e107v0.603 / Revision #4

by admin in

Here's revision #4 ...

Here's revision #4 ...
  • class2.php : Bugrtrack ID --- : removed commented out lastvisit code
  • forum_viewtopic.php : upgrade : added teo new template functions - is like but doesn't render the thread, renders the thread only
  • e107_handlers/news_handler.php : upgrade : added new template function - will render the news caption as per the defined css
  • e107_themes/clan/theme.php : reported via irc : removed unused template function from chatboxstyle
  • user.php : Bugtrack ID --- : admin perms checked for user editing, cannot edit other admins
  • changelog.php : Bugtrack ID --- : redirects to front page if no request sent
  • class2.php : reported via irc : removed script tags, note this was only effective if html posting was checked
  • forum_viewtopic.php : Bugtrack ID 397 : fixed parsing of moderator tags
  • user.php : Bugtrack ID 396 : select box now has correct option
  • forum_viewtopic.php : Bugtrack ID 395 : bbcode tags in thread title parsed correctly
  • e107_admin/admin.php : Bugtrack ID 393 : submitted news items now consistently checked
  • forum_viewtopic.php : Bugtrack ID 391 : user status is checked before the track thread link is shown
  • forum_post.php : Bugtrack ID 390 : edit string isn't shown when editing
  • e107_handlers/mail.php : Bugtrack ID 387 : added charset header on request
  • e107_admin/content.php : Bugtrack ID 383 : link class updated when content class changed
  • download.php : Bugtrack ID 378 : added missing </div> tag
This revision contains a fix for this widely reported exploit that started as a small chatbox hack and has progresively grown to something that can take your whole site down, as well as starting the third world war. This as only possible if you had html posting enabled and as that's turned off by default it only affected a handful of sites. And to those of you who've been trying to use the exploit on e107.org (I found 18 seperate instances), you won't be reading this cos now you're all banned. Bye.

Social Links