Phorum 5.2.20 released - Minor Security Fixes

We are happy to announce our latest stable release Phorum-5.2.20.
It is a bug fix release over 5.2.19 fixing some issues reported (including patches, thanks folks!) and other collected changes since the last release.
Also includes some minor security fixes as can be seen below.

You can download this new release from our downloads page or our github page.

- fixed message pruning with umlauts in forum name
- fixed possible stored and reflected XSS on attachment preview (minor, only could affect the author himself)
- fixed minor security flaw on IIS and open redirect, reported by Curesec
- send 500 HTTP status code in case of database error
- Fix access check for user given only by user_id (fixing #892 )
- Fixed PHP 5.4 notice for iScramble code

---

Thomas Seifert

Hi Thomas,

I just started to upgrade to the new version.

My first observations:

• The folder inside the ZIP-File is called Phorum-Core-68a6d88. I think this folder should be called phorum-5.2.20 instead.
• File /docs/NEWS is missing.
• The folder /docs/html/ and his subfolders seem incomplete. Compared to 5.2.19 a lot of files a missing.

Regards
Oliver

---

Using Phorum since 7/2000: forum.langzeittest.de (actual version 5.2.23)
Modules "Made in Germany" for version 5.2: Author_as_Sender, CarCost, Close_Topic, Conceal_Message_Timestamp,
Format_Email, Index_Structure, Mailing_List, Pervasive_Forum, Spritmonitor, Terms_of_Service and German_Language_Files_Package.

1. thats the automatically generated name by github, yeah everything can be done on your own but I decided to not for now.
2. yes, no longer being generated. Changelog is given on the page at the downloads.
3. yes, currently the docs are only generated on the website, no need to distribute it all the time.

---

Thomas Seifert

Just one question here because I ran into this news a few moments ago from my forums' Admin CP.

I know it's a given to make sure to back up the current system and my forums' database before doing the upgrade procedure; however, what is the best procedure to do this upgrade itself to the new version? Is it simply just overwriting most of the files of the previous version with the new version that has just been posted?

Once again, I am well aware of backing up the previous system's files and the database, considering that one of them contains the info needed to connect to the database on the server host I'm using. All right; thanks again.

We have a full docs section about upgrading:
[www.phorum.org]

and yes, just overwriting the files with the newer ones, if you have good backups.

---

Thomas Seifert

Hello Thomas,

This is great news, it is good to see a new version of Phorum.

Thanks to all contributors ;-)

Cactus : [www.cactuspro.com]

Hi Thomas,

does this release run with PHP7? Currently I'm using Phorum version 5.2.19 and PHP5.4. My Webhoster pushes hard to PHP7...

We did not test with php7, so might work, might not work.

---

Thomas Seifert

Hello,

Please, what's going on? Currently your download page does not offer any v.5.2.x version.
As a cite from [www.phorum.org]

Current Stable Version
(released at Jan 01, 1970)

Or am I to stupid to find the download link over there? Tried with several web browser. But currently (03.03.2016) latest link seems to be
phorum-5.1.25.zip

There is a link on the Home Page [www.phorum.org]