7 @@ p,ul,td {font-size:10pt;}
- Added visual confirmation mod to code base
-l.xii. Changes since 2.0.9
+l.xiii. Changes since 2.0.9
- Fixed deleting of styles in admin_styles.php
@@ -297,7 +314,7 @@ p,ul,td {font-size:10pt;}
- Fixed visual confirmation code. The image was not created due to a wrong regular expression.
-l.xiii. Changes since 2.0.8
+l.xiv. Changes since 2.0.8
- Fixed one vulnerability in admin_board.php - Xore
@@ -316,7 +333,7 @@ p,ul,td {font-size:10pt;}
- Fixed problem with SID not delivered to next page in groupcp.php
-l.xiv. Changes since 2.0.7
+l.xv. Changes since 2.0.7
- Fixed several vulnerabilities in admin pages
@@ -328,7 +345,7 @@ p,ul,td {font-size:10pt;}
- Fixed sql injection vulnerability in privmsg - 2.0.8a
-1.xv. Changes since 2.0.6
+1.xvi. Changes since 2.0.6
- Fixed several vulnerabilities in modcp - Robert Lavierck
@@ -342,7 +359,7 @@ p,ul,td {font-size:10pt;}
- Fixed potential vulnerability in avatar gallery
-1.xvi. Changes since 2.0.5
+1.xvii. Changes since 2.0.5
- Fixed various email issues
@@ -358,7 +375,7 @@ p,ul,td {font-size:10pt;}
- Fixed sql injection with reset date format field in profile - tendor
-1.xvii. Changes since 2.0.4
+1.xviii. Changes since 2.0.4
- Removed user facing session_id checks
@@ -430,7 +447,7 @@ p,ul,td {font-size:10pt;}
- Default English support for visual confirmation - translators are encouraged to support this
-1.xviii. Changes since 2.0.3
+1.xix. Changes since 2.0.3
- Fixed cross-browser scripting issue with highlight param
@@ -557,7 +574,7 @@ p,ul,td {font-size:10pt;}
- Fixed potential SQL vulnerability with marking of private messages - Ulf Harnhammar
-1.xix. Changes since 2.0.2
+1.xx. Changes since 2.0.2
- Fixed potential cross-site scripting vulnerability with avatars - Showscout
@@ -566,7 +583,7 @@ p,ul,td {font-size:10pt;}
- Fixed (hopefully) issue with MS Access and multiple pages
-1.xx. Changes since 2.0.1
+1.xxi. Changes since 2.0.1
- Fixed missing "username" lang variable in user admin template
@@ -601,7 +618,7 @@ p,ul,td {font-size:10pt;}
- Fix emailer to allow sending emails with language-specific character sets
-1.xxi. Changes since 2.0.0
+1.xxii. Changes since 2.0.0
- Fixed delete image bug for normal users
@@ -658,7 +675,7 @@ p,ul,td {font-size:10pt;}
- Added database closure to admin frameset page
-1.xxii. Changes since RC-4
+1.xxiii. Changes since RC-4
- Fixed improper report of general error when posting messages containing errors
@@ -688,7 +705,7 @@ p,ul,td {font-size:10pt;}
- Fixed various remaining usergroup display issues
-1.xxiii. Changes since RC-3
+1.xxiv. Changes since RC-3
- Addressed serious security issue with included files
@@ -719,7 +736,7 @@ p,ul,td {font-size:10pt;}
- Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver
-1.xxiv. Changes since RC-2
+1.xxv. Changes since RC-2
- Fixed infamous install parse error
@@ -752,7 +769,7 @@ p,ul,td {font-size:10pt;}
- Hidden usergroups are now completely hidden from view
-1.xxv. Changes since RC-1
+1.xxvi. Changes since RC-1
- Fixed numerous PostgreSQL related issues
@@ -772,7 +789,7 @@ p,ul,td {font-size:10pt;}
- Various other fixes and updates
-1.xxvi. Changes since RC-1 (pre)
+1.xxvii. Changes since RC-1 (pre)
- Upgrade script completed for initial fully functional release