Phorum-5.2.9 released! Security Upgrade!

This release fixes a couple of issues and adds a temporary fix for the problem reported by Julian A. Rodriguez ( [nulledcore.com] ) which got confirmed now.

Therefore we urge all Phorum users to upgrade as soon as possible.

You can download it from our downloads page.

This is the excerpt from the changelog:

   2008-10-06 10:13  ts77
	* removed "SET CHARACTER SET" query to solve some mysteries in
	  charset support (thanks to Chris who brought this up
	  [www.phorum.org] )

   2008-10-06 10:03  mmakaay
	* Fixed #806: possible XSS leak plugged. This was reported as a
	  security vulnerability, however we were never able to produce
	  anything more than broken HTML code. Since broken HTML code is not
	  good and because we are rather safe than sorry, this fix was
	  implemented.

   2008-10-04 08:55  mmakaay
	* Fixed "AND" based queries for
	  phorum_api_user_search_custom_profile_field(). Thanks to Phorum
	  user jjarvis98 for noticing the bug and to Azumandias for
	  providing the fix.

   2008-09-21 10:10  ts77
	* transferring template-arg through the urls (fixing #792), doesn't
	  work with search - essentially breaks search and needs checking
	  therefore

   2008-09-21 09:56  ts77
	* give a message about this being a moderated forum before
	  redirecting after posting (fixing #775)

   2008-09-02 12:13  mmakaay
	* Fixed the new release detection code. In the admin interface, new
	  releases were not detected by the "Check For New Version"
	  function.

   2008-09-01 09:55  mmakaay
	* Fixed #797: Undefined offset: 0 in api.php in case the message
	  started with a stale BBcode close tag. Thanks to Alexey Torkhov
	  for the problem report.

   2008-09-01 09:37  mmakaay
	* Fixed #796: Undefined index "mod_bbcode_tags" in BBcode module.
	  Thanks to Alexey Torkhov for the heads up.

   2008-09-01 07:41  mmakaay
	* Fixed the classic index style (directory browsing mode) for the
	  classic 0.4 template. It did not yet reflect a change in the
	  datastructures that we use for the index page in Phorum 5.2,
	  causing folders to not show up in that view.

   2008-09-01 06:33  mmakaay
	* Fix for #795: BBcode module needs to explicitly include api.php to
	  define the constants that are used in the settings page. Thanks to
	  Alexey Torkhov for the heads up.

   2008-08-27 12:57  ts77
	* building the list of forums to move a thread to in the same way as
	  the list of forums in the search form (fixing #729, thx to Oliver
	  Riesen)

   2008-08-27 10:09  mmakaay
	* Fixed #784: missing terminating ] for character class in
	  http_get.php.

   2008-08-23 18:31  mmakaay
	* Fixed #776: phorum_api_user_save() sets the password to "*NO
	  PASSWORD SET*" when calling the function twice (first time to
	  create a user, second time to update, both calls without using a
	  password in the user data). Thanks to Alexey Torkhov for finding
	  and reporting the issue.

   2008-08-22 22:55  mmakaay
	* Fixed #787: BBcode module: end of message end tags for some bbcode
	  tags were not processed correctly. The tag and the text that came
	  before the tag were duplicated at the end of the rendered message.

   2008-08-22 21:21  mmakaay
	* Added "@" as a safe character for the quoted printable encoding
	  requirement check. Otherwise, every mail address will be quoted
	  printable encoded, even if there are no special characters in it.

   2008-08-04 17:57  mmakaay
	* Phorum3 script updated for the new phorum_db_file_save() call in
	  Phorum 5.2. Thanks to Simon King who posted the patch in our
	  support forums.

---

Thomas Seifert



Edited 3 time(s). Last edit at 10/06/2008 03:06PM by Thomas Seifert.