vBulletin 3.0.5

[acid]

Dear users,
We had to upgrade forum script due to potential security flaw in script. Some brief information on this:

Quote:

Critical Update

The discovery of a serious security vulnerability in versions of vBulletin 3 up to and including 3.0.4 has necessitated the immediate release of a version to plug the hole.

The vulnerability affects anyone running vBulletin 3 on PHP 4 with register_globals enabled in php.ini.

This is a CRITICAL update, and urge all affected customers to upgrade vBulletin with the utmost urgency.

Meanwhile the following bugs were fixed since v3.0.3

Quote:

• 3118 - AdminCP Stats are misaligned
• 3126 - Little typo in includes/functions_databuild.php
• 3132 - Short php tags used in forum.php and upgradecore.php
• 3135 - Problem with adding multiple smilies when the full URL is used
• 3139 - forumpermissions.php: Displaying a single forum is broken
• 3123 - Rebuild Styles is in English
• 3235 - Referral Report
• 3150 - Jelsoft Enterprises Limited Link in Admin Panel
• 3166 - Wrong redirect when changing into pda mode
• 3176 - Wrong link in ACP View Rep Comments
• 3164 - Who's online problem
• 3158 - Copy thread issues
• 3179 - Who's online problem - 2
• 3127 - Indexing Inefficiency
• 3172 - Style Issue Upon Registration
• 3184 - Leave email field
• 3149 - Each time you Preview, you lose a little more of your message
• 3163 - Memberlist Search member then change sort order give wrong result
• 3188 - List Visitors in the Last 24 Hours show lastvisit day
• 3189 - E-mail support for .museum TLD
• 3182 - Parent E-Mail Bug
• 3198 - Uncached template: modifysignature
• 3209 - Moderators now shown in ACP/Forum Manager (Single mode)
• 3203 - Search Users from ACP bug
• 3215 - buildpostcache doesn't work properly
• 3219 - Invalid XHTML
• 3169 - Renaming using does not rename thread starter
• 3221 - Adding a Poll for admins / mods shouldn't expire
• 3193 - Date shown in navbar after event submission is wrong
• 3262 - View Reputation Comments
• 3249 - Announcements one day off
• 3268 - Can't view permissions through forum manager
• 3264 - Wrong links in modcp/banning.php
• 3276 - Images with a width of 1px cause database error
• 3283 - FAQ searching
• 3287 - Postcount Problem with Deleting Forum
• 3115 - running install.php, catching blank page
• 3303 - Partial "Rebuild Search Index" doesn't stop correctly
• 3312 - 'alt3' CSS Class
• 3314 - Image Error in language editing
• 3328 - Wrong text in admincp/statistics
• 3326 - Problems with Memberlist searching when Advanced Search is turned off
• 3348 - Problem with searching for a user in the Mod CP
• 3361 - faq.php unchecked do variable
• 3360 - Forum Links without permissions
• 3351 - Possibility to use every function in a template condition
• 3510 - Two deletions of the same thread will cause database error
• 3365 - "Edited by" shows for admin if user gave reason.
• 3382 - referrerid cookie in register.php
• 3383 - Registration problem with custom field
• 3392 - No sanitization of poststarttime
• 3388 - Existing Searches ignored - Search always rebuilt!
• 3393 - Error handling on save smilies
• 3137 - Error with changing an users avatar via admin cp
• 3427 - Expired password reset results in error with PHP5
• 3485 - Add Camino support to WYSIWYG
• 3536 - Spelling error in ranks_modify_text
• 3488 - Unable to resend email if can view forums is set to no
• 3138 - More untranslated text
• 3195 - custom field on user options page
• 3357 - Problem with "empty" unread_x_nav phrase
• 3526 - Hard-coded phrase
• 3523 - calendar url parsing
• 3522 - variable typo
• 3519 - "Undefined" randomly appearing in posts
• 3512 - external.php fails to check if a password is required for a forum
• 3507 - admincp/user.php -> pruneusers
• 3477 - Subforum (xx Viewing) problem
• 3483 - User Permission Bug
• 3447 - Apache 2 version isn't displayed
• 3505 - Installer does not guess at port for forum/home page URL
• 3334 - $vbphrase[to_delete_a_folder] seems not to be filled
• 3120 - Helptext for profile fields
• 3140 - $vbphrase[terrible] is in the wrong category
• 3161 - $vbphrase[alignment] does not display in vBulletin options
• 3175 - Missing form action attribute
• 3159 - Phrase closed_thread missing in showthread
• 3128 - Quote on a post shown as unread
• 3200 - Some bug in PM
• 3250 - Missing help info for FAQ manager varname
• 3252 - Sentence in the MSN popup
• 3313 - Typo in a phrase
• 3318 - problems with phpinclude_start template
• 3297 - Edit Post Access Keys
• 3322 - Phrase typo
• 3223 - Password History does not do anything
• 3288 - Super Trivial -- Help File...
• 3298 - When drawing poll result bars, language direction not taken into account
• 3325 - Default Time Zone Offset has no effect
• 3404 - Typo in functions_image.php
• 3391 - Different Thread Ratings shown in showthread.php & forumdisplay.php
• 3201 - Failure to edit avatars within AdminCP
• 3338 - Activation error
• 3374 - Combination Of Characters Not Allowing Login
• 3411 - Javascript error in css.php
• 3447 - Apache 2 version isn't displayed
• 3455 - Physical delete a thread does not remove records for "soft deleted posts" inside
• 3202 - Activation Letter and spam
• 3213 - Sort by Last Visit affected by Invisible Mode
• 3237 - Html entity value of space isn't detected
• 3332 - Error when renaming a template when the new name already exists
• 3180 - bbcode manager sql error
• 3352 - Poll Maximum Options
• 3353 - email vbcode not in vbcode list
• 3286 - Opera Search Display Error
• 3225 - Show Default Post Icon description incorrect
• 3379 - SQL Injection in Authorize.net callback code
• 3337 - Add user to your *nothing* list
• 3116 - translating the sort order submit button
• 3240 - Members list not sorting by reputation
• 3405 - Extra htmlspecialchars() on search string display for phrase search

3.0.4 to 3.0.5

• 3575 - Javascript error into head of ACP
• 3573 - Can't use some bbcodes
• 3574 - Local date is not shown correctly
• 3580 - New User Email doesn't contain proper strings for Custom Checkbox and Multiple Selects
• 3578 - Can't send PMs to some users when using a multibyte language
• 3582 - Calendar.php (3.0.4) Error in the code
• 3591 - Type in $vbphrase[options_options_minreputationpost_text]
• 3572 - search thread results return other threads
• 3593 - Child Style and '--'
• 3569 - Referrer Check fails when not using port 80
• 3598 - Template Manager - Javascript Error in FireFox
• Additional PHP5 compatibility changes
• Potential security issue
• Changes so enabling NOSHUTDOWNFUNC does not cause conflicts with certain systems.
• New error handler designed to prevent accidental path disclosure

For more information you may check this link
http://www.vbulletin.com/forum/showt...hreadid=125480

Thanks for your patience during upgrade and enjoy your stay!

[Red Stone]

Thanks, pal!

Great job!

[Nikita]

2ACID
TikiWiki это просто супер
http://tikiwiki.org/tiki-index.php

[Red Stone]

Attention Acid!

vBulletin 3.0.7 Released - Security Patch

Quote:

The discovery of a potentially serious security hole has necessitated the release of vBulletin 3.0.7. All customers are strongly encouraged to take one of the actions described in this post.

All versions of vBulletin 3 up to and including 3.0.6 are affected only if you have enabled the Add Template Name in HTML Comments option (Admin Control Panel -> vBulletin Options -> General Settings). We hope most of you will not have had this option enabled anyway, as it is mostly for debugging and wastes a fair amount of bandwidth on a production site.

Thus, to fix the issue, you should choose one of these options:
Disable the Add Template Name in HTML Comments option on your board.
Download the zip file attached to this post (or from here) and overwrite the misc.php in the main vBulletin directory on your server with the version in the zip. (More extensive instructions are provided in the zip file.)
Upgrade to 3.0.7. A link to upgrade instructions is provided below.
We would strongly recommend options 2 or 3 if possible.

The Importance of Keeping Current with Security Updates

We would like to take this time to reiterate the importance of keeping current with security updates. If you are not currently running a version with the recent patches built in or have not manually patched your board, please see the 3.0.5 and 3.0.6 announcements for important patches.

Recently, more issues have been discovered than we would have liked, but we try to make patching as painless as possible to ease the burden these issues create. We are looking into ways to make patch delivery even easier for future versions.

Backing Up Your Forums

Please be sure to check that your backups are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through SSH/Telnet, as it will not suffer from any such problems. Full instructions for backing up your database are available in the vBulletin 3 Manual.

Quote:

Corrected:
3675 - Mozilla WYSIWYG editor eats spaces
3678 - % in custom BB codes causes problems
3683 - Importing XML in PHP5 defaults to UTF-8 encoding
3685 - "Multiple Choice" vs "Multiple-Choice"
3687 - Redundant code in poll.php
3691 - "CSS Selector" can't be translated
3695 - URLs with parentheses not auto-parsed
3696 - BB codes with options not stripped by strip_bbcode()
3697 - Can't close thread while creating
3699 - User titles not wordwrapped
3703 - "0" not accepted as phrase text
3708 - Extra column displayed in PM list if icons off
3710 - Missing semicolon in HTML entity in memberlist.php
3714 - Smilies don't upload properly
3724 - Typo in "Message Attachment Options"
3725 - Redirected to wrong page after removing moderator
3730 - Attachment.php doesn't check "can view others"
3731 - Calendar moderator queue broken
3733 - Rebuild post cache results in empty cached post
3737 - URLs not auto-parsed in signatures
3738 - Editpost.php does not auto-parse links in preview
3739 - Call to non-existing template in register.php
3746 - Event ending at midnight spans two days in calendar
3748 - Unreachable code in functions_bbcodeparse.php
3749 - Inconsistent phrase in BB code manager
3751 - Smilies parse as IMG tags with Mozilla WYSIWYG
3754 - Uncached template in joinrequests.php
3763 - Bad chdir in modcp/deletedposts.php
3765 - Poll icon visible even when poll not posted
3772 - URLs not parsed immediately after closing BB code tags
3780 - Spacing issue with reply button and legacy postbit
3785 - Uncached templates in profile.php
3787 - Variable globalized twice in register.php
3788 - Unreachable code in register.php
3793 - Redirects in moderator.php don't respect admin perms
3796 - Can't delete profile picture from ModCP
Potential security issue in misc.php
Significant improvements to attachment.php (Etag support, ability to send signficantly larger attachments, ability to cancel sending attachment if user cancels)

Read more at

Code:

http://www.vbulletin.com/forum/showthread.php?postid=819562

Cheers!