• Login
  • Register
Hello There, Guest!

Username:

Password:

Remember me

Lost PW Lost Password?

Advanced Search
  • Rules
  • Staff
  • Wiki
  • Free Companies
  • Linkshells
  • Calendar
  • Chat
  • Gallery
  • Donate
home Hydaelyn Role-Players → Off-Topic → Off-Topic Discussion v
« Previous 1 … 33 34 35 36 37 … 53 Next »
→

Security Update


RPC has moved! These pages have been kept for historical purposes

Please be sure to visit https://ffxiv-roleplayers.com/ directly for the new page.

Security Update
Threaded Mode | Linear Mode

Kylinv
Kylin
Find all posts by this user
Visit this user's website
Relic of a Bygone Era
*****

Offline
Posts:1,437
Joined:Mar 2010
Server:Mateus/Balmung
Reputation: 105
Security Update |
#1
10-24-2013, 04:23 PM
The site has just undergone a security update. As a result, several core files were overwritten and some minor things may not be working properly. I think I fixed most of them. If another issue arises, please report it here. Thanks.

Security update solved the following:

Vulnerabilities dealt with:
  • High Risk: Authorization bypass vulnerability within the PM system
  • Medium Risk: Accounts without login keys could be hijacked
  • Low Risk: Weakness within the generate_post_check() function
  • Low Risk: Anonymous statistics may not always be anonymous
  • Low Risk: Database backups are exposed in logs

Bugs dealt with:
Show Content
SpoilerBug #956: Quote tags don't work if username contains a ]
Bug #1443: View thread notes - PgSQL
Bug #1483: Large attachments, greater than PHP memory limit, fail
Bug #1515: Attachement in first post lost after merging posts below
Bug #1611: '&' in RSS feed titles
Bug #1702: canonlyviewownthreads Permission Bug
Bug #1733: GeoIP encoding problem
Bug #1846: SMTP TLS
Bug #1847: memcache sockets
Bug #1871: Mod CP user search Post Count column alignment
Bug #1877: Forum Jump doesn't obey SEF urls setting
Bug #1879: Thread drafts don't remember prefixes
Bug #1927: User merge - Source account avatar left on server
Bug #2002: User merge warning logs error
Bug #2003: When replying to a subject that is at max character limit, you will get an error.
Bug #2008: Google-Mobile useragent not detected
Bug #2019: function affected_rows in db_pgsql.php calls pg_affected_rows with the wrong parameter
Bug #2023: Maximum Videos per Post setting not working
Bug #2059: Post Tools won't show up until a Thread Tool exists
Bug #2070: Pending group join requests are effectively numUsersInGroup * JoinRequests
Bug #2095: User(s) browsing this thread not appearing on quote link
Bug #2103: Mark forum read doesn't work with PostgreSQL
Bug #2110: Writing limit in a post triggers PostgreSQL replacement
Bug #2122: COPPA invalid date of birth
Bug #2124: Tracking Logic Wrong
Bug #2125: Admin CP Viewing Warning wrong link
Bug #2134: AdmincP Bug
Bug #2142: PM Advanced Search Sort Order
Bug #2151: Saving CSS changes in Simple Editor breaks @media queries
Bug #2156: Attachment count wrong when unapproving attachments
Bug #2157: Last user user-name for threads and forums is not updated upon modifying user-names or merging users.
Bug #2158: Users can give reputation for any post.
Bug #2162: Threadlist can contain a thread without name, id etc.
Bug #2163: Linking to non existent post does not show typical error page
Bug #2165: sendthread.php throws sql error with postgres
Bug #2166: calling newreply with no tid does not show the correct error page
Bug #2167: Calling polls.php with invalid pid shows sql error instead of correct error page
Bug #2168: Postgres errors in search.php and useless order by clause
Bug #2175: Displaying the latest new user does not always work
Bug #2177: update_pm_count() can throw sql error in Postgres
Bug #2179: Set value for MYBB_ROOT
Bug #2182: Apostrophe in DB password causes PHP error
Bug #2184: SID not checked in admin/modules/templates.php
Bug #2188: Reputation Sync Not Accounting For NULL Values
Bug #2192: Attachments still downloadable if thread unapproved
Bug #2193: Thread Subsciptions "not subscribed to any threads" with &page=
Bug #2204: Login Page - maxlength for username/email field too short
Bug #2205: enablereputation setting problem
Bug #2206: Strange/missing permission checks in editpost and newreply
Bug #2211: Splitting a thread at the same time can create threads without posts
Bug #2213: forumbit_depth1_forum doesn't exist
Bug #2215: Double defined $cache on upgrade
Bug #2216: "Templates Requiring Additional Calls" will always show
Bug #2227: editor.js error causing misalignment in Office 2007 editor theme.
Bug #2229: member.php Away Date Bug
Bug #2234: 'Language fallback to english' option fails when language 'area' is 'admin'
Bug #2235: PostgreSQL error on quick reply
Bug #2241: Replacing preg_replace e modifier PHP 5.5
Bug #2245: Language tweak in installer
Bug #2246: Logout link broken on "Access Denied" pages
Bug #2248: Installer: Update "Subscribe to Mailing List" link
Bug #2249: sessions unnecessarily being deleted and created on every request
Bug #2250: Admin Log errors
Bug #2254: Adding attachment to an existing draft creates a new draft
Bug #2270: Minor Typo / Consistency Issue in showthread.php
Feature #1853: Allow login via email and/or username with settings in the ACP
Quote this message in a reply

« Next Oldest | Next Newest »

  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread


Users browsing this thread: 1 Guest(s)
Index | Return to Top | Lite (Archive) Mode | RSS Syndication | Current time: 04-13-2025, 11:28 PM

Final Fantasy XIV images/content © Square-Enix, forum content © RPC.
The RPC is not affiliated with Square-Enix or any of its subsidiaries.
Powered By MyBB, © 2002-2025 MyBB Group.
Designed by Adrian/Reksio, modified by Kylin@RPC