金沙国际娱城平台-欢迎莅临金沙国际娱城平台

<big id="te8ri"><strike id="te8ri"><tt id="te8ri"></tt></strike></big><track id="te8ri"><ruby id="te8ri"></ruby></track>
<pre id="te8ri"></pre>

  • <acronym id="te8ri"><label id="te8ri"><xmp id="te8ri"></xmp></label></acronym>

      <p id="te8ri"></p>
      <pre id="te8ri"></pre>
        Translations of this page: en bg cs de fi fr hu it ja pl ru tr zh

        PunBB 1.3 Bugs

        Please, look through the list for the bug you have found. If there is no one, then add it.

        PunBB 1.3 bugs

        • Moderation bugs:
          • Incorrect hidden field value on actions with multiple topics (fixed in [898], hotfix in process).
          • XSS vulnerability, reported by PHPLizardo (fixed in [909], hotfix hotfix_13_moderate_xss released).
          • Replies and Views are exchanged in moderate.php, reported by coordinator (fixed in [932]).
          • There is no link to the reports page in the admin menu for moderators, reported by 8k84 (fixed in [940]).
        • Markup and language file issues (no hotfixes will be released if the bug results no errors):
          • Incorrect markup of the “download latest version” link (fixed).
          • Missing language file entries for install.php, reported by coolhd (fixed in [891]).
          • Markup issues in the guest post form in post.php, reported by Adelf (fixed in [900]).
          • Markup issues in install.php (fixed in [901]).
          • Incorrect heading set in profile, reported by fantasma (fixed in [902]).
          • Underline is working as italics (post by User33, fixed in [922]).
          • Incorrect message you must copy/upload the file .htaccess from the extras directory in forum settings (topic by esupergood, fixed in [923]).
          • Make “new hotfixes” message more informative, see Forums topic by colak for details (fixed in [923]).
          • Breadcrumbs: Lack of link on topic subject ? no topic permalink at all! (fixed in [924])
          • Wrong appearing of 'sticky' word in search results, reported by teva and User33 (fixed in [910] and [928]).

        PunBB 1.3.1 bugs

        PunBB 1.3.2 bugs

        PunBB 1.3.3 bugs

        PunBB 1.3.4 bugs

        • Seems like checking of csrf tokens does not involve correspondent timeout in a right way (fixed in [1325], fix by bedroom).
        • FIXME One can't post in a forum if there is only post permission (reported by Cereal).
        • FIXME Just after installing the 'online' table takes a lot of diskspace on some systems (for example, 1.6 Mb on PHP: 4.4.9, Accelerator: eAccelerator, DB: MySQL Standard 4.1.22; see also a topic on forums).
        • FIXME Updating script (admin/db_update.php) issues?

        PunBB 1.3.5 bugs

        • CSS & markup.
        • Missing lang entries on language files.
        • Correct path and alerts on install.
        • Fixed typos and more.

        PunBB 1.3.6 bugs

        Security issue details

        We provide the details of some fixed security bugs here.

        Possible XSS in moderate

        A topic title was not converted to HTML in forum moderation. A user could steal moderator's & administrator's session by injecting JavaScript in the topic title.

        Possible XSS in login

        Password field value (set directly from POST-request) was not properly escaped, so that one could use it to execute JavaScript. CSRF confirm message would be displayed.

        Potential SQL-injections at admin/users.php page

        The values of $_POST['order_by'] and $_POST['direction'] were escaped, but not logically checked before using in SQL query at the Administration ? Users page. One could execute any SQL query via making administrator to send a POST-request (e.g. giving him a link to the specially formed page). CSRF confirm message would be displayed.

        Potential SQL-injections in admin/settings.php via configuration values

        The values of configuration options were not checked before using in SQL query at Administration ? Settings page. One could execute any SQL query via making administrator to send a POST-request (e.g. giving him a link to the specially formed page). CSRF confirm message would be displayed.

        See also

        Links


        Personal Tools
          金沙国际娱城平台