Zaterdag is versie 3.0.8 uitgebracht van phpBB. Met dit programma is het mogelijk een webforum te maken. PhpBB wordt onder de gpl-licentie beschikbaar gesteld en maakt gebruik van php en een databaseprogramma om berichten op te slaan. Naast MySQL worden ook PostgreSQL, Oracle, Firebird en SQLite als databasesoftware ondersteund. De complete lijst met veranderingen sinds versie 3.0.7 patch level 1 is in dit topic op het phpBB-forum te vinden, dit zijn de release notes voor deze versie:
phpBB 3.0.8 released
We are pleased to announce the release of phpBB "Patience is a Virtue" 3.0.8. This new version is a maintenance release fixing a large number of bugs as well as improving on usability and performance. Unfortunately we have also discovered a security issue in the previous version affecting boards which have the flash BBCode enabled - it is disabled by default. On WebKit based browsers like Safari or Chrome, as well as Opera, the flash BBCode can be used to execute javascript causing a cross site scripting vulnerability.
To fix this problem in 3.0.7, please go to line 354 in includes/message_parser.php, and right before// Apply the same size checks on flash files as on images
add these lines:$in = str_replace(' ', '%20', $in);
This will not fix the problem in already existing posts. In order to scan your board for malicious posts we have created a scanning script. Simply upload it to your phpBB's root directory and access it directly. A new version of the Support Toolkit including this script as well as a tool for reparsing individual posts will be released soon. We will keep you updated.
// Make sure $in is a URL.
if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) &&
!preg_match('#^' . get_preg_expression('www_url') . '$#i', $in))
{
return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
}
The release also fixes a problem with the recaptcha plugin which could have helped spammers circumvent the captcha in some cases. A thank you goes to Evilzone.org for highlighting a few bugs and giving us an overall good security rating.
We urge you to update your installation as soon as possible. Our support team will only support phpBB 3.0.8, updates to phpBB 3.0.8 and conversions to phpBB 3.0.8. Submissions to our trackers for older versions will not be accepted, please make sure you update before you submit a bug report.
If you use a language pack other than the default "English [GB]", you should check our downloads section, an update may already be available.
For a complete list of changes with attributed ticket numbers, please consult our comprehensive changelog.
