phpBB 2.0.20 released

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Ideas Centre
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK

phpBB 2.0.20 released

Post by Graham »

Hi everyone,

phpBB Group announces the release of phpBB 2.0.20, the "Golden Super Furry Linen" edition. This release is a cumulative bug fix update, as well as including a number of minor security fixes. We have also introduced a new feature to allow you to limit how often a user may conduct a search if you find that searches are putting a load on your server, as well as changing the default permissions on new forums so that you must explicitly make them available for guests to post in and enabling visual confirmation by default on all new installs.

As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page. As per usual four packages are available to simplify your update.
  • Full Package
    Contains entire phpBB2 source and English language package
  • Changed Files Only
    Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release
  • Patch Files
    Contains patch compatible patches from the previous versions of phpBB.
  • Code Changes
    Contains step-by-step instructions in MOD format for updating heavily MODified installs
Select whichever package is most suitable for you.

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.


It is important that you carry out both parts of the update - updating the files and running the database update script - for updates to be complete.


What has changed in this release?

The changelog (contained within this release) is as follows:
  • [Fix] Prevent login attempts from incrementing for inactive users
  • [Fix] Do not check maximum login attempts on re-authentication to the admin panel - tomknight
  • [Fix] Regenerate session keys on password change
  • [Fix] retrieving category rows in index.php (Bug #90)
  • [Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)
  • [Fix] Better handling of short usernames within the search (bug #105)
  • [Fix] Send a no-cache header on admin pages as well as normal board pages (Bug #149)
  • [Fix] Apply word censors to the message when quoting it (Bug #405)
  • [Fix] Improved performance of query in admin_groups (Bug #753)
  • [Fix] Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)
  • [Fix] Correct use of default_style config value (Bug #861)
  • [Fix] Replace unneeded unset calls in admin_db_utilities.php - vanderaj
  • [Fix] Improved error handling in modcp.php
  • [Fix] Improved handling of forums to which the user does not have any explicit permissions - vanderaj
  • [Fix] Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions
  • [Fix] Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions
  • [Fix] Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions
  • [Fix] Escape group names in admin_groups.php
  • [Sec] Replace strip_tags with htmlspecialchars in private message subject
  • [Sec] Some changes to HTML handling if enabled
  • [Sec] Escape any special characters in reverse dns - Anthrax101
  • [Sec] Typecast poll id values - Anthrax101
  • [Sec] Added configurable search flood control to reduce the effect of DoS style attacks
  • [Sec] Changed the way we create "random" values for use as keys - chinchilla/Anthrax101
  • [Sec] Enabled Visual Confirmation by default
  • [Change] Changed handling of the case where a selected style doesn't exist in the database
  • [Change] Changed handling of topic pruning to improve performance
  • [Change] Changed default forum permissions to only allow registered users to post in new forums
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK

Post by Graham »

It has come to my attention that the Code changes file (used for upgrading heavily MODded installs) which was available briefly this evening may contain some errors which could cause problems with upgrades via this method.

Until we can review this file completely and correct it where appropriate, I have removed this upgrade method from the available list. Once we have reviewed it, it will be available from the usual location in the MOD Database again and on the download page.

The other downloads (Full package, Changed Files and Patch) are unaffected by this problem. It is only the file for heavily MODded installs which has been removed.
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK

Post by Graham »

The code changes file is once again available on the download page with the error corrected.

If you had updated using the code changes file prior to this, you should make the following change

OPEN

Code: Select all

privmsg.php
FIND

Code: Select all

			if ( !($privmsg = $db->sql_fetchrow($result)) )
			{
				redirect(append_sid("privmsg.$phpEx?folder=$folder", true));
			}

			$privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);
			$privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];
REPLACE WITH

Code: Select all

			if ( !($privmsg = $db->sql_fetchrow($result)) )
			{
				redirect(append_sid("privmsg.$phpEx?folder=$folder", true));
			}

			$orig_word = $replacement_word = array();
			obtain_word_list($orig_word, $replace_word);

			$privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];
			$privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);
This is the only change required
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!

Return to “Announcements”