|
|
|
@1586
|
[1586]
|
04/06/08 12:34:15 |
Neal |
Added missing > to edit.php. |
|
|
|
@1577
|
[1577]
|
03/30/08 12:35:13 |
Neal |
Changed sha1 calls in 1.2 to pun_hash calls. |
|
|
|
@1540
|
[1540]
|
03/02/08 22:45:58 |
Neal |
Fixed the avatars of deleted users not being removed. |
|
|
|
@1538
|
[1538]
|
03/02/08 01:24:49 |
Neal |
Turned calls to sha1 into calls to pun_hash. |
|
|
|
@1531
|
[1531]
|
02/26/08 11:37:21 |
Neal |
Fixed a bug with admin_maintenance.php that potentially led to reindexing … |
|
|
|
@1500
|
[1500]
|
02/19/08 23:22:17 |
Rickard |
Update for 1.2.17. |
|
|
|
@1499
|
[1499]
|
02/19/08 23:18:27 |
Rickard |
Fixed XSS vulnerability involving the get_host parameter. Reported by … |
|
|
|
@1498
|
[1498]
|
02/19/08 23:12:27 |
Rickard |
Strengthen auto generated cookie seed. Related to [1497]. |
|
|
|
@1497
|
[1497]
|
02/19/08 23:09:45 |
Rickard |
Fixed a password recovery vulnerability. Reported by Stefan Esser. |
|
|
|
@1494
|
[1494]
|
02/18/08 13:39:49 |
Neal |
Modified the redirect function so that it prefixes URLs with the base URL … |
|
|
|
@1475
|
[1475]
|
02/08/08 01:29:45 |
Neal |
Backported [1474] to trunk. |
|
|
|
@1440
|
[1440]
|
02/03/08 15:42:49 |
Neal |
Backported [1439] to trunk. |
|
|
|
@1356
|
[1356]
|
01/29/08 00:08:53 |
Neal |
Added a new parameter to the logout URL to prevent a CSRF annoyance. |
|
|
|
@1280
|
[1280]
|
01/19/08 15:16:24 |
Neal |
Backported [968] and [1279] from 1.3 branch. |
|
|
|
@1263
|
[1263]
|
01/14/08 23:23:25 |
Neal |
Fixed some miscellaneous display/HTML validation issues in … |
|
|
|
@1260
|
[1260]
|
01/14/08 11:58:26 |
Neal |
Fixed a comment typo. Discovered by redneck. |
|
|
|
@1259
|
[1259]
|
01/14/08 11:57:40 |
Neal |
Consistency change to the HTML in edit.php. Noticed by Applejuice. |
|
|
|
@1255
|
[1255]
|
01/13/08 13:00:10 |
Neal |
Backported [1254] from 1.3 branch. |
|
|
|
@1253
|
[1253]
|
01/13/08 12:54:21 |
Neal |
Backported [1252] from 1.3 branch. |
|
|
|
@1098
|
[1098]
|
11/19/07 17:08:44 |
Rickard |
Revised fix for [1095]. |
|
|
|
@1096
|
[1096]
|
11/18/07 23:21:02 |
Rickard |
Update for 1.2.16. |
|
|
|
@1095
|
[1095]
|
11/18/07 23:16:48 |
Rickard |
Fixed XSS vulnerability and potential HTTP response splitting … |
|
|
|
@1094
|
[1094]
|
11/18/07 23:14:16 |
Rickard |
Fixed CSRF vulnerability due to missing call to confirm_referrer(). Thanks … |
|
|
|
@956
|
[956]
|
04/23/07 22:16:01 |
Neal |
Modified topic/post counts for forums to include redirect topics. |
|
|
|
@953
|
[953]
|
04/15/07 02:00:08 |
Neal |
Fixed a misplaced parenthesis that led to unregister_globals being run in … |
|
|
|
@946
|
[946]
|
04/11/07 11:39:51 |
Rickard |
Update for 1.2.15. |
|
|
|
@945
|
[945]
|
04/11/07 11:35:44 |
Rickard |
Beefed up the referrer check in admin/options. |
|
|
|
@944
|
[944]
|
04/11/07 07:27:58 |
Rickard |
Fixed recent posts search returning redirect topics. |
|
|
|
@941
|
[941]
|
04/10/07 21:37:34 |
Neal |
Prevented some possible path disclosures. |
|
|
|
@940
|
[940]
|
04/10/07 21:07:18 |
Neal |
Ported [939] from 1.3 branch. |
|
|
|
@938
|
[938]
|
04/10/07 16:42:55 |
Rickard |
Fixed XSS vulnerability involving HTTP_REFERER. |
|
|
|
@937
|
[937]
|
04/10/07 16:19:24 |
Rickard |
Moved template tag replacement of pun_include to the top of all … |
|
|
|
@936
|
[936]
|
04/09/07 16:41:02 |
Rickard |
Prevent NULL byte injection into the e-mail message field (can result in … |
|
|
|
@935
|
[935]
|
04/09/07 14:19:22 |
Rickard |
Made sure the profile field URL actually starts with "http://". |
|
|
|
@934
|
[934]
|
04/09/07 14:16:42 |
Rickard |
Fixed XSS vulnerability when deleting a category (admin only). |
|
|
|
@933
|
[933]
|
04/09/07 14:15:20 |
Rickard |
Ported [614] from 1.3 branch. |
|
|
|
@932
|
[932]
|
04/08/07 17:30:39 |
Neal |
Added missing xmlns attribute to several files. |
|
|
|
@931
|
[931]
|
04/08/07 17:14:20 |
Neal |
Added stricter permissions checks for actions in moderate.php. |
|
|
|
@858
|
[858]
|
01/30/07 22:31:43 |
Neal |
Backported [638] from dev branch |
|
|
|
@776
|
[776]
|
01/15/07 13:59:02 |
Neal |
Removed extra error when a guest tries posting as Guest. |
|
|
|
@775
|
[775]
|
01/15/07 13:42:14 |
Neal |
Backported [608] from 1.3 branch. |
|
|
|
@774
|
[774]
|
01/15/07 01:09:11 |
Neal |
Whitespace fix for [773]. |
|
|
|
@773
|
[773]
|
01/15/07 01:07:18 |
Neal |
Fix for users appearing multiple times in the online list. Also fixes … |
|
|
|
@771
|
[771]
|
01/15/07 00:51:05 |
Neal |
extern.php now respects maintenance mode. |
|
|
|
@769
|
[769]
|
01/14/07 23:08:35 |
Neal |
Fixed disabling "Search All Forums" not actually removing the ability to … |
|
|
|
@768
|
[768]
|
01/14/07 22:58:16 |
Neal |
Timezones were rounded too much when registering. |
|
|
|
@767
|
[767]
|
01/14/07 22:55:28 |
Neal |
Optimize search by removing useless group by statement (backported from … |
|
|
|
@766
|
[766]
|
01/14/07 22:52:29 |
Neal |
Online indicator was not being displayed in IE7. |
|
|
|
@603
|
[603]
|
10/15/06 16:40:18 |
Rickard |
Update for 1.2.14. |
|
|
|
@602
|
[602]
|
10/15/06 16:36:12 |
Rickard |
Implemented workaround for zend_hash_del_key_or_index hole in PHP <4.4.3 … |
|
|
|
@601
|
[601]
|
10/15/06 16:31:18 |
Rickard |
Fixed a local file inclusion vulnerability. Was fixed into profile.php … |
|
|
|
@600
|
[600]
|
10/15/06 16:27:12 |
Rickard |
Fixed some admin only SQL injections. |
|
|
|
@599
|
[599]
|
10/15/06 15:21:22 |
Rickard |
Removed unnecessary join with the posts table. |
|
|
|
@598
|
[598]
|
10/14/06 16:41:53 |
Rickard |
Fixed admins being able to set default group to admin, moderator or guest … |
|
|
|
@597
|
[597]
|
10/14/06 16:40:28 |
Rickard |
Fixed being able to ban all guests. |
|
|
|
@596
|
[596]
|
10/14/06 16:37:38 |
Rickard |
Fixed install on MySQL 5.0.25 and later. |
|
|
|
@595
|
[595]
|
10/10/06 15:48:31 |
Paul |
Added fixes for IE7. |
|
|
|
@591
|
[591]
|
09/26/06 23:24:04 |
Rickard |
Fixed comment typo. |
|
|
|
@590
|
[590]
|
09/26/06 23:23:03 |
Rickard |
Update for 1.2.13. |
|
|
|
@589
|
[589]
|
09/26/06 23:22:15 |
Rickard |
Removed file/folder |
|
|
|
@588
|
[588]
|
09/26/06 22:48:56 |
Rickard |
Fixed avatars_dir NULL byte injection vulnerability (CVE-2006-4759). |
|
|
|
@587
|
[587]
|
09/26/06 22:46:27 |
Rickard |
Added support for HttpOnly? cookies. Credits to Matt Mecham for pre-PHP5.2 … |
|
|
|
@436
|
[436]
|
05/20/06 15:57:21 |
Rickard |
Updated for 1.2.12. |
|
|
|
@435
|
[435]
|
05/20/06 15:57:04 |
Rickard |
Bumped version number to 1.2.12. |
|
|
|
@434
|
[434]
|
05/20/06 15:56:40 |
Rickard |
Added 1.2.* to 1.2.12 update script. |
|
|
|
@433
|
[433]
|
05/20/06 15:55:07 |
Rickard |
Removed file/folder. |
|
|
|
@432
|
[432]
|
05/20/06 15:53:28 |
Rickard |
Fixed incorrect user count leading to empty last page of user list. |
|
|
|
@431
|
[431]
|
05/20/06 15:52:02 |
Rickard |
Fixed XSS vulnerability involving "redirect_url". |
|
|
|
@430
|
[430]
|
05/20/06 15:42:32 |
Rickard |
Fixed XSS vulnerability involving URL BBCode (only affects Internet … |
|
|
|
@340
|
[340]
|
02/28/06 18:24:03 |
Rickard |
Updated for 1.2.11. |
|
|
|
@339
|
[339]
|
02/28/06 18:23:46 |
Rickard |
Bumped version number to 1.2.11. |
|
|
|
@338
|
[338]
|
02/28/06 18:23:17 |
Rickard |
Added 1.2.* to 1.2.11 update script. |
|
|
|
@337
|
[337]
|
02/28/06 18:22:39 |
Rickard |
Removed file/folder. |
|
|
|
@336
|
[336]
|
02/28/06 18:21:41 |
Rickard |
Added an IP flood check to the registering process to prevent DoS attacks. |
|
|
|
@335
|
[335]
|
02/28/06 18:20:27 |
Rickard |
Fixed XSS vulnerability. |
|
|
|
@292
|
[292]
|
10/31/05 23:32:14 |
Rickard |
Updated for 1.2.10. |
|
|
|
@291
|
[291]
|
10/31/05 23:31:58 |
Rickard |
Fixed incorrect version numbers. |
|
|
|
@290
|
[290]
|
10/31/05 23:31:04 |
Rickard |
Bumped version number to 1.2.10. |
|
|
|
@289
|
[289]
|
10/31/05 23:30:14 |
Rickard |
Added 1.2.* to 1.2.10 update script. |
|
|
|
@288
|
[288]
|
10/31/05 23:29:48 |
Rickard |
Removed file/folder. |
|
|
|
@287
|
[287]
|
10/31/05 23:27:29 |
Rickard |
Require users to enter password when requesting a change of e-mail … |
|
|
|
@286
|
[286]
|
10/31/05 23:10:48 |
Rickard |
Removed reliance on HTTP_X_FORWARDED_FOR to prevent IP spoofing. |
|
|
|
@285
|
[285]
|
10/31/05 23:06:55 |
Rickard |
Moved up execution of unregister_globals() before the inclusion of … |
|
|
|
@284
|
[284]
|
10/31/05 21:37:19 |
Rickard |
Updated fix from [283]. All dots should not be filtered out to allow for … |
|
|
|
@283
|
[283]
|
10/31/05 21:27:24 |
Rickard |
Fixed periods not being filtered out before insertion into the search … |
|
|
|
@282
|
[282]
|
10/31/05 21:26:12 |
Rickard |
Force quoted text to be from the topic we're posting in. |
|
|
|
@281
|
[281]
|
10/31/05 21:13:45 |
Rickard |
Implemented workaround for the IE GIF bug. See … |
|
|
|
@273
|
[273]
|
10/16/05 10:05:56 |
Rickard |
Updated for 1.2.9. |
|
|
|
@272
|
[272]
|
10/16/05 10:02:43 |
Rickard |
Implemented Stefan Esser's unregister_globals(). |
|
|
|
@271
|
[271]
|
10/16/05 09:48:29 |
Rickard |
Fixed SQL injection vulnerability (only exploitable with register_globals … |
|
|
|
@270
|
[270]
|
10/16/05 09:46:41 |
Rickard |
Bumped version number to 1.2.9. |
|
|
|
@269
|
[269]
|
10/16/05 09:45:49 |
Rickard |
Added 1.2.* to 1.2.9 update script. |
|
|
|
@268
|
[268]
|
10/16/05 09:45:03 |
Rickard |
Removed file/folder. |
|
|
|
@265
|
[265]
|
09/22/05 07:50:40 |
Rickard |
Fixed broken fix. |
|
|
|
@264
|
[264]
|
09/21/05 22:44:43 |
Rickard |
Updated for 1.2.8. |
|
|
|
@263
|
[263]
|
09/21/05 22:42:32 |
Rickard |
Bumped version number to 1.2.8. |
|
|
|
@262
|
[262]
|
09/21/05 22:41:52 |
Rickard |
Added 1.2.* to 1.2.8 update script. |
|
|
|
@261
|
[261]
|
09/21/05 22:41:26 |
Rickard |
Removed file/folder. |
|
|
|
@260
|
[260]
|
09/21/05 22:39:30 |
Rickard |
Removed redundant call to paginate(). |
|
|
|
@259
|
[259]
|
09/21/05 22:38:52 |
Rickard |
Fixed code inclusion vulnerability. |
