• Hello, Guest! Welcome back, and be sure to check out this post for more info about the recent service interruption and migration.

2013-10-11 phpBB version update

Status
Not open for further replies.

Cory5412

Daring Pioneer of the Future
Staff member
Hi everybody,

Just as a heads up, the forum will be down for a reasonable amount of time tomorrow as we apply a very important set of patches to our current installation of phpBB 3.

As a quick review, the forum software hasn't been updated in several years, and has zero-day exploits available that are hundreds of days old. (Like, years.) This update, which is graciously being installed for us by our new technical coordinator (who is much better at web application administration than I am), is expected to take no longer than a few hours, at some point tomorrow morning.

More information is in this post.

We appreciate your patience as we work on updating the forum platform for additional security and possibly even better compatibility with modern web browsers. wthww or I will reply to this global announcement when the update is complete, and (I'm testing out forum features) the announcement should sink into the regular "General 68kMLA News and Stuff" forum seven days after I post this initial announcement.

Best,

Cory W.

 

wthww

Administrator
Staff member
Hello once again!

We have successfully updated the version of phpbb3 our boards are running, as well the Japanese language pack was installed. As far as I can tell it went swimmingly; if you find anything that is broken, feel free to PM myself or Cory5412. We also idle on the IRC and it is great resource to contact either of us in the case of something going pear shaped.

For the sake of my own sanity, I've included phpbb's laughably long list of changes between the version we were running and the current version. I appreciate your patience over the last few days. In the future we will notify the board a bit further in advance.

"Sometimes you've got to roll the hard six."

//wthww

Code:
1.v. Changes since 3.0.7-PL1
Security
[phpBB3-9903] - Execute javascript in [flash=] BBCode
Bug
[phpBB3-4923] - compress_tar incorrectly determines type
[phpBB3-5164] - Honor minimum and maximum password length in generated passwords as much as possible.
[phpBB3-6726] - Connecting to PostgreSQL using 'localhost' doesn't try to use a TCP connection
[phpBB3-6747] - word censoring * does not handle space for two or more words
[phpBB3-7260] - Do not delete polls if one exists and editing user lacks permissions
[phpBB3-7296] - Style export to tar(.*) does not work
[phpBB3-7369] - Custom Profile dates display incorrectly
[phpBB3-7417] - Search keywords field does not initially get focus
[phpBB3-7538] - Query exceeds maximum value for user_login_attempts
[phpBB3-7716] - Data too long for column 'message_subject'
[phpBB3-7720] - Fix alternative image-description for unread posts.
[phpBB3-7782] - Send HTTP 404 if topic, forum or user do not exist
[phpBB3-7972] - Copied topics are not indexed
[phpBB3-8169] - Parse CSS Regex accepts invalid code
[phpBB3-8792] - Misleading error message in auth_ldap.php, function init_ldap()
[phpBB3-8894] - JavaScript error and visible quote button on topic review if BBCodes disallowed
[phpBB3-8924] - spelling in admin_welcome_inactive.txt
[phpBB3-8929] - MS SQL error on view all smilies after 3.0.6 upgrade
[phpBB3-8935] - able to set minimal avatar size larger than maximum
[phpBB3-8944] - Error on database update (must specify size of index on MySQL4)
[phpBB3-9012] - Retain original topic title in shadow topic when moving a topic and editing the title.
[phpBB3-9034] - Redirect() fails with directory traversal
[phpBB3-9047] - Active topics and reported posts
[phpBB3-9049] - Password reminder system generates confusable passwords
[phpBB3-9053] - Correctly sort database backup file list by date on database restore page
[phpBB3-9061] - Race condition in queue locking
[phpBB3-9068] - Grammatical Error under Load Settings
[phpBB3-9075] - Missing / bad default values of CPFs result in SQL errors on registration of new users
[phpBB3-9091] - Wrong IP checking for IPv4 addresses mapped into IPv6
[phpBB3-9094] - Hide "Copy permissions" message, when permissions were copied.
[phpBB3-9095] - Misleading setting text for CAPTCHA
[phpBB3-9099] - Missing comma in PASSWORD_EXPLAIN acp language strings
[phpBB3-9101] - Bad text placement for reCAPTCHA description
[phpBB3-9104] - Safari does not display box headers correctly in the ACP.
[phpBB3-9107] - Can't Set Parent Forum
[phpBB3-9108] - RSS feeds does not work on Postgres
[phpBB3-9112] - Most active forum post count does not respect m_approve permission
[phpBB3-9114] - Recent bug fix for smilies causing problems on older MySQL versions
[phpBB3-9117] - Wrong redirection after login
[phpBB3-9119] - Language selection is disregarded in automatic update
[phpBB3-9120] - Typo fix in a comment in functions.php
[phpBB3-9121] - Forum feed shows posts that are currently on the moderation queue
[phpBB3-9125] - ACP User Overview: Unmatched  tag when viewing own user
[phpBB3-9126] - Invalid redirection after login to forum not in web root
[phpBB3-9132] - Oracle CLOB support is broken, preventing storage of long strings
[phpBB3-9135] - Fix report-icon for moderators in PM folders.
[phpBB3-9140] - Check current board version in incremental update packages
[phpBB3-9145] - Fix open_basedir issues when accessing styles- and language-management
[phpBB3-9146] - Quick-Reply tabindex="6" set twice
[phpBB3-9147] - "Change topic type"-option "Normal" always selected.
[phpBB3-9154] - Correctly check for double inclusion in captcha garbage collection
[phpBB3-9158] - viewforum/viewtopic pages unnecessarily duplicated with start=0
[phpBB3-9162] - BBCode in poll options is broken, when posting without question.
[phpBB3-9167] - Remove shadow topics from remaining forums when deleting a forum including posts
[phpBB3-9170] - Unable to get image size in img bbcode when URL has multiple parameters.
[phpBB3-9173] - sql_config_count() artificially limits number scope to 4byte-integer on PostgreSQL and Firebird
[phpBB3-9176] - When setting the board's date format the board's timezone settings aren't taken into account
[phpBB3-9451] - Unnecessary overhead in avatar_process_user function
[phpBB3-9478] - Validate maximum number of allowed recipients per PM value
[phpBB3-9495] - Loginbox  redirect breaks xHTML
[phpBB3-9499] - Javascript function dE does not correctly detect element visibility
[phpBB3-9504] - Allow gallery avatars with whitespaces in the filename
[phpBB3-9509] - phpBB Coding Guidelines state subversion as the version control system for phpBB
[phpBB3-9510] - Unable to copy permissions from and to forums you cannot see
[phpBB3-9512] - Fix dead link in MCP on reports for global announcements in prosilver.
[phpBB3-9514] - Correctly delete big datasets when deleting a forum including topics/posts on non-MySQL databases
[phpBB3-9518] - Postgres DBAL does not correctly create a new database connection when passing $new_link as true
[phpBB3-9519] - Replace remaining is_writable() calls with phpbb_is_writable().
[phpBB3-9521] - MSSQL error reporting returns String instead of an error
[phpBB3-9524] - IPv6 regular expression does not match addresses starting in ::
[phpBB3-9526] - User Preference to hide online status does not work for bots
[phpBB3-9528] - Quoting in a PM does not fall back to bbcode-less quotes using "> " when bbcodes are disabled
[phpBB3-9529] - Topic review does not display all selected posts
[phpBB3-9530] - subsilver2 missing fallback option on quoting when bbcodes are disabled
[phpBB3-9531] - BBCode-less fall back option for quotes is missing "Author wrote:" line when quoting from topic-review.
[phpBB3-9535] - Incorrect margins in RTL languages: signatures, permission ACP & updater
[phpBB3-9545] - 'Your first forum' should have 'Display active topics:' set to 'Yes'
[phpBB3-9546] - Moving all posts from one topic to another does not delete bookmarks
[phpBB3-9547] - Changing forum type applies FORUM_FLAG_ACTIVE_TOPICS to new forum type.
[phpBB3-9548] - Delete user quicktool drop down should have an empty or invalid selection as the default
[phpBB3-9559] - Messenger Queue Batch Size configuration option is overridden
[phpBB3-9567] - Newly registered users group ACP wording
[phpBB3-9582] - Missing MSSQL native driver case statements
[phpBB3-9587] - Prosilver overrides reCaptcha class.
[phpBB3-9592] - Test suite does not run on SQLite
[phpBB3-9593] - Missing documentation for running unit tests
[phpBB3-9599] - Windows workaround for checkdnsrr() returns wrong results
[phpBB3-9605] - Wrong class added to topiclist, when there's no announcement topic.
[phpBB3-9615] - When attaching a file whose name contains quotes, filename before last quote is cut off in display
[phpBB3-9623] - Strings not properly normalized - acp_prune.php
[phpBB3-9626] - Regular expressions from get_preg_expression() are untested.
[phpBB3-9628] - Add module function does not correctly insert a module after the specified one
[phpBB3-9633] - Newly registered users group color is not used in Our Newest Member
[phpBB3-9635] - Useless parameter $data['post_time'] in function submit_post.
[phpBB3-9637] - SET NAMES 'BINARY' error in convertor
[phpBB3-9643] - DB connection error when $dbhost is an IPv6 address
[phpBB3-9644] - submit_post shows support for options that cause a trigger_error in the call to user_notification
[phpBB3-9646] - Cant hide/outcomment @import in stylesheet.css
[phpBB3-9650] - It should not be possible to ban Anonymous
[phpBB3-9653] - xhtml errors in subsilver2 when using the bbcodes code and quote in signatures
[phpBB3-9655] - Selecting an unavailable captcha plugin looks like a successful action
[phpBB3-9656] - PHP Information in ACP always lists error_reporting as 0
[phpBB3-9658] - Optimize topic splitting
[phpBB3-9662] - Search interval applied inconsistently
[phpBB3-9664] - Another duplicate accesskey: t = top and list item
[phpBB3-9665] - Signature "0" cannot be previewed
[phpBB3-9677] - Subsilver2 is missing the bbcode-helpline for inline-attachments.
[phpBB3-9678] - Flash attachments are not displayed in subsilver2.
[phpBB3-9679] - "Notify User" checkbox appears in MCP Queue even if no notification methods are enabled
[phpBB3-9686] - Unable to create data backup using the mssqlnative DBAL
[phpBB3-9694] - Calling download/file.php with empty avatar parameter can throw an E_NOTICE message
[phpBB3-9695] - Bad Display of User Input - mcp_ban
[phpBB3-9696] - Installation of phpBB with SQLite fails
[phpBB3-9697] - Backlink broken when the select parent forum does not exist.
[phpBB3-9698] - Returning result of new by reference is deprecated in php 5.3
[phpBB3-9702] - "Ban until (date)" appears to be based on UTC time instead of local time
[phpBB3-9703] - Removing a user does not remove their private message folders or rules
[phpBB3-9704] - Coding guidelines typo
[phpBB3-9712] - Future dates display as "less than one minute ago"
[phpBB3-9714] - "Undefined variable: email" in email regular expression unit tests
[phpBB3-9715] - Fix email address regular expression or adjust email regular expression unit tests
[phpBB3-9722] - "New Topic" button title attribute mismatch in prosilver's viewforum
[phpBB3-9727] - Feed replaces ./ with board URL
[phpBB3-9743] - Fix background-position of top2-class in prosilver for RTL-languages.
[phpBB3-9744] - Mistyped word 'then' in FAQ. It should be 'than'.
[phpBB3-9748] - 
not being replaced in prepare_message
[phpBB3-9749] - fulltext_mysql.php overreacts on + and - characters in search words
[phpBB3-9752] - Misleading text when using Q&A CAPTCHA
[phpBB3-9754] - Template variable S_USER_POSTED always set to false in search.php
[phpBB3-9757] - Empty template variable HISTORY_TITLE in ucp_pm_history
[phpBB3-9760] - Fulltext native search, wildcard * does not get escaped leading to long execution time
[phpBB3-9761] - Quote nesting depth explanation is misleading
[phpBB3-9771] - build_url() doesn't ignore empty parameters
[phpBB3-9772] - Under some circumstances, email addresses are shown to undesired users
[phpBB3-9780] - gen_rand_string() not respecting $num_chars parameter anymore.
[phpBB3-9782] - Board disable radio in Board-Settings set on when server load high
[phpBB3-9793] - Undefined function send_status_line() in download/file.php when in avatar mode.
[phpBB3-9807] - Avatar tab displays when avatars are disabled
[phpBB3-9810] - Clicking on "Select All" of code tag on print page results in a javascript error when using prosilver
[phpBB3-9820] - Fix undefined indexes when trying to post a new topic
[phpBB3-9822] - Can not delete style-components from the file-system as per explanation.
[phpBB3-9829] - Recaptcha plugin result interpretation fault
[phpBB3-9835] - Login Confirm Explain Not Working
[phpBB3-9840] - Display view unread posts link for guests
[phpBB3-9841] - Change "Save" button to "Save draft"
[phpBB3-9847] - Language typo and written form (British/American)
[phpBB3-9854] - Auth API documentation is incomplete
[phpBB3-9855] - Tests don't run on PHPUnit 3.5
[phpBB3-9879] - captcha_qa.php spelling, punctuation and grammar errors
[phpBB3-9883] - CAPTCHA uses american english
[phpBB3-9884] - Massive email delays
[phpBB3-9885] - Default file extension groups not properly updated by database updater.
[phpBB3-9886] - Database updater does not run on PostgreSQL because of an error in _add_module()
[phpBB3-9888] - Update fails when Bing [bot] was already added to the users table
[phpBB3-9891] - Updater drops language-selection after database-update
[phpBB3-9509] - phpBB Coding Guidelines state subversion as the version control system for phpBB
Improvement
[phpBB3-7332] - MCP post details usability
[phpBB3-7717] - Use user's language for standard-extensions-group name
[phpBB3-8709] - Multibyte keys in request_var not possible
[phpBB3-8936] - subsilver2 missing reply-to-all feature
[phpBB3-9088] - Add missing semicolons in js files
[phpBB3-9179] - improve quasi-documentation of notify_status values
[phpBB3-9503] - Posts with empty titles in moderation queue are not easily approved
[phpBB3-9534] - user_ipwhois() does not support IPv6 addresses
[phpBB3-9536] - Small improvement for query against sessions table in acp_users.php
[phpBB3-9553] - Make git hooks run with /bin/sh instead of bash
[phpBB3-9570] - Change "system timezone" to "guest timezone" in acp, add explanation
[phpBB3-9578] - ACP Posting tab is missing "Post settings" module.
[phpBB3-9589] - Sample nginx configuration file
[phpBB3-9595] - Search settings in ACP: Add information on minimum word size indexed when using Fulltext MySQL backend
[phpBB3-9598] - Call checkdnsrr() on Windows with PHP 5.3
[phpBB3-9609] - Use send_status_line instead of calling header
[phpBB3-9611] - Increase entropy in activation keys
[phpBB3-9612] - Split gen_rand_string() into gen_rand_string() and gen_rand_string_friendly()
[phpBB3-9629] - sid parameter forced for style.php makes caching difficult
[phpBB3-9659] - Default phpBB signature user_options need to be set for convertors
[phpBB3-9690] - MSN Bot will become Bing Bot
[phpBB3-9777] - Print useful error message in pre-commit hook when php is not installed.
[phpBB3-9785] - Not able to recover a password when board disabled
[phpBB3-9825] - Run tests on sqlite if available and no test db configured
[phpBB3-9827] - IE9 Beta fixes IE8 textarea bug
[phpBB3-9830] - Awkward message when config.php is missing
[phpBB3-9850] - Allow version checker to display information on multiple releases
[phpBB3-9853] - Change default reCAPTCHA theme in Prosilver & Subsilver2 to better coordinate with style color scheme
[phpBB3-9880] - Rename all mentions of CAPTCHA or visual confirmation to anti-bot
[phpBB3-9899] - Change the style in the ACP for the recaptcha to match that displayed on prosilver
New Feature
[phpBB3-9039] - Native SQL Server Support mssqlnative.php
[phpBB3-9511] - View note for moderators on unapproved posts/topics with unapproved posts in ATOM Feed.
Task
[phpBB3-9520] - Add web.config files for IIS
[phpBB3-9625] - Update database UNIT-test
[phpBB3-9701] - Enable notices in unit tests
[phpBB3-9768] - Create git commit-msg hook that verifies the commit message conforms to our standards
[phpBB3-9769] - Add install and uninstall scripts for the git hooks
[phpBB3-9770] - Git commit message should be prefilled with branch and ticket information
[phpBB3-9800] - Update tracker URL in docs/./../support/documents.php?mode=readme&version=3
[phpBB3-9804] - Update docs/AUTHORS (DavidMJ & igorw)
[phpBB3-9808] - Git commit message hook depends on GNU wc
[phpBB3-9816] - Remove config.php from git repository
[phpBB3-9848] - Add phpBB data files to .gitignore.
[phpBB3-9849] - Create build script using phing
[phpBB3-9857] - Remove visible $Id$ from docs files.
[phpBB3-9868] - Make the test suite run and pass using the mssqlnative driver
[phpBB3-9904] - Update WebPI Parameters.xml
Sub-task
[phpBB3-9517] - Remote avatar upload does not check the filesize before and during transfer.
[phpBB3-9562] - Advanced Search is inaccessible using the mssqlnative DBAL
[phpBB3-9564] - Reported messages are not assigned the default report reason when a reason is removed from the ACP using the mssqlnative DBAL
[phpBB3-9565] - It is impossible to create a custom profile field using the mssqlnative DBAL
[phpBB3-9566] - Two debug notices are displayed when setting a custom profile field though the UCP using the mssqlnative DBAL
[phpBB3-9583] - MSSQL native backups cannot be restored
[phpBB3-9606] - Drop redundant SQL query for unreads fetching
[phpBB3-9613] - Implement a load switch for unreads search feature.
[phpBB3-9817] - Make build script create blank config.php
 

wthww

Administrator
Staff member
Hello once again,

Now that the dust has settled I'd like to let everyone know of a few upcoming changes. The theme "subsilver2" is now deprecated and will be removed soon. Please set your theme to "prosilver" in the UCP.

The bugs we've encountered so far have all been fixed, including the site's header, the tag and the new posts link on the navbar.

Thanks,

//wthww

 
Status
Not open for further replies.
Top